우선 제가 무엇을하려고 ldap을 하게 되었는지 부터 설명을 들으셔야 쉽게 질문에 답을 해주실꺼같네요...
우선 제가 학교에서 조교로일하고있습니다.
하지만 학기초마다 신입생이며 복학생의 네트워크 계정 및 폴더를 만들기가 너무 번거롭더군요..ㅜㅜ
그래서 asp.net을 써서 DB에있는 리스트를 불러와서 폴더에 권한과 그룹에 그사용자를 추가할수있게 구현을 하려고 합니다.
이것저것 알아보던중 MSDN에서 소스를 얻었는데요..
Ldap 에서 OU, CN, O, DC...등의 속성이 어떤것을 의미하는지 도통 모르겠네요..
이것은 MSDN에서 발췌한 소스입니다.
우선 사용자 추가부분이네요
C#코드
DirectoryEntry ent = new DirectoryEntry();
DirectoryEntry ou = ent.Children.Find("OU=Consulting");
// Use the Add method to add a user to an organizational unit.
DirectoryEntry usr = ou.Children.Add("CN=New User","user");
// Set the samAccountName, then commit changes to the directory.
usr.Properties["samAccountName"].Value = "newuser";
usr.CommitChanges();
그리고 이건 다운로드한 샘플코드입니다.
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
namespace MSDN.Samples.DirectoryServices.AM
{
class AccountManagementOps
{
static string adamInstance = "sea-dc-02.fabrikam.com:50000";
static string adDomain = "Fabrikam";
// You might wnat to change this container path depending on the operation you want
// to run. For example, you should specify an OU below this
// container for creating user accounts. This also applies to the other supported hierarchical identity
// stores - ADAM and LDS
static string adContainer = "dc=fabrikam,dc=com";
static string adamContainer = "o=microsoft,c=us";
// AD LDS or AD context
static PrincipalContext adPrincipalContext =
new PrincipalContext(
ContextType.Domain,
adDomain,
adContainer);
// SAM context
static PrincipalContext localPrincipalContext =
new PrincipalContext(
ContextType.Machine,
"computer01",
"adminUser",
"adminPassword");
// ADAM or AD LDS context simple bind auth. using ADAM or AD LDS DN
static PrincipalContext lDSPrincipalContextDN =
new PrincipalContext(
ContextType.ApplicationDirectory,
adamInstance,
adamContainer,
ContextOptions.SimpleBind,
"CN=administrator,OU=ADAM Users,O=Microsoft,C=US",
"pAs5wordo1!");
// ADAM or AD LDS context simple bind auth. using ADAM or AD LDS UPN
static PrincipalContext lDSPrincipalContextUPN =
new PrincipalContext(
ContextType.ApplicationDirectory,
adamInstance,
adamContainer,
ContextOptions.SimpleBind,
"Administrator@MyLDS",
"pAs5wordo1!");
// ADAM LDS context negotiate (SPENGO) auth. using currently logged on
// AD DS or AD user account
static PrincipalContext lDSPrincipalContextCurrentLogon =
new PrincipalContext(
ContextType.ApplicationDirectory,
adamInstance,
adamContainer,
ContextOptions.SimpleBind);
// example of using the ValidateCrednetials method to
// check whether a user can authenticate.
public void Auth()
{
PrincipalContext principalContext =
new PrincipalContext(
ContextType.ApplicationDirectory,
"sea-dc-02.fabrikam.com:50000",
"ou=ADAM Users,O=Microsoft,C=US");
Console.WriteLine(
principalContext.ValidateCredentials(
"User1@MyLDS",
"pAs5wordo1!",
ContextOptions.SimpleBind));
Console.ReadLine();
}
// create an active directory user account
public void CreateUser()
{
// create a user principal, set their password and enable the account
UserPrincipal user = new UserPrincipal(adPrincipalContext,
"User1Acct", "pass@1w0rd01", true);
// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";
// force the user to change their password at the next logon
user.ExpirePasswordNow();
user.Save();
}
// create a SAM account
public void CreateLocalUser()
{
UserPrincipal user = new UserPrincipal(localPrincipalContext,
"user1Acct", "pass@1w0rd01", true);
// Note the difference in attributes when accessing a different store
// the attributes appearing in intelliscnse are not derived from the
// underlying store.
