public void ReformatLdif(LdifReader r, LdifWriter w, Encoding passwordEncoding, string defaultPwd, List <string> ignoredAttrs,
bool allowMsExchange, Func <string, bool> ignoreIt)
{
if (!allowMsExchange)
{
ignoredAttrs.Add("showinaddressbook");
ignoredAttrs.Add("legacyexchangedn");
ignoredAttrs.Add("homemta");
ignoredAttrs.Add("homemdb");
ignoredAttrs.Add("mailnickname");
ignoredAttrs.Add("mdbusedefaults");
ignoredAttrs.Add("publicdelegatesbl");
ignoredAttrs.Add("protocolsettings");
ignoredAttrs.Add("publicdelegates");
ignoredAttrs.Add("deleteditemflags");
ignoredAttrs.Add("mDBStorageQuota".ToLowerInvariant());
ignoredAttrs.Add("mDBOverQuotaLimit".ToLowerInvariant());
ignoredAttrs.Add("garbageCollPeriod".ToLowerInvariant());
ignoredAttrs.Add("mDBOverHardQuotaLimit".ToLowerInvariant());
ignoredAttrs.Add("altrecipient");
ignoredAttrs.Add("deliverandredirect");
ignoredAttrs.Add("securityprotocol");
ignoredAttrs.Add("reporttooriginator");
ignoredAttrs.Add("reporttoowner");
ignoredAttrs.Add("oOFReplyToOriginator".ToLowerInvariant());
ignoredAttrs.Add("mapirecipient");
ignoredAttrs.Add("internetencoding");
ignoredAttrs.Add("targetaddress");
ignoredAttrs.Add("altrecipientbl");
ignoredAttrs.Add("delivcontlength");
ignoredAttrs.Add("submissioncontlength");
}
bool ignored = false, hasPw = false;
int pwdScore = 0;
string thisDn = null;
r.OnBeginEntry += (s, a) =>
{
thisDn = a.DistinguishedName;
hasPw = false;
if (ignoreIt != null && ignoreIt.Invoke(a.DistinguishedName))
{
ignored = true;
}
// Ignore domain trusts / special accounts
// This part could use some rethinking.
else if (a.DistinguishedName.Contains("$,CN=Users,") || a.DistinguishedName.Contains("krbtgt") || a.DistinguishedName.Contains("ForeignSecurityP"))
{
ignored = true;
}
else if (!allowMsExchange && a.DistinguishedName.Contains("Exchange System"))
{
ignored = true;
}
else
{
ignored = false;
w.BeginEntry(a.DistinguishedName);
}
};
r.OnEndEntry += (s, a) =>
{
if (!ignored)
{
if (pwdScore > 1 && !hasPw)
{
w.WriteAttr("unicodePwd", passwordEncoding.GetBytes(
string.Format("\"{0}\"", defaultPwd))
);
}
w.EndEntry();
}
pwdScore = 0;
};
r.OnAttributeValue += (s, a) =>
{
if (!ignored)
{
if (a.Name == "unicodePwd")
{
hasPw = true;
}
else if (a.Name == "objectCategory" && ((string)a.Value).StartsWith("CN=Person"))
{
pwdScore++;
}
else if (a.Name == "objectClass" && "user".Equals(a.Value))
{
pwdScore++;
}
if (string.Equals(a.Name, "objectSID", StringComparison.InvariantCultureIgnoreCase))
{
if (thisDn.IndexOf("ForeignSecurity", StringComparison.InvariantCultureIgnoreCase) > 0)
{
if (a.Value is byte[])
{
System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((byte[])a.Value, 0);
w.WriteAttr(a.Name, sid.ToString());
}
else if (a.Value is string)
{
w.WriteAttr(a.Name, (string)a.Value);
}
}
}
else
{
if (a.Value != null && !ignoredAttrs.Contains(a.Name.ToLowerInvariant()))
{
if (allowMsExchange ||
(!a.Name.StartsWith("msExch", StringComparison.InvariantCultureIgnoreCase) &&
!a.Name.StartsWith("extensionAttribute")))
{
if (a.Value is string)
{
w.WriteAttr(a.Name, (string)a.Value);
