使用 Novell LDAP 在 .NET Core 中针对 AD 进行页面 LDAP 查询

本文介绍了使用 Novell LDAP 在 .NET Core 中针对 AD 进行页面 LDAP 查询的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在使用 Novell LDAP 库从 .NET 代码应用程序查询 Active Directory.大多数查询成功，但有些返回超过 1000 个结果，AD 服务器拒绝.因此，我试图找出如何使用 Novell 的库对 LDAP 查询进行分页.我放在一起的解决方案看起来像

I am using the Novell LDAP library for making queries to an Active Directory from a .NET Code application. Most of the queries succeed, but some return more than 1000 results, which the AD server refuses. I therefore tried to find out how to page LDAP queries using Novell's library. The solution I put together looks like

public IEnumerable<LdapUser> GetUsers() { this.Connect(); try { var cntRead = 0; // Total users read. int? cntTotal = null; // Users available. var curPage = 0; // Current page. var pageSize = this._config.LdapPageSize; // Users per page. this.Bind(); this._logger.LogInformation("Searching LDAP users."); do { var constraints = new LdapSearchConstraints(); // The following has no effect: //constraints.MaxResults = 10000; // Commenting out the following succeeds until the 1000th entry. constraints.setControls(GetListControl(curPage, pageSize)); var results = this._connection.Search( this._config.LdapSearchBase, this.LdapSearchScope, this._config.LdapUsersFilter, this.LdapUserProperties, false, constraints); while (results.hasMore() && ((cntTotal == null) || (cntRead < cntTotal))) { ++cntRead; LdapUser user = null; try { var result = results.next(); Debug.WriteLine($"Found user {result.DN}."); user = new LdapUser() { AccountName = result.getAttribute(this._config.LdapAccountAttribute)?.StringValue, DisplayName = result.getAttribute(this._config.LdapDisplayNameAttribute)?.StringValue }; } catch (LdapReferralException) { continue; } yield return user; } ++curPage; cntTotal = GetTotalCount(results); } while ((cntTotal != null) && (cntRead < cntTotal)); } finally { this._connection.Disconnect(); } }

并使用以下两个辅助方法:

and uses the following two helper methods:

private static LdapControl GetListControl(int page, int pageSize) { Debug.Assert(page >= 0); Debug.Assert(pageSize >= 0); var index = page * pageSize + 1; var before = 0; var after = pageSize - 1; var count = 0; Debug.WriteLine($"LdapVirtualListControl({index}, {before}, {after}, {count}) = {before}:{after}:{index}:{count}"); return new LdapVirtualListControl(index, before, after, count); } private static int? GetTotalCount(LdapSearchResults results) { Debug.Assert(results != null); if (results.ResponseControls != null) { var r = (from c in results.ResponseControls let d = c as LdapVirtualListResponse where (d != null) select (LdapVirtualListResponse) c).SingleOrDefault(); if (r != null) { return r.ContentCount; } } return null; }

设置 constraints.MaxResults 似乎对 AD 服务器没有影响.如果我不设置 LdapVirtualListControl，则检索成功，直到检索到第 1000 个条目.

Setting constraints.MaxResults does not seem to have an effect on the AD server. If I do not set the LdapVirtualListControl, the retrieval succeeds until the 1000th entry was retrieved.

如果我使用 LdapVirtualListControl，操作会在第一次调用 results.next() 时失败，并出现以下异常:

If I use the LdapVirtualListControl, the operation fails at the first call to results.next() with the following exception:

System.Collections.Generic.KeyNotFoundException: The given key '76' was not present in the dictionary. at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at Novell.Directory.Ldap.Utilclass.ResourcesHandler.getResultString(Int32 code, CultureInfo locale) at Novell.Directory.Ldap.LdapResponse.get_ResultException() at Novell.Directory.Ldap.LdapResponse.chkResultCode() at Novell.Directory.Ldap.LdapSearchResults.next()

github/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/master/src/Novell.Directory.Ldap.NETStandard/Utilclass/ResultCodeMessages.cs 建议这只是一个后续错误，真正的问题是调用失败，错误代码为 76，我不知道它是什么.因此，我认为我在查询中遗漏了一些东西.有什么问题?

The code at github/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/master/src/Novell.Directory.Ldap.NETStandard/Utilclass/ResultCodeMessages.cs suggests that this is just a follow-up error and the real problem is that the call fails with error code 76, which I do not know what it is. I therefore think that I am missing something in my query. What is wrong there?

推荐答案

我修好了 - 以防其他人遇到这个问题:

I fixed it - in case someone else runs into this:

经过一些互联网研究，我在 ldap/ldap-result-code-reference-other-server-side-result-codes/#rc-virtualListViewError 错误代码 76 的含义以及 LdapVirtualListResponse 包含更多信息.就我而言，错误是 ldap/ldap-result-code-reference-other-server-side-result-codes/#rc-sortControlMissing - 所以分页似乎需要排序控制.为了修复它，我添加了

After some Internet research, I found on ldap/ldap-result-code-reference-other-server-side-result-codes/#rc-virtualListViewError what error code 76 means and that the LdapVirtualListResponse contains more information. In my case, the error was ldap/ldap-result-code-reference-other-server-side-result-codes/#rc-sortControlMissing - so it seems that a sort control is required for paging. In order to fix it, I added

constraints.setControls(new[] { new LdapSortControl(new LdapSortKey("cn"), true), GetListControl(curPage, pageSize) });