Reputation: 690
How can I retrieve a complete list of Attributes for a class in an LDAP repository with .NET?
I have an application that reads user records from an LDAP repository. I'm using the facilities in the System.DirectoryServices.Protocols namespace to do so. The objectclass is typically person or inetOrgPerson.
How can I dynamically read the attributes for a given class from the LDAP repository?
The following code produces a list of attributes for a sample user in the repository, but appears to only return those attributes that have values.
var connection = new LdapConnection(...);
SearchRequest request = new SearchRequest("CN=joe.user,DC=blah,DC=com", (string)null, SearchScope.Base);
SearchResponse response = (SearchResponse)connection.SendRequest(request);
var attributes = new List<string>();
foreach (SearchResultEntry entry in response.Entries)
{
foreach (string attributeName in entry.Attributes.AttributeNames)
attributes.Add(attributeName);
}
I can red the objectclass attribute from a sample user to get the classes, but then how would I retrieve all attributes for the user's objectclass list?
NOTE: the SearchRequest class claims that setting the Attributes property to null will return all attributes. Unfortunately there is no setter for this property!
NOTE 2: I've tried adding "*" and "+" to the list of attribute names to no avail.
Upvotes: 2
Views: 12731
Answers (3)
Reputation: 7878
If you were using DirectorySearcher/DirectoryEntry, you can get the schema object for a DirectoryEntry with the SchemaEntry property. Then you can get the allowedAttributes constructed attribute from the schema entry.
using System.DirectoryServices;
DirectoryEntry deTargetUser = new DirectoryEntry("LDAP://CN=joe.user,DC=blah,DC=com");
DirectorySearcher dsSchema = new DirectorySearcher(deTargetUser.SchemaEntry);
dsSchema.SearchScope = SearchScope.Base; //allowedAttributes is a constructed attribute, so have to ask for it while performing a search
dsSchema.Filter = "(objectClass=*)"; //this is closest thing I can find to an always true filter
dsSchema.PropertiesToLoad.Add("allowedAttributes");
SearchResult srSchema = dsSchema.FindOne();
var attributes = new List<string>();
foreach(string attributeName in srSchema.Properties["allowedAttributes"])
{
attributes.Add(attributeName);
}
Upvotes: 0
Reputation: 11132
To read the attributes that are populated in a directory entry, use the syntax
@objectClassName, for example, @inetOrgPerson. Request this construct as one of the request
attributes in the search. See also LDAP: Retrieving Attributes of an
objectclass. This syntax is
defined in RFC 4529.
To locate the schema, extract the value of the attribute subschemaSubEntry from the root
DSE. The value of this attribute is the root of the schema. it is possible that a misconfigured
server could prevent clients from reading the value of the subschemaSubEntry attribute, but
this would be a grave error on the part of the administrators because all LDAP clients must discover the matching rules and
ordering to use when comparing attribute values.
For more information about the root DSE, see the article "LDAP: The Root DSE".
Upvotes: 1
Reputation: 310980
If you just want the attribute names, you can get them via the schema for the objectClass.
Upvotes: -2
Related Questions
- LDAP - Retrieve a list of all attributes/values?
- How to get ALL available properties for a DirectoryEntry
- Limiting the attributes returned in an LDAP query
- How to get list of classes of an Active Directory in C#
- How to get All attributes from an Active Directory user in C#
- C# Distribution list attributes (active directory)
- How Do I List All the Values in a Java Attributes Object?
- Active Directory Attribute List Using c#
- Getting all possible LDAP Attributes of special object classes in AD using C#
- Querying custom LDAP property via System.DirectoryServices in C#?