public static void AssertSameAs(this LdapEntry expectedEntry, LdapEntry actualEntry)
{
Assert.Equal(expectedEntry.Dn, actualEntry.Dn);
var expectedAttributes = expectedEntry.GetAttributeSet();
var actualAttributes = actualEntry.GetAttributeSet();
expectedAttributes.AssertSameAs(actualAttributes);
}
public UserViewModel Login(string username, string password)
{
// Creating an LdapConnection instance
var ldapConn = new LdapConnection();
var tempDomainName = new StringBuilder(100);
if (!string.IsNullOrEmpty(_settings.DomainName))
{
tempDomainName.Append(_settings.DomainName);
tempDomainName.Append('\\');
}
tempDomainName.Append(username);
//Connect function will create a socket connection to the server
ldapConn.Connect(_settings.Address, _settings.PortNumber);
//Bind function will Bind the user object Credentials to the Server
ldapConn.Bind(tempDomainName.ToString(), password);
var uservm = new UserViewModel()
{
UserName = username, Name = username
};
var cons = ldapConn.SearchConstraints;
cons.ReferralFollowing = true;
ldapConn.Constraints = cons;
var attributes = _settings.Attributes?.Trim() == "" ? null : _settings.Attributes?.Split(",").Select(s => s.Trim());
var lsc = ldapConn.Search(_settings.DistinguishedName,
(int)Enum.Parse <SearchScope>(_settings.SearchScope),
$"(sAMAccountName={username})",
attributes?.ToArray(),
false,
(LdapSearchConstraints)null);
while (lsc.HasMore())
{
LdapEntry nextEntry = null;
nextEntry = lsc.Next();
var attributeSet = nextEntry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
var attribute = (LdapAttribute)ienum.Current;
var attributeName = attribute.Name;
var attributeVal = attribute.StringValue;
uservm.CustomClaims.Add(new Claim(attributeName, attributeVal));
}
}
return(uservm);
}
private LdapAttribute GetAttribute(LdapEntry userEntry, string attr)
{
var attributeSet = userEntry.GetAttributeSet();
if (attributeSet.ContainsKey(attr))
{
return(attributeSet.GetAttribute(attr));
}
_logger.LogWarning("LDAP attribute {Attr} not found for user {User}", attr, userEntry.Dn);
return(null);
}
// Obtains an email address, given an employee ID.
public string EmailByEmployeeId(string employeeId)
{
// If the OverrideEmail config setting is set to a string, then
// we just return it. It will be the user email instead of looking
// up their email.
if (!string.IsNullOrWhiteSpace(OverrideEmail))
{
return(OverrideEmail);
}
// Otherwise, continue on, using the LDAP connection to filter by
// the employee ID and find the user's mail (email) attribute.
using (var ldapConnection = new LdapConnection())
{
ldapConnection.Connect(Host, Port);
ldapConnection.Bind(Username, Password);
ILdapSearchResults results = ldapConnection.Search(
Base,
LdapConnection.ScopeSub,
$"(employeeID={employeeId})",
new string[] { "mail" },
false
);
while (results.HasMore())
{
LdapEntry nextEntry = results.Next();
LdapAttributeSet attributes = nextEntry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributes.GetEnumerator();
// Parse through the attribute set to get the attributes and the
// corresponding values
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
string attributeName = attribute.Name;
string attributeVal = attribute.StringValue;
if (attributeName == "mail")
{
// Success. Return the mail attribute value, which
// is the user's email address.
return(attributeVal);
}
}
}
// Return blank if we don't find an email for that employee.
return("");
}
}
public static IList <LdapAttribute> GetLdapEntryAttributes(this LdapEntry entry)
{
IList <LdapAttribute> attributes = new List <LdapAttribute>();
LdapAttributeSet attributeSet = entry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
attributes.Add(attribute);
}
return(attributes);
}
// Replace this method with custom entity mapper.
