protected virtual bool LoadProfile(LdapConnection connection, LdapIdentity domain, LdapIdentity user, out LdapProfile profile)
{
profile = null;
var attributes = new[] { "DistinguishedName", "displayName", "mail", "telephoneNumber", "mobile", "memberOf" };
var searchFilter = $"(&(objectClass={Names.UserClass})({Names.Identity(user)}={user.Name}))";
_logger.Debug($"Querying user '{user.Name}' in {domain.Name}");
var response = Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, attributes);
var entry = response.SingleOrDefault();
if (entry == null)
{
_logger.Error($"Unable to find user '{user.Name}' in {domain.Name}");
return(false);
}
profile = new LdapProfile
{
BaseDn = LdapIdentity.BaseDn(entry.Dn),
DistinguishedName = entry.Dn,
};
var attrs = entry.DirectoryAttributes;
if (attrs.TryGetValue("displayName", out var displayNameAttr))
{
profile.DisplayName = displayNameAttr.GetValue <string>();
}
if (attrs.TryGetValue("mail", out var mailAttr))
{
profile.Email = mailAttr.GetValue <string>();
}
if (attrs.TryGetValue("telephoneNumber", out var phoneAttr))
{
profile.Phone = phoneAttr.GetValue <string>();
}
if (attrs.TryGetValue("mobile", out var mobileAttr))
{
profile.Mobile = mobileAttr.GetValue <string>();
}
if (attrs.TryGetValue("memberOf", out var memberOfAttr))
{
profile.MemberOf = memberOfAttr.GetValues <string>().ToList();
}
_logger.Debug($"User '{user.Name}' profile loaded: {profile.DistinguishedName}");
return(true);
}
protected virtual Task LoadAllUserGroups(LdapConnection connection, LdapIdentity domain, LdapProfile profile, ClientConfiguration clientConfig)
{
//already loaded from memberOf
return(Task.CompletedTask);
}
protected virtual async Task <bool> IsMemberOf(LdapConnection connection, LdapIdentity domain, LdapIdentity user, LdapProfile profile, string groupName)
{
var group = await FindValidGroup(connection, domain, groupName);
if (group == null)
{
_logger.Warning($"Group '{groupName}' not exists in {domain.Name}");
return(false);
}
return(profile.MemberOf?.Any(g => g == group.Name) ?? false);
}
protected virtual async Task <LdapProfile> LoadProfile(LdapConnection connection, LdapIdentity domain, LdapIdentity user, ClientConfiguration clientConfig)
{
var profile = new LdapProfile();
var queryAttributes = new List <string> {
"DistinguishedName", "displayName", "mail", "telephoneNumber", "mobile", "memberOf"
};
var ldapReplyAttributes = clientConfig.GetLdapReplyAttributes();
foreach (var ldapReplyAttribute in ldapReplyAttributes)
{
if (!profile.LdapAttrs.ContainsKey(ldapReplyAttribute))
{
profile.LdapAttrs.Add(ldapReplyAttribute, null);
queryAttributes.Add(ldapReplyAttribute);
}
}
var searchFilter = $"(&(objectClass={Names.UserClass})({Names.Identity(user)}={user.Name}))";
_logger.Debug($"Querying user '{{user:l}}' in {domain.Name}", user.Name);
var response = await Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, queryAttributes.ToArray());
var entry = response.SingleOrDefault();
if (entry == null)
{
_logger.Error($"Unable to find user '{{user:l}}' in {domain.Name}", user.Name);
return(null);
}
profile.BaseDn = LdapIdentity.BaseDn(entry.Dn);
profile.DistinguishedName = entry.Dn;
var attrs = entry.DirectoryAttributes;
if (attrs.TryGetValue("displayName", out var displayNameAttr))
{
profile.DisplayName = displayNameAttr.GetValue <string>();
}
if (attrs.TryGetValue("mail", out var mailAttr))
{
profile.Email = mailAttr.GetValue <string>();
}
if (attrs.TryGetValue("telephoneNumber", out var phoneAttr))
{
profile.Phone = phoneAttr.GetValue <string>();
}
if (attrs.TryGetValue("mobile", out var mobileAttr))
{
profile.Mobile = mobileAttr.GetValue <string>();
}
if (attrs.TryGetValue("memberOf", out var memberOfAttr))
{
profile.MemberOf = memberOfAttr.GetValues <string>().ToList();
}
foreach (var key in profile.LdapAttrs.Keys.ToList()) //to list to avoid collection was modified exception
{
if (attrs.TryGetValue(key, out var attrValue))
{
profile.LdapAttrs[key] = attrValue.GetValue <string>();
}
else
{
_logger.Warning($"Can't load attribute '{key}' from user '{entry.Dn}'");
}
}
_logger.Debug($"User '{{user:l}}' profile loaded: {profile.DistinguishedName}", user.Name);
if (clientConfig.ShouldLoadUserGroups())
{
await LoadAllUserGroups(connection, domain, profile, clientConfig);
}
return(profile);
}
protected virtual bool IsMemberOf(LdapConnection connection, LdapIdentity domain, LdapIdentity user, LdapProfile profile, string groupName)
{
var isValidGroup = IsValidGroup(connection, domain, groupName, out var group);
if (!isValidGroup)
{
_logger.Warning($"Group '{groupName}' not exists in {domain.Name}");
return(false);
}
return(profile.MemberOf?.Any(g => g == group.Name) ?? false);
}