我们正在开发一个门户,管理员可以在其中管理 Active Directory 中的用户和组对象,而无需访问服务器本身。
每当用户被策略锁定时,更新用户将始终解锁用户,即使我们没有更新lockoutTime属性
这是我们用于 LINQ to LDAP 的 ClassMap
public override IClassMap PerformMapping(string namingContext = null, string objectCategory = null, bool includeObjectCategory = true, IEnumerable<string> objectClasses = null, bool includeObjectClasses = true)
{
NamingContext(namingContext);
ADUserEntity.SetNamingContext(namingContext);
ObjectCategory("Person");
ObjectClass("User");
DistinguishedName(x => x.DistinguishedName);
Map(x => x.Name).Named(Identity.cn).ReadOnly();
Map(x => x.Department).Named(Identity.department);
Map(x => x.Id).Named(Identity.objectGUID).StoreGenerated();
Map(x => x.Title).Named(Identity.title);
Map(x => x.GivenName).Named(Identity.givenName);
Map(x => x.SurName).Named(Identity.sn);
Map(x => x.MiddleName).Named(Identity.middleName);
Map(x => x.SAMAccountName).Named(Identity.sAMAccountName);
Map(x => x.AccountControl).Named(Identity.userAccountControl);
Map(x => x.DisplayName).Named(Identity.displayName);
Map(x => x.TelephoneNumber).Named(Identity.telephoneNumber);
Map(x => x.MemberOf).Named(Identity.memberof);
Map(x => x.LockoutTime).Named(Identity.lockoutTime).ReadOnly();
Map(x => x.LastLogon).Named(Identity.lastLogon).ReadOnly();
Map(x => x.EmailAddress).Named(Identity.mail).ReadOnly();
Map(x => x.PwdLastSet).Named(Identity.pwdLastSet).ReadOnly();
Map(x => x.UserPrincipalName).Named(Identity.userPrincipalName);
return this;
}
LockoutTime 有一个简单的 getter/setter
...
public override long? LockoutTime
{
get
{
return _userEntity.LockoutTime;
}
set
{
_userEntity.LockoutTime = value;
}
}
...
我尝试删除 LockoutTime 映射上的 .ReadOnly() 属性,这会导致 LINQ to LDAP 中引发异常,这又是由 Active Directory 服务器(Windows Server 2012 R2)引发的错误消息引起的。