private static Employee ToEmployee([NotNull] LdapEntry entry)
{
if (entry == null)
{
throw new ArgumentNullException(nameof(entry));
}
var employee = new Employee();
var attributes = entry.GetAttributeSet();
foreach (LdapAttribute attribute in attributes)
{
if (attribute.Name == "sAMAccountName")
{
employee.Login = attribute.StringValue;
}
// toDo: handle multivalued attributes (just grab them all with)
switch (attribute.Name)
{
case "sAMAccountName":
employee.Login = attribute.StringValue;
break;
case "givenName":
employee.Name = attribute.StringValue;
break;
case "sn":
employee.Surname = attribute.StringValue;
break;
case "initials":
employee.Initials = attribute.StringValue;
break;
case "department":
employee.Department = attribute.StringValue;
break;
default:
Debug.WriteLine($"Unexpected attribute: <{attribute.Name}>");
break;
}
}
return(employee);
}
private User MapSearchResult(LdapEntry entry)
{
LdapAttributeSet attributeSet = entry.GetAttributeSet();
var user = new User
{
Id = GetValueOrDefault(attributeSet, "bcgovGUID"),
UserName = GetValueOrDefault(attributeSet, "sAMAccountName"),
FirstName = GetValueOrDefault(attributeSet, "givenName"),
LastName = GetValueOrDefault(attributeSet, "sn"),
Email = GetValueOrDefault(attributeSet, "mail"),
UserPrincipalName = GetValueOrDefault(attributeSet, "userPrincipalName")
};
return(user);
}
private string GetAttributeValue(LdapEntry entity, string attributeKey)
{
if (!String.IsNullOrEmpty(attributeKey))
{
var entityAttributes = entity.GetAttributeSet();
if (entityAttributes.ContainsKey(attributeKey))
{
var attrValue = entity.GetAttribute(attributeKey);
if (attrValue != null && !String.IsNullOrEmpty(attrValue.StringValue))
{
return(attrValue.StringValue);
}
}
}
return(null);
}
public User Login(string userName, string password)
{
User user = new User();
using (var cn = new Novell.Directory.Ldap.LdapConnection())
{
cn.Connect(config.Path, config.Port);
try
{
cn.Bind(config.UserDomainName + "\\" + userName, password);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine("Failed login attempt for user " + userName);
user = null;
return(user);
}
string filter = "sAMAccountname=" + userName;
string baseStr = "OU=BLS,DC=blacklanternsecurity,DC=com";
LdapSearchResults result = (LdapSearchResults)cn.Search(baseStr, LdapConnection.ScopeSub, filter, null, false);
LdapEntry entry = null;
try
{
entry = result.First();
}
catch (LdapException e)
{
Console.WriteLine("Error: " + e.LdapErrorMessage);
}
LdapAttributeSet attributeSet = entry.GetAttributeSet();
user.DisplayName = attributeSet.GetAttribute("displayName").StringValue;
user.GivenName = attributeSet.GetAttribute("givenName").StringValue;
user.UserName = userName;
return(user);
}
}
private static bool Enabled(LdapEntry entry, ParameterAccessor.Parts.Ldap ldap)
{
var accountDisabled = 2;
if (!ldap.LdapExcludeAccountDisabled)
{
return(true);
}
if (entry.GetAttributeSet().Any(o => o.Key == "userAccountControl"))
{
var userAccountControl = entry.GetAttribute("userAccountControl")?.StringValue;
return(userAccountControl.IsNullOrEmpty()
? true
: (userAccountControl.ToLong() & accountDisabled) == 0);
}
else
{
return(true);
}
}
public LdapConnectionResult Test(string username, string password)
{
// Creating an LdapConnection instance
var ldapConn = new LdapConnection();
var tempDomainName = new StringBuilder(100);
if (!string.IsNullOrEmpty(_settings.DomainName))
{
tempDomainName.Append(_settings.DomainName);
tempDomainName.Append('\\');
}
tempDomainName.Append(username);
try
{
//Connect function will create a socket connection to the server
ldapConn.Connect(_settings.Address, _settings.PortNumber);
//Bind function will Bind the user object Credentials to the Server
ldapConn.Bind(tempDomainName.ToString(), password);
}
catch (Exception e)
{
return(new LdapConnectionResult(false, e.Message, "Login"));
}
// Searches in the Marketing container and return all child entries just below this
//container i.e. Single level search
var claims = new List <ClaimViewModel>();
try
{
var cons = ldapConn.SearchConstraints;
cons.ReferralFollowing = true;
ldapConn.Constraints = cons;
