database.sarang.net
UserID
Passwd
Database
DBMS
MySQL
PostgreSQL
Firebird
Oracle
Informix
Sybase
MS-SQL
DB2
Cache
CUBRID
ㆍLDAP
ALTIBASE
Tibero
DB 문서들
스터디
Community
공지사항
자유게시판
구인|구직
DSN 갤러리
도움주신분들
Admin
운영게시판
최근게시물
LDAP Q&A 2399 게시물 읽기
No. 2399
ldap 갓입문한 애기입니다.. OU, CN, O, DC...
작성자
한요한(aduris)
작성일
2008-11-10 13:40:56ⓒ
2008-11-10 14:07:22ⓜ
조회수
9,142

우선 제가 무엇을하려고 ldap을 하게 되었는지 부터 설명을 들으셔야 쉽게 질문에 답을 해주실꺼같네요...


우선 제가 학교에서 조교로일하고있습니다.


하지만 학기초마다 신입생이며 복학생의 네트워크 계정 및 폴더를 만들기가 너무 번거롭더군요..ㅜㅜ


그래서 asp.net을 써서 DB에있는 리스트를 불러와서 폴더에 권한과 그룹에 그사용자를 추가할수있게 구현을 하려고 합니다.


이것저것 알아보던중 MSDN에서 소스를 얻었는데요..


Ldap 에서 OU, CN, O, DC...등의 속성이 어떤것을 의미하는지 도통 모르겠네요..


이것은 MSDN에서 발췌한 소스입니다.




우선 사용자 추가부분이네요


C#코드


DirectoryEntry ent = new DirectoryEntry();

DirectoryEntry ou = ent.Children.Find("OU=Consulting");


// Use the Add method to add a user to an organizational unit.

DirectoryEntry usr = ou.Children.Add("CN=New User","user");

// Set the samAccountName, then commit changes to the directory.

usr.Properties["samAccountName"].Value = "newuser";

usr.CommitChanges();



그리고 이건 다운로드한 샘플코드입니다.



using System;

using System.Collections.Generic;

using System.Text;

using System.DirectoryServices.AccountManagement;

using System.DirectoryServices;

namespace MSDN.Samples.DirectoryServices.AM

{

    class AccountManagementOps

    {

        static string adamInstance = "sea-dc-02.fabrikam.com:50000";

        static string adDomain = "Fabrikam";

        // You might wnat to change this container path depending on the operation you want

        // to run. For example, you should specify an OU below this

        // container for creating user accounts. This also applies to the other supported hierarchical identity

        // stores - ADAM and LDS

        static string adContainer = "dc=fabrikam,dc=com";

        static string adamContainer = "o=microsoft,c=us";

        // AD LDS or AD context

        static PrincipalContext adPrincipalContext =

            new PrincipalContext(

                ContextType.Domain,

                    adDomain,

                    adContainer);

        // SAM context

        static PrincipalContext localPrincipalContext =

            new PrincipalContext(

                ContextType.Machine,

                    "computer01",

                    "adminUser",

                    "adminPassword");

        // ADAM or AD LDS context simple bind auth. using ADAM or AD LDS DN

        static PrincipalContext lDSPrincipalContextDN =

            new PrincipalContext(

                ContextType.ApplicationDirectory,

                adamInstance,

                adamContainer,

                ContextOptions.SimpleBind,

                "CN=administrator,OU=ADAM Users,O=Microsoft,C=US",

                "pAs5wordo1!");

        // ADAM or AD LDS context simple bind auth. using ADAM or AD LDS UPN

        static PrincipalContext lDSPrincipalContextUPN =

            new PrincipalContext(

                ContextType.ApplicationDirectory,

                adamInstance,

                adamContainer,

                ContextOptions.SimpleBind,

                "Administrator@MyLDS",

                "pAs5wordo1!");

        // ADAM LDS context negotiate (SPENGO) auth. using currently logged on

        // AD DS or AD user account

        static PrincipalContext lDSPrincipalContextCurrentLogon =

             new PrincipalContext(

                ContextType.ApplicationDirectory,

                adamInstance,

                adamContainer,

                ContextOptions.SimpleBind);

        // example of using the ValidateCrednetials method to

        // check whether a user can authenticate.

        public void Auth()

        {

            PrincipalContext principalContext =

                new PrincipalContext(

                    ContextType.ApplicationDirectory,

                    "sea-dc-02.fabrikam.com:50000",

                    "ou=ADAM Users,O=Microsoft,C=US");

            Console.WriteLine(

                principalContext.ValidateCredentials(

                    "User1@MyLDS",

                    "pAs5wordo1!",

                    ContextOptions.SimpleBind));

