private SearchResult TryGetPrincipal(PrincipalSearchType searchType, string principalName)
{
if (string.IsNullOrEmpty(principalName))
{
return(null);
}
this.LogDebug($"Trying to a {searchType} search for principal \"{principalName}\"...");
PrincipalId principalId = null;
var searchString = new StringBuilder();
if (searchType == PrincipalSearchType.Users)
{
principalId = UserId.Parse(principalName);
searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})");
}
else if (searchType.HasFlag(PrincipalSearchType.Groups))
{
principalId = GroupId.Parse(principalName);
searchString.Append("(|");
searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})");
searchString.Append($"(name={LDAP.Escape(principalId?.Principal ?? principalName)})");
searchString.Append(")");
}
else if (searchType == PrincipalSearchType.UsersAndGroups)
{
throw new ArgumentOutOfRangeException(nameof(searchType));
}
HashSet <CredentialedDomain> domains;
if (principalId == null)
{
this.LogDebug($"No domain specified, searching through aliases.");
domains = this.domainsToSearch.Value;
}
else
{
this.LogDebug($"Domain alias \"{principalId.DomainAlias}\" will be used.");
domains = new HashSet <CredentialedDomain>();
domains.Add(new CredentialedDomain(principalId.DomainAlias));
}
foreach (var domain in domains)
{
this.LogDebug($"Searching domain {domain}...");
using (var entry = new DirectoryEntry("LDAP://DC=" + domain.Name.Replace(".", ",DC="), domain.UserName, domain.Password))
using (var searcher = new DirectorySearcher(entry))
{
searcher.Filter = searchString.ToString();
var result = searcher.FindOne();
if (result != null)
{
return(result);
}
}
}
this.LogDebug($"Principal not found.");
return(null);
}
private IUserDirectoryPrincipal CreatePrincipal(SearchResult result)
{
var principalId = PrincipalId.FromSearchResult(result);
if (principalId == null)
{
return(null);
}
if (principalId is UserId)
{
return(new ActiveDirectoryUser((UserId)principalId,
result.GetPropertyValue("displayName"),
result.GetPropertyValue("mail")));
}
else
{
return(new ActiveDirectoryGroup((GroupId)principalId));
}
}
private void GetParentGroups(PrincipalId principalId, HashSet <GroupId> groupList, bool recurse)
{
var escapedUserPrincipalName = LDAP.Escape(principalId.ToString());
var filter = string.Format(
"(&(|(objectCategory=user)(objectCategory=group))(|(userPrincipalName={0})(sAMAccountName={1})(name={1})))",
LDAP.Escape(principalId.ToString()),
LDAP.Escape(principalId.Principal)
);
try
{
using (var entry = new DirectoryEntry($"LDAP://" + principalId.GetDomainSearchPath()))
using (var searcher = new DirectorySearcher(entry))
{
searcher.Filter = filter;
var result = searcher.FindOne();
if (result == null)
{
return;
}
foreach (var group in result.ExtractGroups())
{
if (groupList.Add(group) && recurse)
{
this.GetParentGroups(group, groupList, true);
}
}
}
}
catch (Exception ex)
{
this.LogWarning("Failed to get active directory groups: " + ex.Message);
}
}