var attributes = _settings.Attributes?.Trim() == "" ? null : _settings.Attributes?.Split(",").Select(s => s.Trim());
var lsc = ldapConn.Search(_settings.DistinguishedName,
(int)Enum.Parse <SearchScope>(_settings.SearchScope),
$"(sAMAccountName={username})",
attributes?.ToArray(),
false,
(LdapSearchConstraints)null);
while (lsc.HasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = lsc.Next();
}
catch (LdapException e)
{
ldapConn.Disconnect();
return(new LdapConnectionResult(false, e.Message, "Search Error"));
}
var attributeSet = nextEntry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
var attribute = (LdapAttribute)ienum.Current;
var attributeName = attribute.Name;
var attributeVal = attribute.StringValue;
claims.Add(new ClaimViewModel(attributeName, attributeVal));
}
}
}
catch (Exception e)
{
ldapConn.Disconnect();
return(new LdapConnectionResult(false, e.Message, "Search Error"));
}
ldapConn.Disconnect();
return(new LdapConnectionResult(true, claims.OrderBy(b => b.Type).ToList()));
}
public static void UserList(string objectDN, string password, string searchBase)
{
LdapConnection conn = new LdapConnection();
try
{
Console.WriteLine("Connecting to " + ldapHost);
// Connect to the LDAP server using the host and the port
// ldap//<host>:<port>
conn.Connect(ldapHost, ldapPort);
conn.Bind(objectDN, password);
string[] requiredAttributes = { "cn", "sn", "uid", "userPassword" };
string searchFilter = "objectClass=inetOrgPerson";
ILdapSearchResults lsc = conn.Search(searchBase,
LdapConnection.ScopeSub,
searchFilter,
requiredAttributes,
false);
while (lsc.HasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = lsc.Next();
}
catch (LdapException e)
{
Console.WriteLine("Error : " + e.LdapErrorMessage);
continue;
}
Console.WriteLine("\n" + nextEntry.Dn);
LdapAttributeSet attributeSet = nextEntry.GetAttributeSet();
IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
string attributeName = attribute.Name;
string attributeVal = attribute.StringValue;
Console.WriteLine("\t" + attributeName + "\tvalue = \t" + attributeVal);
}
}
conn.Disconnect();
}
catch (LdapException e)
{
Console.WriteLine("Error: " + e.LdapErrorMessage);
return;
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
return;
}
finally
{
conn.Disconnect();
}
}
public GxSimpleCollection <string> GetAttribute(string name, string context, GXProperties atts)
{
string filter = "";
if (atts.Count == 0)
{
filter = "(" + name + "=*)";
}
else
{
for (int i = 0; i < atts.Count; i++)
{
filter += "(" + atts.GetKey(i).Trim() + "=" + atts[i].Trim() + ")";
}
if (atts.Count > 1)
{
filter = "(&" + filter + ")";
}
}
GxSimpleCollection <string> sc = new GxSimpleCollection <string>();
try
{
#if NETCORE
if (!GXUtil.IsWindowsPlatform)
{
NovellConnect();
string searchBase = context;
int searchScope = LdapConnection.ScopeSub;
string searchFilter = filter;
ILdapSearchResults lsc = _conn.Search(searchBase, searchScope, searchFilter, new string[] { name }, false);
while (lsc.HasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = lsc.Next();
}
catch (LdapException)
{
continue;
}
LdapAttributeSet attributeSet = nextEntry.GetAttributeSet();
IEnumerator ienum = attributeSet.GetEnumerator();
StringBuilder sb = new StringBuilder();
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
string attributeVal = attribute.StringValue;
sb.Append(attributeVal + " ");
}
sc.Add(sb.ToString() + " ");
}
}
else
#endif
{
if (_entry != null)
{
_entry.Close();
_entry = null;
}
string context1;
if (context.Trim().Length == 0)
{
context1 = "";
}
else
{
context1 = "/" + context;
}
AuthenticationTypes at = getAuthentication();
_entry = new DirectoryEntry("LDAP://" + getPath() + context1, _user, _password, at);
DirectorySearcher ds = new DirectorySearcher(_entry, filter, new string[] { name });
foreach (SearchResult result in ds.FindAll())
{
PropertyValueCollection values = (PropertyValueCollection)(result.GetDirectoryEntry().Properties[name]);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < values.Count; i++)
{
sb.Append(values[i].ToString() + " ");
}
sc.Add(sb.ToString());
}
}
}
catch (Exception ex)
{
GXLogging.Error(log, "GetAttribute Method Error.", ex);
}
return(sc);
}
