問題描述
我正在嘗試通過 Active Directory 遞歸地獲取用戶的所有直接報告.所以給定一個用戶,我最終會得到一個所有用戶的列表,這些用戶有這個人作為經(jīng)理,或者有一個人作為經(jīng)理,有一個人作為經(jīng)理......最終將輸入用戶作為經(jīng)理.
I'm trying to get all the direct reports of a User through Active Directory, recursively. So given a user, i will end up with a list of all users who have this person as manager or who have a person as manager who has a person as manager ... who eventually has the input user as manager.
我目前的嘗試相當(dāng)緩慢:
My current attempt is rather slow:
private static Collection<string> GetDirectReportsInternal(string userDN, out long elapsedTime)
{
Collection<string> result = new Collection<string>();
Collection<string> reports = new Collection<string>();
Stopwatch sw = new Stopwatch();
sw.Start();
long allSubElapsed = 0;
string principalname = string.Empty;
using (DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}",userDN)))
{
using (DirectorySearcher ds = new DirectorySearcher(directoryEntry))
{
ds.SearchScope = SearchScope.Subtree;
ds.PropertiesToLoad.Clear();
ds.PropertiesToLoad.Add("directReports");
ds.PropertiesToLoad.Add("userPrincipalName");
ds.PageSize = 10;
ds.ServerPageTimeLimit = TimeSpan.FromSeconds(2);
SearchResult sr = ds.FindOne();
if (sr != null)
{
principalname = (string)sr.Properties["userPrincipalName"][0];
foreach (string s in sr.Properties["directReports"])
{
reports.Add(s);
}
}
}
}
if (!string.IsNullOrEmpty(principalname))
{
result.Add(principalname);
}
foreach (string s in reports)
{
long subElapsed = 0;
Collection<string> subResult = GetDirectReportsInternal(s, out subElapsed);
allSubElapsed += subElapsed;
foreach (string s2 in subResult)
{
result.Add(s2);
}
}
sw.Stop();
elapsedTime = sw.ElapsedMilliseconds + allSubElapsed;
return result;
}
本質(zhì)上,這個函數(shù)將一個可分辨的名稱作為輸入(CN=Michael Stum,OU=test,DC=sub,DC=domain,DC=com),因此,對 ds.FindOne() 的調(diào)用很慢.
Essentially, this function takes a distinguished Name as input (CN=Michael Stum, OU=test, DC=sub, DC=domain, DC=com), and with that, the call to ds.FindOne() is slow.
我發(fā)現(xiàn)搜索 userPrincipalName 的速度要快得多.我的問題:sr.Properties["directReports"] 只是一個字符串列表,也就是distinguishedName,搜索起來似乎很慢.
I found that it is a lot faster to search for the userPrincipalName. My Problem: sr.Properties["directReports"] is just a list of strings, and that is the distinguishedName, which seems slow to search for.
我想知道,有沒有一種快速的方法可以在 distinctName 和 userPrincipalName 之間進(jìn)行轉(zhuǎn)換?或者,如果我只有可使用的專有名稱,是否有更快的方法來搜索用戶?
I wonder, is there a fast way to convert between distinguishedName and userPrincipalName? Or is there a faster way to search for a user if I only have the distinguishedName to work with?
感謝您的回答!搜索經(jīng)理字段將功能從 90 秒改進(jìn)為 4 秒.這是新的和改進(jìn)的代碼,它更快、更易讀(請注意,elapsedTime 功能中很可能存在錯誤,但該函數(shù)的實際核心是有效的):
Thanks to the answer! Searching the Manager-Field improved the function from 90 Seconds to 4 Seconds. Here is the new and improved code, which is faster and more readable (note that there is most likely a bug in the elapsedTime functionality, but the actual core of the function works):
private static Collection<string> GetDirectReportsInternal(string ldapBase, string userDN, out long elapsedTime)
{
Collection<string> result = new Collection<string>();
Stopwatch sw = new Stopwatch();
sw.Start();
string principalname = string.Empty;
using (DirectoryEntry directoryEntry = new DirectoryEntry(ldapBase))
{
using (DirectorySearcher ds = new DirectorySearcher(directoryEntry))
{
ds.SearchScope = SearchScope.Subtree;
ds.PropertiesToLoad.Clear();
ds.PropertiesToLoad.Add("userPrincipalName");
ds.PropertiesToLoad.Add("distinguishedName");
ds.PageSize = 10;
ds.ServerPageTimeLimit = TimeSpan.FromSeconds(2);
ds.Filter = string.Format("(&(objectCategory=user)(manager={0}))",userDN);
using (SearchResultCollection src = ds.FindAll())
{
Collection<string> tmp = null;
long subElapsed = 0;
foreach (SearchResult sr in src)
{
result.Add((string)sr.Properties["userPrincipalName"][0]);
tmp = GetDirectReportsInternal(ldapBase, (string)sr.Properties["distinguishedName"][0], out subElapsed);
foreach (string s in tmp)
{
result.Add(s);
}
}
}
}
}
sw.Stop();
elapsedTime = sw.ElapsedMilliseconds;
return result;
}
推薦答案
首先,當(dāng)您已經(jīng)擁有要查找的 DN 時,不需要將 Scope 設(shè)置為subtree".
First off, setting Scope to "subtree" is unnecessary when you already have the DN you are looking for.
此外,如何查找manager"屬性是您要查找的人的所有對象,然后迭代它們.這通常應(yīng)該比其他方式更快.
Also, how about finding all objects whose "manager" property is the person you look for, then iterating them. This should generally be faster than the other way around.
(&(objectCategory=user)(manager=<user-dn-here>))
以下內(nèi)容很重要,但到目前為止僅在對此答案的評論中提及:
當(dāng)過濾器字符串按上述方式構(gòu)建時,存在用對 DN 有效但在過濾器中具有特殊含義的字符破壞它的風(fēng)險.這些必須轉(zhuǎn)義:
When the filter string is built as indicated above, there is the risk of breaking it with characters that are valid for a DN, but have special meaning in a filter. These must be escaped:
* as 2a
( as 28
) as 29
as 5c
NUL as
主站蜘蛛池模板:
成人av激情|
国产露脸对白88av
|
亚洲视频免费
|
a级黄色片在线观看
|
日韩在线中文
|
久久专区|
一道本视频
|
久久青青|
国内精品一区二区三区
|
九九热re|
精品久久久久久亚洲精品
|
国产精品久久欧美久久一区
|
h视频网站在线观看
|
色综合九九
|
国产精品日韩在线
|
欧美精三区欧美精三区
|
毛片片|
国产精品久久久久久久久久久久久
|
国产999精品久久久
日本视频一区二区三区
|
秋霞电影一区二区
|
亚洲小视频在线播放
|
一区二区三区中文字幕
|
一区二区三区视频在线观看
|
欧美日韩久久
|
超碰免费在线
|
在线看av的网址
|
手机看片169
|
成人在线中文字幕
|
成年人精品视频
|
亚洲欧美视频一区
|
久久免费视频网
|
久久精品国产免费
|
天天操天天操
|
久久一|
日韩www|
日韩成人av在线
|
精品福利一区
|
久久av综合
|
激情 婷婷|
国产96色在线
|
精品蜜桃一区二区三区
|