2. 程式方面~
引用:System.DirectoryServices.DirectorySearcher
string cn = "UserName";
string cnPassword = "UserPassword";
string path = "LDAP://ServerName:389/dc=DomainName,dc=com,dc=tw";
string username = "DomainName\\DomainAdmin";
string password = "DomainAdminPassword";
// Authentication flags.
// For non-secure connection, use LDAP port and
// ADS_USE_SIGNING | ADS_USE_SEALING | ADS_SECURE_AUTHENTICATION
// For secure connection, use SSL port and
// ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
AuthenticationTypes authenticationTypes = AuthenticationTypes.Signing | AuthenticationTypes.Sealing | AuthenticationTypes.Secure;
const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
const long ADS_OPTION_PASSWORD_METHOD = 7;
const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
const int ADS_PASSWORD_ENCODE_CLEAR = 1;
/// <summary>
/// 新增 LDAP 使用者
/// </summary>
private void Add(string cn)
{
try
{
// 定義 DirectoryEntry
DirectoryEntry entry = new DirectoryEntry(path, username, password, authenticationTypes);
// 檢查是否存在 LDAP 使用者
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = string.Format("(cn={0})", cn);
SearchResult result = searcher.FindOne();
// 新增 LDAP 使用者
if (result == null)
{
DirectoryEntry user = entry.Children.Add(string.Format("cn={0},ou=Users", cn), "inetOrgPerson");
//user.Properties["cn"].Value = "PK";
user.Properties["displayName"].Value = "顯示名稱";
user.Properties["department"].Value = "部門";
user.Properties["departmentNumber"].Value = "部門代碼";
user.Properties["givenname"].Value = "名";
user.Properties["mail"].Value = "電子郵件";
user.Properties["sn"].Value = "姓";
user.Properties["uid"].Value = "帳號";
user.Properties["userPrincipalName"].Value = "帳戶";
user.CommitChanges();
user.Close();
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
/// <summary>
/// 變更 LDAP 使用者密碼
/// </summary>
private void ChangePassword(string cn, string password)
{
try
{
// 定義 DirectoryEntry
DirectoryEntry entry = new DirectoryEntry(path, username, password, authenticationTypes);
// 檢查是否存在 LDAP 使用者
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = string.Format("(cn={0})", cn);
SearchResult result = searcher.FindOne();
// 變更 LDAP 使用者密碼
if (result != null)
{
DirectoryEntry user = result.GetDirectoryEntry();
user.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_PORTNUMBER, 389 });
user.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR });
user.Invoke("SetPassword", new Object[] { cnPassword });
user.Properties["LockOutTime"].Value = 0;
user.CommitChanges();
user.Close();
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
/// <summary>
/// 刪除 LDAP 使用者
/// </summary>
private void Delete(string cn)
{
try
{
// 定義 DirectoryEntry
DirectoryEntry entry = new DirectoryEntry(path, username, password, authenticationTypes);
// 檢查是否存在 LDAP 使用者
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = string.Format("(cn={0})", cn);
SearchResult result = searcher.FindOne();
// 刪除 LDAP 使用者
if (result != null)
{
DirectoryEntry user = entry.Children.Find(string.Format("cn={0},ou=Users", cn), "inetOrgPerson");
user.DeleteTree();
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
3. L7 Networks(上網認證)
4. zimbra(電子郵件)
%2BAdministration%2BConsole-%2BManage%2BDomains%2B2014-09-30%2B13-56-01.png)
5. moodle(數位學習) 1.9.12
參考資料
[1] Setting User Passwords
[2] LDAP Authentication
沒有留言:
張貼留言