Exemple #1
0
        static async Task Main(string[] args)
        {
            var u  = "child@RS_Child.RuslanAD.local";
            var ip = "10.199.77.175";

            db   = GetDomainDN(ip);
            user = LDAPAuthHelper.CreateUserFromInputData(u, AuthType.Basic);
            TryConnectInner(ip, u, "Fenofenora11");
        }
Exemple #2
0
        private static bool TryConnectInner(string server, string userName, string password, bool isThrowException = false)
        {
            user = LDAPAuthHelper.CreateUserFromInputData(userName, AuthType.Basic);
            var authType          = AuthType.Basic;
            var networkCredential = LDAPAuthHelper.CreateNetworkCredential(user, userName, password, authType);

            try
            {
                Console.WriteLine($"Creating LDAP connection to '{server}'.");
                connection = new LdapConnection(server)
                {
                    AuthType   = authType,
                    AutoBind   = true,
                    Credential = networkCredential
                };

                connection.SessionOptions.ProtocolVersion = 3;

                var domain = LDAPAuthHelper.GetDomainNameFromDistinguishedName(db);

                // Since UPN allows to define various suffixes and combination of UPN with Kerberos requires
                // exact domain name in the provided credential we have to create correct domain name
                // from configured domain distinguished name in this case, also we can use full non-parsed username
                if (authType == AuthType.Kerberos && user.LoginType == LoginType.Upn)
                {
                    networkCredential.Domain   = domain;
                    networkCredential.UserName = userName;
                }

                // We have to do additional check for the user name
                // because of the following LDAP bind bug https://stackoverflow.com/questions/1153703/ldap-bind-s-returning-ldap-success-with-wrong-credentials
                connection.Bind(networkCredential);

                Console.WriteLine($"The user account '{userName}' was successfully connected to LDAP server '{server}' using '{authType}' authentication type.");

                // Get full SAM and UPN user names from LDAP and verify the value is equal to the login
                // provided by user in login page or LDAP test connection form
                var logins = GetUserLogins();

                var login = logins.FirstOrDefault(x =>
                                                  (user.LoginType == LoginType.Sam ? x.Sam : x.Upn).Equals(userName,
                                                                                                           StringComparison.InvariantCultureIgnoreCase));

                if (login == null && user.LoginType == LoginType.Upn)
                {
                    // maybe we have short hand login like ldap@automation
                    // that we can convert to [email protected]
                    var userWitouhtDomain = user.Name;
                    var userWithDomain    = userWitouhtDomain + "@" + domain;
                    login = logins.FirstOrDefault(x => x.Upn.Equals(userWithDomain, StringComparison.InvariantCultureIgnoreCase));
                }

                if (login != null)
                {
                    user.UserUpn = login.Upn;
                    user.UserDn  = GetUserDN();
                    Console.WriteLine($"The user account '{userName}' was successfully verified using LDAP attributes.");
                    return(true);
                }

                Console.WriteLine($"The user account '{userName}' was not verified using LDAP attributes.");
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
            }

            return(false);
        }