user.Name = "User One";
user.Description = "User One";
user.Save();
}
// create an ADAM/LDS user
public void CreateLDSUser()
{
// use any of the three options above:
// ADAMLDSPrincipalContextDN,
// ADAMLDSPrincipalContextUPN,
// ADAMLDSPrincipalContextCurrentLogon
UserPrincipal user = new UserPrincipal(lDSPrincipalContextDN,
"user2Acct", "pass@1w0rd01", true);
user.GivenName = "User";
user.Surname = "One";
user.Save();
}
// create an active directory group
public void CreateADGroup()
{
GroupPrincipal group =
new GroupPrincipal(adPrincipalContext, "Group01");
group.Save();
}
// create a group in the SAM
public void CreateLocalGroup()
{
GroupPrincipal group =
new GroupPrincipal(localPrincipalContext, "Group01");
group.Save();
}
// note the sAMAccountName with the trailing $ sign. The article contains an example
// that sets the SamAccountName property outside of the ComputerPrinicpal constructor.
public void CreateComputer()
{
ComputerPrincipal computer =
new ComputerPrincipal(adPrincipalContext, "Computer1$", "pAs5wordo1!", true);
computer.DisplayName = "Computer1";
computer.Save();
}
// if you don't specify an identity type, the value can be any supported type
public void FindByIdentity()
{
UserPrincipal user = UserPrincipal.FindByIdentity(adPrincipalContext, "user1Acct");
Console.WriteLine(user.DistinguishedName);
}
public void FindByIdentityName()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.Name,
"hzkk9l");
Console.WriteLine(user.DistinguishedName);
}
// if you specify an identity type, the value must correspond to that type.
public void FindByIdentityDn()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.DistinguishedName,
"CN=User1Acct,OU=TechWriters,DC=FABRIKAM,DC=COM");
Console.WriteLine(user.DistinguishedName);
}
// find using the user principal name
public void FindByIdentityUpn()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.UserPrincipalName,
"user1Acct@fabrikam.com");
Console.WriteLine(user.DistinguishedName);
}
// if you specify an identity type, the value must correspond to that type.
// Guid must contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
// for this to work. This is the standard COM GUID format. You can easily return
// this format with the PrincipalSearcher (result.Guid.ToString()) See PrincipalSearchEx1
// for more information on GUID syntax, see Chapter 3: Binding and CRUD Operations with DirectoryEntry
// in The .NET Developer's Guide to Directory Services Programming
public void FindByIdentityGuid()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.Guid,
"5baa91c5-9c6e-4698-9dda-deaf8f00c49f");
Console.WriteLine(user.DistinguishedName);
}
// SID must be in Security Descriptor Description Language (SDDL) format
// The PrincipalSearcher can help you here too (result.Sid.ToString())
public void FindByIdentitySid()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.Sid,
"S-1-5-21-2422933499-3002364838-2613214872-12917");
Console.WriteLine(user.DistinguishedName);
}
// add a user to a group
public void AddUserToGroup()
{
UserPrincipal user =
UserPrincipal.FindByIdentity(adPrincipalContext, "User1Acct");
GroupPrincipal group =
GroupPrincipal.FindByIdentity(adPrincipalContext, "Administrators");
group.Members.Add(user);
group.Save();
}
// Simple search example using QBE and PrincipalSearcher
public void PrincipalSearchEx1()
{
// create a principal object representation to describe
// what will be searched
UserPrincipal user = new UserPrincipal(adPrincipalContext);
user.Enabled = false;
// define the properties of the search (can use wildcards)
user.Name = "user*";
// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher();
// assign the query filter property the principal object you
// created
pS.QueryFilter = user;
// run the query
PrincipalSearchResult results = pS.FindAll();
Console.WriteLine("Disabled accounts starting with a name of 'user':");
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.Name);
Console.WriteLine("GUID: {0}", result.Guid.ToString());
Console.WriteLine("SID: {0}", result.Sid.ToString());
}
}
// Search by password set time
public void PrincipalSearchEx2()
{
// get today's date
DateTime dt = DateTime.Today;
// run a query
PrincipalSearchResult results =
UserPrincipal.FindByPasswordSetTime(
adPrincipalContext,
dt,
MatchType.GreaterThanOrEquals);
Console.WriteLine("users whose password was set on {0}",
dt.ToShortDateString());
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.Name);
}
}
// Search by users who logged on today
public void PrincipalSearchEx3()
{
// get today's date
DateTime dt = DateTime.Today;
// run a query
PrincipalSearchResult results =
UserPrincipal.FindByLogonTime(
adPrincipalContext,
dt,
MatchType.GreaterThanOrEquals);
Console.WriteLine("users who logged on today {0}",
dt.ToShortDateString());