            Console.ReadLine();

        }

        // create an active directory user account

        public void CreateUser()

        {

            // create a user principal, set their password and enable the account

            UserPrincipal user = new UserPrincipal(adPrincipalContext,

                         "User1Acct", "pass@1w0rd01", true);

            // assign some properties to the user principal

            user.GivenName = "User";

            user.Surname = "One";

            // force the user to change their password at the next logon

            user.ExpirePasswordNow();

           

            user.Save();

        }

        // create a SAM account

        public void CreateLocalUser()

        {

            UserPrincipal user = new UserPrincipal(localPrincipalContext,

                "user1Acct", "pass@1w0rd01", true);

            // Note the difference in attributes when accessing a different store

            // the attributes appearing in intelliscnse are not derived from the

            // underlying store.

            user.Name = "User One";

            user.Description = "User One";

           

            user.Save();

        }

        // create an ADAM/LDS user

        public void CreateLDSUser()

        {

            // use any of the three options above:

            // ADAMLDSPrincipalContextDN,

            // ADAMLDSPrincipalContextUPN,

            // ADAMLDSPrincipalContextCurrentLogon

            UserPrincipal user = new UserPrincipal(lDSPrincipalContextDN,

                "user2Acct", "pass@1w0rd01", true);

            user.GivenName = "User";

            user.Surname = "One";

            user.Save();

        }

       

        // create an active directory group

        public void CreateADGroup()

        {

            GroupPrincipal group =

                new GroupPrincipal(adPrincipalContext, "Group01");

           

            group.Save();

        }

        // create a group in the SAM

        public void CreateLocalGroup()

        {

            GroupPrincipal group =

                new GroupPrincipal(localPrincipalContext, "Group01");

           

            group.Save();

        }

        // note the sAMAccountName with the trailing $ sign. The article contains an example

        // that sets the SamAccountName property outside of the ComputerPrinicpal constructor.

        public void CreateComputer()

        {

            ComputerPrincipal computer =

                new ComputerPrincipal(adPrincipalContext, "Computer1$", "pAs5wordo1!", true);

            computer.DisplayName = "Computer1";

           

            computer.Save();

        }

        // if you don't specify an identity type, the value can be any supported type

        public void FindByIdentity()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(adPrincipalContext, "user1Acct");

            Console.WriteLine(user.DistinguishedName);

        }

        public void FindByIdentityName()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(

                adPrincipalContext,

                IdentityType.Name,

                "hzkk9l");

            Console.WriteLine(user.DistinguishedName);

        }

        // if you specify an identity type, the value must correspond to that type.

        public void FindByIdentityDn()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(

                adPrincipalContext,

                IdentityType.DistinguishedName,

                "CN=User1Acct,OU=TechWriters,DC=FABRIKAM,DC=COM");

            Console.WriteLine(user.DistinguishedName);

        }

        // find using the user principal name

        public void FindByIdentityUpn()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(

                adPrincipalContext,

                IdentityType.UserPrincipalName,

                "user1Acct@fabrikam.com");

            Console.WriteLine(user.DistinguishedName);

        }

        // if you specify an identity type, the value must correspond to that type.

        // Guid must contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

        // for this to work. This is the standard COM GUID format. You can easily return

        // this format with the PrincipalSearcher (result.Guid.ToString()) See PrincipalSearchEx1

        // for more information on GUID syntax, see Chapter 3: Binding and CRUD Operations with DirectoryEntry

        // in The .NET Developer's Guide to Directory Services Programming

        public void FindByIdentityGuid()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(

                adPrincipalContext,

                IdentityType.Guid,

                "5baa91c5-9c6e-4698-9dda-deaf8f00c49f");

            Console.WriteLine(user.DistinguishedName);

        }

        // SID must be in Security Descriptor Description Language (SDDL) format

        // The PrincipalSearcher can help you here too (result.Sid.ToString())

        public void FindByIdentitySid()

        {

            UserPrincipal user = UserPrincipal.FindByIdentity(

                adPrincipalContext,

                IdentityType.Sid,

                "S-1-5-21-2422933499-3002364838-2613214872-12917");

            Console.WriteLine(user.DistinguishedName);

        }

        // add a user to a group

        public void AddUserToGroup()

        {

            UserPrincipal user =

                UserPrincipal.FindByIdentity(adPrincipalContext, "User1Acct");

            GroupPrincipal group =

                GroupPrincipal.FindByIdentity(adPrincipalContext, "Administrators");

            group.Members.Add(user);

            group.Save();

        }

        // Simple search example using QBE and PrincipalSearcher

        public void PrincipalSearchEx1()

