public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer)
{
if (!settings.EnableLdapAuthentication)
{
return(OPERATION_OK);
}
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch
{
password = string.Empty;
}
try
{
if (settings.Authentication)
{
CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber);
}
if (!CheckServerAndPort(settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return(WRONG_SERVER_OR_PORT);
}
}
catch (DirectoryServicesCOMException)
{
return(CREDENTIALS_NOT_VALID);
}
catch (COMException)
{
return(WRONG_SERVER_OR_PORT);
}
if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return(WRONG_USER_DN);
}
try
{
importer.AllDomainUsers = GetUsersByAttributes(settings);
}
catch (ArgumentException)
{
_log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter);
return(INCORRECT_LDAP_FILTER);
}
if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0)
{
_log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN);
return(USERS_NOT_FOUND);
}
if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute))
{
return(WRONG_LOGIN_ATTRIBUTE);
}
if (settings.GroupMembership)
{
if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server,
settings.PortNumber, settings.Authentication, settings.Login, password))
{
return(WRONG_GROUP_DN_OR_GROUP_NAME);
}
importer.DomainGroups = GetGroupsByParameter(settings);
if (importer.DomainGroups == null || importer.DomainGroups.Count == 0)
{
return(GROUPS_NOT_FOUND);
}
if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute))
{
return(WRONG_GROUP_ATTRIBUTE);
}
if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute))
{
return(WRONG_USER_ATTRIBUTE);
}
}
return(OPERATION_OK);
}
public static bool TryLdapAuth(string login, string password)
{
if (!SetupInfo.IsVisibleSettings(ManagementType.LdapSettings.ToString()))
{
return false;
}
var settings = SettingsManager.Instance.LoadSettings<LDAPSupportSettings>(TenantProvider.CurrentTenantID);
if (!settings.EnableLdapAuthentication)
{
return false;
}
try
{
var importer = new LDAPUserImporter();
try
{
ADDomain.CheckCredentials(login, password, settings.Server, settings.PortNumber);
}
catch (Exception)
{
return false;
}
var sid = importer.GetSidOfCurrentUser(login, settings);
if (sid == null)
{
return false;
}
importer.GetDiscoveredGroupsByAttributes(settings);
var userInfo = CoreContext.UserManager.GetUserBySid( "l" + sid);
if (userInfo == ASC.Core.Users.Constants.LostUser)
{
userInfo = CoreContext.UserManager.GetUserBySid(sid);
if (userInfo == ASC.Core.Users.Constants.LostUser)
{
userInfo = importer.GetDiscoveredUser(settings, sid);
if (userInfo == ASC.Core.Users.Constants.LostUser)
{
return false;
}
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers)
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false);
}
else
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true);
}
importer.AddUserIntoGroups(userInfo, settings);
importer.AddUserInCacheGroups(userInfo);
}
finally
{
SecurityContext.Logout();
}
}
}
else
{
if (importer.GetDiscoveredUser(settings, sid) == ASC.Core.Users.Constants.LostUser)
{
return false;
}
userInfo.Sid = sid;
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers)
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false);
}
else
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true);
}
}
finally
{
SecurityContext.Logout();
}
}
var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
return true;
}
catch (Exception e)
{
ADDomain.LogError(e.Message);
return false;
}
}
public abstract byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer, bool acceptCertificate = false);
public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer)
{
if (!settings.EnableLdapAuthentication)
{
return OPERATION_OK;
}
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch
{
password = string.Empty;
}
try
{
if (settings.Authentication)
{
CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber);
}
if (!CheckServerAndPort(settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return WRONG_SERVER_OR_PORT;
}
}
catch (DirectoryServicesCOMException)
{
return CREDENTIALS_NOT_VALID;
}
catch (COMException)
{
return WRONG_SERVER_OR_PORT;
}
if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return WRONG_USER_DN;
}
try
{
importer.AllDomainUsers = GetUsersByAttributes(settings);
}
catch (ArgumentException)
{
_log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter);
return INCORRECT_LDAP_FILTER;
}
if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0)
{
_log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN);
return USERS_NOT_FOUND;
}
if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute))
{
return WRONG_LOGIN_ATTRIBUTE;
}
if (settings.GroupMembership)
{
if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server,
settings.PortNumber, settings.Authentication, settings.Login, password))
{
return WRONG_GROUP_DN_OR_GROUP_NAME;
}
importer.DomainGroups = GetGroupsByParameter(settings);
if (importer.DomainGroups == null || importer.DomainGroups.Count == 0)
{
return GROUPS_NOT_FOUND;
}
if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute))
{
return WRONG_GROUP_ATTRIBUTE;
}
if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute))
{
return WRONG_USER_ATTRIBUTE;
}
}
return OPERATION_OK;
}