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.DistinguishedName);
}
}
// Search by users whose password will expire in 10 days or less
public void PrincipalSearchEx4()
{
// get today's date
DateTime dt = DateTime.Today;
// add 10 days
DateTime add10dt = dt.AddDays(10);
// run a query
PrincipalSearchResult results =
UserPrincipal.FindByExpirationTime(
adPrincipalContext,
add10dt,
MatchType.LessThanOrEquals);
Console.WriteLine("users whose passwords expire in 10 days or less {0}",
dt.AddDays(10).ToShortDateString());
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.Name);
}
}
// Search by users who were locked out in the last
// 5 days
public void PrincipalSearchEx5()
{
// get today's date
DateTime dt = DateTime.Today;
DateTime less5dt = dt.AddDays(-5);
Console.WriteLine(less5dt.ToShortDateString());
// run a query
PrincipalSearchResult results =
UserPrincipal.FindByLockoutTime(
adPrincipalContext,
less5dt,
MatchType.GreaterThanOrEquals);
Console.WriteLine("users who were locked-out in the last 5 days, since {0}",
dt.AddDays(-5).ToShortDateString());
foreach (Principal result in results)
{
Console.WriteLine("name: {0}, {1}", result.Name, result.DistinguishedName);
}
}
// search using the FindByBadPasswordAttempt method
// instead of the LastBadPasswordAttempt read-only property
// search by users who attempted to log on today
public void PrincipalSearchEx6v1()
{
// get today's date
DateTime dt = DateTime.Today;
// run a query
PrincipalSearchResult results =
UserPrincipal.FindByBadPasswordAttempt(
adPrincipalContext,
dt,
MatchType.GreaterThanOrEquals);
Console.WriteLine("users who registered a bad logon attempt today {0}",
dt.ToShortDateString());
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.DistinguishedName);
}
}
// search using the LastBadPasswordAttempt read-only property
// instead of the FindByBadPasswordAttempt method
// Search by users who attempted to log on today
// IMPORTANT, this example is not the recommended way to
// limit the results. It is not used in the main entry point
// for this console app.
public void PrincipalSearchEx6v2()
{
// create a principal object representation to describe
// what will be searched
UserPrincipal user = new UserPrincipal(adPrincipalContext);
user.Enabled = true;
// define the properties of the search (can use wildcards)
user.Name = "*";
// create a principal searcher for running a search operation
// and assign the QBE user principal as the query filter
PrincipalSearcher pS = new PrincipalSearcher(user);
// run the query
PrincipalSearchResult results = pS.FindAll();
Console.WriteLine("Bad password attempts:");
foreach (UserPrincipal result in results)
{
// because LastBadPasswordAttempt is nullable, you should check that the
// value is not null, before checking the actual value.
if (result.LastBadPasswordAttempt.HasValue &&
result.LastBadPasswordAttempt.Value >= DateTime.Today)
{
Console.WriteLine("name: {0}, {1}",
result.Name,
result.LastBadPasswordAttempt.Value);
}
}
}
// search using the LastBadPasswordAttempt read-only property
// instead of the FindByBadPasswordAttempt method
// Search by users who attempted to log on today
// IMPORTANT, this example is not the recommended way to
// limit the results.
public void PrincipalSearchEx6v3()
{
DateTime dt = DateTime.Today;
// create a principal object representation to describe
// what will be searched
UserPrincipal user = new UserPrincipal(adPrincipalContext);
user.Enabled = true;
// define the properties of the search (can use wildcards)
user.Name = "*";
//add the LastBadPasswordAttempt >= Today to the query filter
user.AdvancedSearchFilter.LastBadPasswordAttempt
(dt, MatchType.GreaterThanOrEquals);
// create a principal searcher for running a search operation
// and assign the QBE user principal as the query filter
PrincipalSearcher pS = new PrincipalSearcher(user);
// run the query
PrincipalSearchResult results = pS.FindAll();
Console.WriteLine("Bad password attempts on {0}:",
dt.ToShortDateString());
foreach (UserPrincipal result in results)
{
Console.WriteLine("name: {0}, {1}",
result.Name,
result.LastBadPasswordAttempt.Value);
}
}
// Search for all groups to which a user belongs
public void GetGroupsEx()
{
string userName = "user11";
// find the user in the identity store
UserPrincipal user =
UserPrincipal.FindByIdentity(
adPrincipalContext,
userName);
// get the authorization groups for the user principal and
// store the results in a PrincipalSearchResult object
PrincipalSearchResult results =
user.GetAuthorizationGroups();
// display the names of the groups to which the
// user belongs
Console.WriteLine("groups to which {0} belongs:",
userName);
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.Name);
}
}
}
}
우선 제가 알고싶은것은 Ldap에 접속하기위한 속성(?)의 설정과 따로 서버에 어떠한 설치를 해주어야 하는것인지 알고싶습니다...
|