        {

            // create a principal object representation to describe

            // what will be searched

            UserPrincipal user = new UserPrincipal(adPrincipalContext);

            user.Enabled = false;

            // define the properties of the search (can use wildcards)

            user.Name = "user*";

            // create a principal searcher for running a search operation

            PrincipalSearcher pS = new PrincipalSearcher();

            // assign the query filter property the principal object you

            // created

            pS.QueryFilter = user;

            // run the query

            PrincipalSearchResult results = pS.FindAll();

            Console.WriteLine("Disabled accounts starting with a name of 'user':");

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.Name);

                Console.WriteLine("GUID: {0}", result.Guid.ToString());

                Console.WriteLine("SID: {0}", result.Sid.ToString());

            }

        }

        // Search by password set time

        public void PrincipalSearchEx2()

        {

            // get today's date

            DateTime dt = DateTime.Today;

            // run a query

            PrincipalSearchResult results =

                UserPrincipal.FindByPasswordSetTime(

                    adPrincipalContext,

                    dt,

                    MatchType.GreaterThanOrEquals);

            Console.WriteLine("users whose password was set on {0}",

                dt.ToShortDateString());

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.Name);

            }

        }

        // Search by users who logged on today

        public void PrincipalSearchEx3()

        {

            // get today's date

            DateTime dt = DateTime.Today;

            // run a query

            PrincipalSearchResult results =

                UserPrincipal.FindByLogonTime(

                    adPrincipalContext,

                    dt,

                    MatchType.GreaterThanOrEquals);

            Console.WriteLine("users who logged on today {0}",

                dt.ToShortDateString());

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.DistinguishedName);

            }

        }

        // Search by users whose password will expire in 10 days or less

        public void PrincipalSearchEx4()

        {

            // get today's date

            DateTime dt = DateTime.Today;

            // add 10 days

            DateTime add10dt = dt.AddDays(10);

            // run a query

            PrincipalSearchResult results =

                UserPrincipal.FindByExpirationTime(

                    adPrincipalContext,

                    add10dt,

                    MatchType.LessThanOrEquals);

            Console.WriteLine("users whose passwords expire in 10 days or less {0}",

                dt.AddDays(10).ToShortDateString());

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.Name);

            }

        }

        // Search by users who were locked out in the last

        // 5 days

        public void PrincipalSearchEx5()

        {

            // get today's date

            DateTime dt = DateTime.Today;

            DateTime less5dt = dt.AddDays(-5);

            Console.WriteLine(less5dt.ToShortDateString());

            // run a query

            PrincipalSearchResult results =

                UserPrincipal.FindByLockoutTime(

                    adPrincipalContext,

                    less5dt,

                    MatchType.GreaterThanOrEquals);

            Console.WriteLine("users who were locked-out in the last 5 days, since {0}",

                dt.AddDays(-5).ToShortDateString());

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}, {1}", result.Name, result.DistinguishedName);

            }

        }

        // search using the FindByBadPasswordAttempt method

        // instead of the LastBadPasswordAttempt read-only property

        // search by users who attempted to log on today

        public void PrincipalSearchEx6v1()

        {

            // get today's date

            DateTime dt = DateTime.Today;

            // run a query

            PrincipalSearchResult results =

                UserPrincipal.FindByBadPasswordAttempt(

                    adPrincipalContext,

                    dt,

                    MatchType.GreaterThanOrEquals);

            Console.WriteLine("users who registered a bad logon attempt today {0}",

                dt.ToShortDateString());

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.DistinguishedName);

            }

        }

       

        // search using the LastBadPasswordAttempt read-only property

        // instead of the FindByBadPasswordAttempt method

        // Search by users who attempted to log on today

        // IMPORTANT, this example is not the recommended way to

        // limit the results. It is not used in the main entry point

        // for this console app.

        public void PrincipalSearchEx6v2()

        {

            // create a principal object representation to describe

            // what will be searched

            UserPrincipal user = new UserPrincipal(adPrincipalContext);

            user.Enabled = true;

            // define the properties of the search (can use wildcards)

            user.Name = "*";

            // create a principal searcher for running a search operation

            // and assign the QBE user principal as the query filter

            PrincipalSearcher pS = new PrincipalSearcher(user);

            // run the query

            PrincipalSearchResult results = pS.FindAll();

            Console.WriteLine("Bad password attempts:");

            foreach (UserPrincipal result in results)

            {

                // because LastBadPasswordAttempt is nullable, you should check that the

                // value is not null, before checking the actual value.