public static Task <bool> LoginAsync(string username, string password)
{
CancellationTokenSource cts = new CancellationTokenSource();
CancellationToken cancellationToken = cts.Token;
LdapConnection conn = null;
return(Task.Factory.StartNew(() => {
conn = new LdapConnection();
conn.Connect(Host, Port);
if (!string.IsNullOrEmpty(username))
{
try
{
conn.Bind(dn, pa);
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
string searchBase = filter;
int searchScope = LdapConnection.ScopeSub;
string searchFilter = "uid=" + username.Trim();
LdapSearchQueue queue = conn.Search(searchBase,
searchScope,
searchFilter,
null,
false,
(LdapSearchQueue)null,
(LdapSearchConstraints)null);
LdapMessage message;
while ((message = queue.GetResponse()) != null)
{
try
{
string msg = message.ToString();
LdapEntry entry = ((LdapSearchResult)message).Entry;
LdapAttributeSet attributeSet = entry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
LdapAttribute cn = attributeSet.GetAttribute("cn");
string idUser = cn.StringValue;
try
{
conn.Bind("cn=" + idUser + "," + filter, password);
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
conn.Disconnect();
return true;
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
}
}
return false;
}, cancellationToken));
}
public static Task <bool> ModifyAsync(string oldUsername, string username, string password, string nombre, string apellido, string email)
{
CancellationTokenSource cts = new CancellationTokenSource();
CancellationToken cancellationToken = cts.Token;
LdapConnection conn = null;
return(Task.Factory.StartNew(() => {
conn = new LdapConnection();
conn.Connect(Host, Port);
if (!string.IsNullOrEmpty(username))
{
try
{
conn.Bind(dn, pa);
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
string searchBase = filter;
int searchScope = LdapConnection.ScopeSub;
string searchFilter = "uid=" + username.Trim();
LdapSearchQueue queue = conn.Search(searchBase,
searchScope,
searchFilter,
null,
false,
(LdapSearchQueue)null,
(LdapSearchConstraints)null);
LdapMessage message;
while ((message = queue.GetResponse()) != null)
{
try
{
string msg = message.ToString();
LdapEntry entry = ((LdapSearchResult)message).Entry;
LdapAttributeSet attributeSet = entry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
LdapAttribute cn = attributeSet.GetAttribute("cn");
string idUser = cn.StringValue;
try
{
conn.Delete("cn=" + idUser + "," + filter);
LdapAttributeSet ldapAttributeSet = new LdapAttributeSet();
ldapAttributeSet.Add(new LdapAttribute("cn", nombre + " " + apellido));
ldapAttributeSet.Add(new LdapAttribute("sn", username));
ldapAttributeSet.Add(new LdapAttribute("homeDirectory", "/home/users/" + username));
ldapAttributeSet.Add(new LdapAttribute("objectClass", new string[] { "inetOrgPerson", "posixAccount", "top" }));
ldapAttributeSet.Add(new LdapAttribute("uid", username));
ldapAttributeSet.Add(new LdapAttribute("givenName", nombre));
ldapAttributeSet.Add(new LdapAttribute("uidNumber", "1000"));
ldapAttributeSet.Add(new LdapAttribute("gidNumber", "500"));
ldapAttributeSet.Add(new LdapAttribute("mail", email));
ldapAttributeSet.Add(new LdapAttribute("userPassword", password));
LdapEntry ldapEntry = new LdapEntry("cn=" + nombre + " " + apellido + "," + filter, ldapAttributeSet);
conn.Add(ldapEntry);
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
conn.Disconnect();
return true;
}
catch (Exception e)
{
conn.Disconnect();
return false;
}
}
}
return false;
}, cancellationToken));
}
public ApiResultAd?GetUserInfo(string username, string pw)
{
_logger.Information("START Novell.Directory.Ldap.LdapPasswordChangeProvider.GetUserInfo");
var result = new ApiResultAd();
try
{
var cleanUsername = CleaningUsername(username);
_logger.Information("Zyborg.PerformPasswordChange: cleanUsername="******"{Username}", cleanUsername);
_logger.Information("Zyborg.PerformPasswordChange: searchFilter=" + searchFilter);
_logger.Warning("LDAP query: {0}", searchFilter);
using var ldap = BindToLdap();
var search = ldap.Search(
_options.LdapSearchBase,
LdapConnection.ScopeSub,
searchFilter,
new[] { "distinguishedName" },
false,
_searchConstraints);
// We cannot use search.Count here -- apparently it does not
