I've got a string that I'm fetching from LDAP for Active Directory group membership and I need to parse it to check if the user is a member of the AD group. Is there a class that can parse this for me?
Example:
CN=Foo Group Name,DC=mydomain,DC=com
views:
96answers:
3
+2
A:
If you don't want to add additional dependencies and just want to parse the string..
This type of string can easily be parsed just using string.Split. To get the CN values, would be something like..
string[] split = "CN=Foo Group Name,DC=mydomain,DC=com".Split(',');
List<string> cnValues = new List<string>();
foreach(string pair in split){
string[] keyValue=pair.Split('=');
if(keyValue[0]=="CN")
cnValues.Add(keyValue[1]);
}
markt
2010-09-30 18:48:57
+1 This answers the question and is a good solution.
Will Marcouiller
2010-10-01 18:48:04
+3
A:
These are called distinguished names.
CodeProject has a parser project that appears to do what you need: http://www.codeproject.com/KB/IP/dnparser.aspx
spoulson
2010-09-30 18:50:33
+1
A:
Besides, if you query the AD for a group members, you'll be able to compare all of the members' distinguishedName's directly without parsing code through the DirectoryEntry class of the System.DirectoryServices namespace.
Otherwise, I just don't know of such a class somewhere. =)
Hope this helps anyway somehow !
EDIT #1
Here's a link from which I have learned a lot working with the AD and the System.DirectoryServices namespace: Howto: (Almost) Everything In Active Directory via C#
I shall provide you with a sample code in a few days, if you still require it, where I will use the System.DirectoryServices.DirectorySearcher object class to retrieve the members of a group.
I wish this link will help you as it did for me! =)
EDIT #2
Here's the code sample I told you about. This should make it more efficient to query against the AD without having to work bakc and forth the AD.
public IList<string> GetMembers(string groupName) {
if (string.IsNullOrEmpty(groupName))
throw new ArgumentNullException("groupName");
IList<string> members = new List<string>();
DirectoryEntry root = new DirectoryEntry(@"LDAP://my.domain.com");
DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchRoot = root;
searcher.SearchScope = SearchScope.Subtree;
searcher.PropertiesToLoad.Add("member");
searcher.Filter = string.Format("(&(objectClass=group)(sAMAccountName={0}))", groupName);
SearchResult result = searcher.FindOne();
DirectoryEntry groupFound = result.GetDirectoryEntry();
for (int index = 0; index < ((object[])groupFound.Properties["member"].Value).Length; ++index)
members.Add((string)((object[])groupFound.Properties["member"].Value)[index]);
return members;
}
Disclaimer : This code is provided as-is. I tested it on my local machine and it works perfectly fine. But since I had to retype it here because I couldn't just copy-paste it, I have perhaps made some mistakes while typing, which I wish didn't occur.
Will Marcouiller
2010-09-30 19:06:00
This worked pretty well for me, problem is that it's pretty expensive round-trip cost going back and forth with AD. Trying a way to fetch them all at once.
Gabe Brown
2010-09-30 20:24:46
If you're using .NET 3.5 or can use the `System.Linq` namespace, you might perhaps be interested to take an eye out the Bart De Smet's LINQ to AD project on Codeplex. This allows you to use LINQ to query against the AD. Indeed, there's a bit of work to do to complete the library, but the most critical aspects are covered within his open source code.
Will Marcouiller
2010-09-30 20:48:29
If you want immediate members of a group, call `DirectorySearcher` against the DN of the group and get its `members` attribute for a list of DNs. If you want nested members of groups within a group, get the `tokenGroups` attribute for a list of object SIDs. I wrote about this a while back: http://explodingcoder.com/blog/content/how-query-active-directory-security-group-membership
spoulson
2010-09-30 22:11:16
Right ! The `DirectorySearcher` class is the one to use to query against the AD. Thanks for the mention @spoulson! Completely forgot about it for a few! =)
Will Marcouiller
2010-10-01 00:00:01