How to ask for specific "ou" ... GetDirectoryEntry("ou"="xxx") ?

Oct 14, 2015 at 2:45 PM
Hello,

Works fine now, thanx!

I wonder how to inject 'filters' to force the result from the AD to be from one "ou" or from another "ou"?

I suppose the job is to do here ...
        ...
        return new DirectoryEntry[] { 
            Domain.GetComputerDomain().GetDirectoryEntry(),
        ...

but I cannot find the way as for example: GetDirectoryEntry("ou"="xxx") ?

Thanks for any help.
Claude
Coordinator
Oct 14, 2015 at 3:36 PM
Edited Oct 14, 2015 at 3:39 PM
hello Claude,
you have 2 possibilities:
  • at LDAP path level: you can create a LDAP connection that targets a specific OU, e.g. LDAP://OU=MyOU,DC=contoso,DC=com
  • at LDAP attribute level: for each AttributeHelper (object that represents a claim type associated with a LDAP attribute), you can set a specific LDAP filter in property AttributeHelper.AdditionalLDAPFilterProp. For example, this filter excludes computer accounts and includes only users that are member of a specific security group:
    (!(objectClass=computer)) (memberof=CN=group1,CN=Users,DC=YvanHost,DC=local)
I hope this helps
thanks,
Yvan
Oct 14, 2015 at 3:56 PM
Edited Oct 14, 2015 at 4:07 PM
Hello Yvand,

Thank you for the response.

I understant the first possibility:

1- eg:
        ...
        DirectoryEntry objDE;
        String strPath = "LDAP://DC=dev,DC=entsoe,DC=local"; 
        objDE = new DirectoryEntry(strPath);
        return new DirectoryEntry[] {
            objDE
        };
But for the second I'm not sure to see exactly. Could you provide a sample of the code doing this, do you use the 'DirectoryEntry ' instance to add your filters?
Where do you inject the 'AttributeHelper' and how to specify in it the filter eg: (!(objectClass=computer)) (memberof=CN=group1,CN=Users,DC=YvanHost,DC=local)?

Kind regards.
Claude
Oct 15, 2015 at 11:18 AM
Ok I found a solution described below if anybody needs it:
            DirectoryEntry de = new DirectoryEntry();
            de.Path = ldapcPath; // "LDAP://DC=dev,DC=entsoe,DC=local"; // "LDAP://DC=company,DC=local";
            de.AuthenticationType = AuthenticationTypes.Secure;

            SearchResult result = null;
            if (ldapcpFilter.Length > 0)
            {
                DirectorySearcher deSearch = new DirectorySearcher();
                deSearch.SearchRoot = de;
                deSearch.Filter = ldapcpFilter; // "(&(objectClass=user) (cn=" + "nsi-elia nsi-elia" + "))";
                result = deSearch.FindOne();
            }
            if (result != null)
            {
                DirectoryEntry deUser = new DirectoryEntry(result.Path);
                return new DirectoryEntry[] {deUser};
            }
            else
            {
                return new DirectoryEntry[] {de};
            }
Marked as answer by csiefers on 10/15/2015 at 4:18 AM