}
else if (a.Value is byte[])
{
w.WriteAttr(a.Name, (byte[])a.Value);
}
else
{
Console.Error.WriteLine("Warn: type of {0} is {1}", a.Name, a.Value.GetType());
w.WriteAttr(a.Name, Convert.ToString(a.Value));
}
}
}
}
}
};
while (r.Read())
{
// Keep reading
}
w.Close();
}
static void Main(string[] args)
{
try
{
AuthType auth = AuthType.Negotiate;
string server = null, searchBase = null, filter = null, user = null, pass = null, domain = null, fileOut = null;
int maxcount = 0;
bool ssl = false;
string[] attrs = null;
// Parse arguments
for (int i = 0; i < args.Length; i++)
{
switch (args[i])
{
case "-s":
case "-h":
server = args[++i];
break;
case "-o":
fileOut = args[++i];
break;
case "-b":
searchBase = args[++i];
break;
case "-f":
case "-r":
filter = args[++i];
break;
case "-l":
attrs = args[++i].Split(',', ' ');
break;
case "-m":
maxcount = int.Parse(args[++i]);
break;
case "-anon":
auth = AuthType.Anonymous;
break;
case "-x":
auth = AuthType.Basic;
break;
case "-a":
auth = (AuthType)Enum.Parse(typeof(AuthType), args[++i]);
break;
case "-D":
case "-u":
user = args[++i];
break;
case "-w":
case "-p":
pass = args[++i];
break;
case "-d":
domain = args[++i];
break;
case "-ssl":
ssl = true;
break;
default:
Console.Error.WriteLine("Unexpected argument: {0}", args[i]);
break;
}
}
if (args.Length == 0 ||
args[0].IndexOf('?') > -1 ||
string.IsNullOrEmpty(server) ||
string.IsNullOrEmpty(filter))
{
ShowUsage();
return;
}
using (var conn = new LdapConnection(server))
{
conn.SessionOptions.ProtocolVersion = 3;
conn.SessionOptions.SecureSocketLayer = ssl;
conn.AuthType = auth;
if (!string.IsNullOrEmpty(user))
{
conn.Credential = string.IsNullOrEmpty(domain) ? new System.Net.NetworkCredential(user, pass)
: new System.Net.NetworkCredential(user, pass, domain);
}
conn.AutoBind = false;
conn.Bind();
var pager = new PagingHelper()
{
Connection = conn,
Attrs = attrs,
Filter = filter,
DistinguishedName = searchBase,
SizeLimit = maxcount
};
LdifWriter ldif = !string.IsNullOrEmpty(fileOut) ? new LdifWriter(fileOut)
: new LdifWriter(System.Console.Out);
ldif.WriteSummary = false;
using (ldif)
{
foreach (var entry in pager.GetResults())
{
ldif.BeginEntry(entry.DistinguishedName);
foreach (DirectoryAttribute attr in entry.Attributes.Values)
{
if (attr.Count == 0)
{
Console.Error.WriteLine("Attribute {0} contains no values; possible ranged attr", attr.Name);
continue;
}
try
{
foreach (string s in attr.GetValues(typeof(string)))
{
ldif.WriteAttr(attr.Name, s);
}
}
catch
{
foreach (byte[] bytes in attr.GetValues(typeof(byte[])))
{
ldif.WriteAttr(attr.Name, bytes);
}
}
}
ldif.EndEntry();
}
ldif.Close();
}
}
}
catch (Exception e)
{
Console.Error.WriteLine("Error type {0}, message {1}: {2}", e.GetType(), e.Message, e.StackTrace);
System.Environment.ExitCode = 1;
}
}
public void ReformatLdif(LdifReader r, LdifWriter w, Encoding passwordEncoding, string defaultPwd, List<string> ignoredAttrs,
bool allowMsExchange, Func<string, bool> ignoreIt)
{
if (!allowMsExchange)
{
ignoredAttrs.Add("showinaddressbook");
ignoredAttrs.Add("legacyexchangedn");