                if (result.LastBadPasswordAttempt.HasValue &&

                    result.LastBadPasswordAttempt.Value >= DateTime.Today)

                {

                    Console.WriteLine("name: {0}, {1}",

                        result.Name,

                        result.LastBadPasswordAttempt.Value);

                }

            }

        }

        // search using the LastBadPasswordAttempt read-only property

        // instead of the FindByBadPasswordAttempt method

        // Search by users who attempted to log on today

        // IMPORTANT, this example is not the recommended way to

        // limit the results.

        public void PrincipalSearchEx6v3()

        {

            DateTime dt = DateTime.Today;

            // create a principal object representation to describe

            // what will be searched

            UserPrincipal user = new UserPrincipal(adPrincipalContext);

            user.Enabled = true;

            // define the properties of the search (can use wildcards)

            user.Name = "*";

            //add the LastBadPasswordAttempt >= Today to the query filter

            user.AdvancedSearchFilter.LastBadPasswordAttempt

                (dt, MatchType.GreaterThanOrEquals);

            // create a principal searcher for running a search operation

            // and assign the QBE user principal as the query filter

            PrincipalSearcher pS = new PrincipalSearcher(user);

            // run the query

            PrincipalSearchResult results = pS.FindAll();

            Console.WriteLine("Bad password attempts on {0}:",

                dt.ToShortDateString());

            foreach (UserPrincipal result in results)

            {

                Console.WriteLine("name: {0}, {1}",

                       result.Name,

                       result.LastBadPasswordAttempt.Value);

            }

        }

        // Search for all groups to which a user belongs

        public void GetGroupsEx()

        {

            string userName = "user11";

            // find the user in the identity store

            UserPrincipal user =

                UserPrincipal.FindByIdentity(

                    adPrincipalContext,

                    userName);

            // get the authorization groups for the user principal and

            // store the results in a PrincipalSearchResult object

            PrincipalSearchResult results =

                user.GetAuthorizationGroups();

            // display the names of the groups to which the

            // user belongs

            Console.WriteLine("groups to which {0} belongs:",

                userName);

            foreach (Principal result in results)

            {

                Console.WriteLine("name: {0}", result.Name);

            }

        }

    }

}








우선 제가 알고싶은것은 Ldap에 접속하기위한 속성(?)의 설정과 따로 서버에 어떠한 설치를 해주어야 하는것인지 알고싶습니다...


이 글에 대한 댓글이 총 1건 있습니다.

음 AD로 연동하실려고 하시는건가요?
계정은 Unix나 Linux계정이고요. 먼저 디렉토리는 어딘엔가 설치가 되어 있어야 하고요
일단 AD를 이용하던 다른 LDAP서버를 이용하던 상관은 없습니다.

LDAP서버를 그냥 사용자 정보를 저장하고 있는 저장소라 생각하시면 편하고요

OU, CN, O, DC는 DB의 필드라고 생각하면 편할겁니다. (약간다르지만)
LDAP에서는 기본적인 스키마는 구성되어 있습니다. 계정에 대한 모든 정보는 다 가지고
있습니다. 

ou : organizaion unit
cn : common name
o   : organization
dc : domain controler

의 약자입니다.

속성설정은 문서를 보셔야 하는데 이 게시판에 문태준님이 써주신거를 보면서 그리고
LDAP이란 무엇인가 문서를 먼저 보시고 자세히 질문해 주셨으면  하네요.

송상준(sjsong)님이 2008-11-10 14:15:54에 작성한 댓글입니다.
[Top]
No.
제목
작성자
작성일
조회
2404phpldapadmin 에서 uid=root 인 유저 패스워드 변경해서 시스템 상에서의 root도 동일 하게 변경 하기 [5]
김철민
2008-12-17
6347
2402LDAP => 오라클 데이타 이동시에 userPassword [2]
이현복
2008-11-28
5759
2400JAVA에서 검색시에 SCOPE설정에 대해서 [4]
이현복
2008-11-26
4599
2399ldap 갓입문한 애기입니다.. OU, CN, O, DC... [1]
한요한
2008-11-10
9142
2397LDAP 프로그래밍에서 바이너리 처리하는 소스 예제 없을까요? [4]
문태준
2008-10-22
5067
2396LDAP add 할때 우왕~!!! [1]
장진오
2008-10-02
5054
2395LDAP을 이용한 SSO구축 특히 SSH 접속 인증방법? [2]
김동현
2008-09-03
6930
Valid XHTML 1.0!
All about the DATABASE... Copyleft 1999-2019 DSN, All rights reserved.
작업시간: 0.279초, 이곳 서비스는
	PostgreSQL v11.5로 자료를 관리합니다