// wait for the results to return before resolving the count
// but fortunately hasMore seems to block until final result
if (!search.HasMore())
{
_logger.Warning("Unable to find username: [{0}]", cleanUsername);
//result.Errors = new ApiErrorItem(ApiErrorCode.InvalidCredentials, "Mật khẩu không đúng!");
result.Errors = new ApiErrorItem(_options.HideUserNotFound ? ApiErrorCode.InvalidCredentials : ApiErrorCode.UserNotFound,
_options.HideUserNotFound ? "Invalid credentials" : "Username could not be located");
return(result);
}
if (search.Count > 1)
{
_logger.Warning("Found multiple with same username: [{0}] - Count {1}", cleanUsername, search.Count);
// Hopefully this should not ever happen if AD is preserving SAM Account Name
// uniqueness constraint, but just in case, handling this corner case
result.Errors = new ApiErrorItem(ApiErrorCode.UserNotFound, "Multiple matching user entries resolved");
return(result);
}
var userDN = search.Next().Dn;
while (search.HasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = search.Next();
}
catch (LdapException e)
{
_logger.Error("Error: " + e.LdapErrorMessage);
//Console.WriteLine("Error: " + e.LdapErrorMessage);
// Exception is thrown, go for next entry
continue;
}
_logger.Warning("==>User: "******"\n" + nextEntry.Dn);
LdapAttributeSet attributeSet = nextEntry.GetAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
string attributeName = attribute.Name;
string attributeVal = attribute.StringValue;
_logger.Warning(attributeName + " value:" + attributeVal);
//Console.WriteLine(attributeName + "value:" + attributeVal);
}
}
//LdapAttributeSet attributeSet = new LdapAttributeSet();
//attributeSet.GetAttribute("");
if (_options.LdapStartTls)
{
ldap.StopTls();
}
ldap.Disconnect();
}
catch (LdapException ex)
{
result.Errors = ParseLdapException(ex);
_logger.Warning(ex.Message);
return(result);
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
result.Errors = ex is ApiErrorException apiError
? apiError.ToApiErrorItem()
: new ApiErrorItem(ApiErrorCode.InvalidCredentials, $"Failed to update password: {ex.Message}");
_logger.Warning(ex.Message);
return(result);
}
// Everything seems to have worked:
return(null);
}
public LdapLogin(LdapConfiguration config, string username, string password)
{
this.TimeoutSeconds = config.TimeoutSeconds;
using (var cn = new LdapConnection())
{
// connect
try
{
string server = string.IsNullOrWhiteSpace(config.Server) ? config.Domain : config.Server;
cn.Connect(server, config.Port);
// bind with an username and password
// this how you can verify the password of an user
cn.Bind(config.BindUser, config.BindPassword);
string searchBase = config.SearchBase;
string searchFilter = string.Empty;
if (username.Contains("@"))
{
searchFilter = $"(userPrincipalName=" + username + ")";
}
else
{
searchFilter = $"(samaccountname=" + username + ")";
}
string[] attrs = new string[] { "cn", "userPrincipalName", "givenname", "samaccountname",
"displayname", "givenName", "sn", "objectSid", "memberOf" };
try
{
ILdapSearchResults results = cn.Search(config.SearchBase, LdapConnection.ScopeSub,
searchFilter, attrs, false);
string[] groups = null;
while (results.HasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = results.Next();
}
catch
{
continue;
}
// Get the attribute set of the entry
LdapAttributeSet attributeSet = nextEntry.GetAttributeSet();
this.CN = attributeSet.GetAttribute("cn")?.StringValue;
this.ID = attributeSet.GetAttribute("objectSid")?.StringValue;
this.GivenName = attributeSet.GetAttribute("givenname")?.StringValue;
this.Surname = attributeSet.GetAttribute("sn")?.StringValue;
this.Name = attributeSet.GetAttribute("displayname")?.StringValue;
groups = attributeSet.GetAttribute("memberOf")?.StringValueArray;
if (groups != null)
{
foreach (string group in groups)
{
if (group.Equals(config.AdminGroupDN, StringComparison.OrdinalIgnoreCase))
{
this.IsAdmin = true;
}
if (group.Equals(config.UserGroupDN, StringComparison.OrdinalIgnoreCase))
{
this.IsUser = true;
}
}
}
}
cn.Bind(this.CN, password);
this.IsAuthenticated = true;
cn.Disconnect();
}
catch
{
this.IsAuthenticated = false;
return;
}
}
catch
{
this.IsAuthenticated = false;
}
}
}