ignoredAttrs.Add("homemta");
ignoredAttrs.Add("homemdb");
ignoredAttrs.Add("mailnickname");
ignoredAttrs.Add("mdbusedefaults");
ignoredAttrs.Add("publicdelegatesbl");
ignoredAttrs.Add("protocolsettings");
ignoredAttrs.Add("publicdelegates");
ignoredAttrs.Add("deleteditemflags");
ignoredAttrs.Add("mDBStorageQuota".ToLowerInvariant());
ignoredAttrs.Add("mDBOverQuotaLimit".ToLowerInvariant());
ignoredAttrs.Add("garbageCollPeriod".ToLowerInvariant());
ignoredAttrs.Add("mDBOverHardQuotaLimit".ToLowerInvariant());
ignoredAttrs.Add("altrecipient");
ignoredAttrs.Add("deliverandredirect");
ignoredAttrs.Add("securityprotocol");
ignoredAttrs.Add("reporttooriginator");
ignoredAttrs.Add("reporttoowner");
ignoredAttrs.Add("oOFReplyToOriginator".ToLowerInvariant());
ignoredAttrs.Add("mapirecipient");
ignoredAttrs.Add("internetencoding");
ignoredAttrs.Add("targetaddress");
ignoredAttrs.Add("altrecipientbl");
ignoredAttrs.Add("delivcontlength");
ignoredAttrs.Add("submissioncontlength");
}
bool ignored = false, hasPw = false;
int pwdScore = 0;
string thisDn = null;
r.OnBeginEntry += (s, a) =>
{
thisDn = a.DistinguishedName;
hasPw = false;
if (ignoreIt != null && ignoreIt.Invoke(a.DistinguishedName))
{
ignored = true;
}
// Ignore domain trusts / special accounts
// This part could use some rethinking.
else if (a.DistinguishedName.Contains("$,CN=Users,") || a.DistinguishedName.Contains("krbtgt") || a.DistinguishedName.Contains("ForeignSecurityP"))
{
ignored = true;
}
else if (!allowMsExchange && a.DistinguishedName.Contains("Exchange System"))
{
ignored = true;
}
else
{
ignored = false;
w.BeginEntry(a.DistinguishedName);
}
};
r.OnEndEntry += (s, a) =>
{
if (!ignored)
{
if (pwdScore > 1 && !hasPw)
w.WriteAttr("unicodePwd", passwordEncoding.GetBytes(
string.Format("\"{0}\"", defaultPwd))
);
w.EndEntry();
}
pwdScore = 0;
};
r.OnAttributeValue += (s, a) =>
{
if (!ignored)
{
if (a.Name == "unicodePwd")
hasPw = true;
else if (a.Name == "objectCategory" && ((string)a.Value).StartsWith("CN=Person"))
pwdScore++;
else if (a.Name == "objectClass" && "user".Equals(a.Value))
pwdScore++;
if (string.Equals(a.Name, "objectSID", StringComparison.InvariantCultureIgnoreCase))
{
if (thisDn.IndexOf("ForeignSecurity", StringComparison.InvariantCultureIgnoreCase) > 0)
{
if (a.Value is byte[])
{
System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((byte[])a.Value, 0);
w.WriteAttr(a.Name, sid.ToString());
}
else if (a.Value is string)
{
w.WriteAttr(a.Name, (string)a.Value);
}
}
}
else
{
if (a.Value != null && !ignoredAttrs.Contains(a.Name.ToLowerInvariant()))
{
if (allowMsExchange ||
(!a.Name.StartsWith("msExch", StringComparison.InvariantCultureIgnoreCase)
&& !a.Name.StartsWith("extensionAttribute")))
{
if (a.Value is string)
{
w.WriteAttr(a.Name, (string)a.Value);
}
else if (a.Value is byte[])
{
w.WriteAttr(a.Name, (byte[])a.Value);
}
else
{
Console.Error.WriteLine("Warn: type of {0} is {1}", a.Name, a.Value.GetType());
w.WriteAttr(a.Name, Convert.ToString(a.Value));
}
}
}
}
}
};
while (r.Read())
{
// Keep reading
}
w.Close();
}
