Reputation: 6361
How do I get DirectorySearcher to honor my specified SearchScope?
I have the following C# code in a project:
DirectoryEntry root = new DirectoryEntry(@"LDAP://ad.mydomain.com");
DirectorySearcher ds = new DirectorySearcher(root);
ds.DerefAlias = DereferenceAlias.Always;
ds.SearchScope = SearchScope.Subtree;
ds.Filter = "(|(name=John_Smith)(cn=John_Smith))";
SearchResultCollection src = ds.FindAll();
I'm monitoring LDAP traffic to the AD server with MS Network Monitor and I see this when the search takes place:
Frame: Number = 1417, Captured Frame Length = 404, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[XXX],SourceAddress:[XXX]
+ Ipv4: Src = XXX, Dest = XXX, Next Protocol = TCP, Packet ID = 9696, Total IP Length = 390
+ Tcp: Flags=...AP..., SrcPort=1521, DstPort=LDAP(389), PayloadLen=350, Seq=3825204841 - 3825205191, Ack=1241404727, Win=16425 (scale factor 0x2) = 65700
- Ldap: Search Request, MessageID: 1, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
- Parser: Search Request, MessageID: 1
+ ParserHeader:
+ MessageID: 1
+ OperationHeader: Search Request, 3(0x3)
- SearchRequest: BaseDN: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
+ BaseObject: NULL
+ Scope: base Object
+ Alias: neverDerefAliases
+ SizeLimit: No Limit
+ TimeLimit: 120 seconds
+ TypesOnly: False
- Filter: (objectclass Present)
+ Operator: Present, 7(0x07)
- Length: 11
Length: 11 bytes, LengthOfLength = 0
+ PresentFilter: objectclass Present
- Attributes: ( subschemaSubentry )( dsServiceName )( namingContexts )( defaultNamingContext )( schemaNamingContext )( configurationNamingContext )( rootDomainNamingContext )( supportedControl )( supportedLDAPVersion )( supportedLDAPPolicies )( supportedSASLMec
+ AttributeSelectionHeader:
+ Attribute: subschemaSubentry
+ Attribute: dsServiceName
+ Attribute: namingContexts
+ Attribute: defaultNamingContext
+ Attribute: schemaNamingContext
+ Attribute: configurationNamingContext
+ Attribute: rootDomainNamingContext
+ Attribute: supportedControl
+ Attribute: supportedLDAPVersion
+ Attribute: supportedLDAPPolicies
+ Attribute: supportedSASLMechanisms
+ Attribute: dnsHostName
+ Attribute: ldapServiceName
+ Attribute: serverName
+ Attribute: supportedCapabilities
Neither the search scope or filter I requested appear to be being used in the query. I tried using Softerra LDAP Administrator to perform a root search on "John_Smith" and network monitor shows what appears to be a perfectly good LDAP query, with filter and search scope intact.
What am I missing?
Upvotes: 1
Views: 3119
Answers (2)
Reputation: 11
So the request that is being sent is a query of the capabilities of the ldap server (location of the schema, supported ldap version, etc). The ldap/AD server can respond with the information requested or require authentication. You can take care of that step (bind) by supplying credentials when you bind to the root entry. After the SearchResultsDone message is received for the capabilities query, the directory searcher (actually the underlying ldap class) will send a search request asking for the information that you requested.
Upvotes: 0
Reputation: 7541
This is how I do it:
searcher.Filter = "(&(objectClass=user)(|(cn=John_Smith)(sAMAccountName=John_Smith)))";
An awesome site for everything AD is this one that I use.
http://www.codeproject.com/KB/system/everythingInAD.aspx
Upvotes: 2
Related Questions
- Directory Searcher Filter is returning no results
- DirectorySearcher() and AuthenticationTypes Enum
- LDAP SearchResult does not contain user properties
- PrincipalSearcher not following underlying DirectorySearcher's Filter
- DirectorySearcher User search filter is invalid
- How to get DN for a DirectorySearcher's SearchResult in .NET?
- Single Level Search with PrincipalSearcher
- Active Directory DirectorySearcher is not returning all of the available properties
- Active Directory different results for DirectorySearcher and PrincipalSearcher
- Using DirectorySearcher to query multiple OUs