Is it possible to retrieve a list of all attributes/values from LDAP without specifying, if so how can this be possible?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
I grab list of all parameters my DirectoryEntry class object. I hope it will help:
objectClass = System.Object[]
cn = Administrator
sn = Kwiatek (Last name)
c = PL (Country Code)
l = Warszawa (City)
st = Mazowieckie (Voivodeship)
title = .NET Developer
description = Built-in account for administering the computer/domain
postalCode = 00-000
postOfficeBox = Warszawa Ursynów
physicalDeliveryOfficeName = Wojskowa Akademia Techniczna
givenName = Piotr (First name)
distinguishedName = CN=Administrator,CN=Users,DC=helpdesk,DC=wat,DC=edu
instanceType = 4
whenCreated = 2012-11-23 06:09:28
whenChanged = 2013-02-23 13:24:41
displayName = Piotr Kwiatek (Konto administratora)
uSNCreated = System.__ComObject
memberOf = System.Object[]
uSNChanged = System.__ComObject
co = Poland
company = HELPDESK
streetAddress = Kaliskiego 2
wWWHomePage = http://www.piotr.kwiatek.org
name = Administrator
objectGUID = System.Byte[]
userAccountControl = 512
badPwdCount = 0
codePage = 0
countryCode = 616
badPasswordTime = System.__ComObject
lastLogoff = System.__ComObject
lastLogon = System.__ComObject
logonHours = System.Byte[]
pwdLastSet = System.__ComObject
primaryGroupID = 513
objectSid = System.Byte[]
adminCount = 1
accountExpires = System.__ComObject
logonCount = 178
sAMAccountName = Administrator
sAMAccountType = 805306368
objectCategory = CN=Person,CN=Schema,CN=Configuration,DC=helpdesk,DC=wat,DC=edu
isCriticalSystemObject = True
dSCorePropagationData = System.Object[]
lastLogonTimestamp = System.__ComObject
mail = spam@kwiatek.org
nTSecurityDescriptor = System.__ComObject
And here You have code:
string currentUserSid = WindowsIdentity.GetCurrent().User.Value;
PrincipalContext ctx = new PrincipalContext(
ContextType.Domain,
"helpdesk.wat.edu");
UserPrincipal up = UserPrincipal.FindByIdentity(
ctx, IdentityType.Sid,
currentUserSid);
/*
*
*/
DirectoryEntry entry = up.GetUnderlyingObject() as DirectoryEntry;
PropertyCollection props = entry.Properties;
/*
*
*/
foreach (string propName in props.PropertyNames)
{
if (entry.Properties[propName].Value != null)
{
Console.WriteLine(propName + " = " + entry.Properties[propName].Value.ToString());
}
else
{
Console.WriteLine(propName + " = NULL");
}
}
Console.ReadKey();
回答2:
Specify "*" as the only value in the list of attributes to return.
If you want the operational attributes as well, add "+" to the list.
回答3:
// This will list ALL the properties from AD (between 200 and 800..or more)
// If someone has a solution for non AD servers please post it!
List<String> properties = new List<String>();
IPAddress[] ips = Dns.GetHostAddresses(Server).Where(w => w.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork).ToArray();
if (ips.Length > 0)
{
DirectoryContext directoryContext = new DirectoryContext(DirectoryContextType.DirectoryServer, ips[0].ToString() + ":389", Username, Password);
ActiveDirectorySchema adschema = ActiveDirectorySchema.GetSchema(directoryContext);
ActiveDirectorySchemaClass adschemaclass = adschema.FindClass("User");
// Read the OptionalProperties & MandatoryProperties
ReadOnlyActiveDirectorySchemaPropertyCollection propcol = adschemaclass.GetAllProperties();
foreach (ActiveDirectorySchemaProperty schemaProperty in propcol)
properties.Add(schemaProperty.Name.ToLower());
}
回答4:
Well "retreiving all attributes" alone, as far as a Directory is concern does not make sense. Do you mean :
- All user possible attributes as they are discribed in the SCHEMA
- All user attributes valued
- All user and operational attributes
And I don't take care of the fact that some users attributes can be Read Only and other be only written with specific values. I add the way to get the content.
@Ghostfire gives the solution for retreiving all user attributes valued, and operational attributes.
DirectoryEntry deUser = new DirectoryEntry("LDAP://WM2008R2ENT:389/CN=AUser,OU=MonOu,DC=dom,DC=fr");
foreach (string property in deUser.Properties.PropertyNames)
{
Console.WriteLine("\t{0} : {1} ", property, deUser.Properties[property][0]);
}
But remember that in a LDAP search, the best way is to give the attributs you want to retreive :
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");
/* Directory Search
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(sn=users)";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("givenName");
dsLookFor.PropertiesToLoad.Add("telephoneNumber");
dsLookFor.Sort = new SortOption("givenName", SortDirection.Descending);
dsLookFor.VirtualListView = new DirectoryVirtualListView(1, 0, 2);
SearchResultCollection srcUsers = dsLookFor.FindAll();
回答5:
You could use a DirectoryEntry to generate a list of properties, you would ofcourse have to use a for each to go through the list of properties.
DirectoryEntry objADAM = default(DirectoryEntry);
string properties = string.Empty;
foreach (string property in objADAM.Properties.PropertyNames)
{
properties += property + ", ";
}
you could always however refer to http://www.codeproject.com/KB/system/everythingInAD.aspx when it comes to C# and Active Directory.
UPDATE: http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
回答6:
For a list of all possible properties you should look at querying the schema for a given objectClass.
回答7:
ADSI Edit is a great tool to help you figure stuff out. In this case, you are after Schema data. When you open ADSI Edit, you choose "Connect to..." and then for the well known Naming Context you select "Schema"... now you can take a look at the different schema classes: (subSchema, classSchema, attributeSchema) ...
What's tricky is knowing you need to choose a classSchema, then get its "schemaIDGUID" ... then you do a search on all attributeSchema and filter on "schemaIDGUID"
Ex. If you choose to look at "CN=User" you'll notice the schemaIDGUID == bf967aba-0de6-11d0-a285-00aa003049e2
Then if you choose to look at "CN=Pwd-Last-Set" you'll notice the schemaIDGUID matches....
With all this being said, it's probably far easier to use ActiveDirectorySchemaClass (as David has answered) but I felt like sharing some knowledge.
![Prime Path[POJ3126] [SPFA/BFS]](https://oscimg.oschina.net/oscnet/e1200f32e838bf1d387d671dc8e6894c37d.jpg "Prime Path[POJ3126] [SPFA/BFS]")
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 神经病院院长 的文章《LDAP - Retrieve a list of all attributes/values?》','https://www.manongdao.com/article-205271.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}