/// <summary> /// This method is to help enable the compound identity feature on the computer account in the specific domain. /// </summary> /// <param name="domainName">The domain name of the service principal.</param> /// <param name="computerName">The host name of the service principal.</param> /// <param name="adminName">Need administrator's credential to modify active directory account.</param> /// <param name="adminPwd">Need administrator's credential to modify active directory account.</param> public void enableCompId(string domainName, string computerName, string adminName, string adminPwd) { LdapConnection connection = new LdapConnection(domainName); NetworkCredential cred = new NetworkCredential(adminName, adminPwd, domainName); connection.Credential = cred; string dn = PacHelper.GetDomainDnFromDomainName(domainName); string targetOu = "cn=Computers," + dn; computerName = computerName.Replace("$", ""); string filter = "cn=" + computerName; string[] attributesToReturn = new string[] { "msDS-SupportedEncryptionTypes" }; SearchRequest searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, attributesToReturn); SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest); SearchResultAttributeCollection attributes = searchResponse.Entries[0].Attributes; object attributeValue = null; attributeValue = PacHelper.getAttributeValue(attributes, "msDS-SupportedEncryptionTypes"); uint?supportedEncTypes = (uint?)Convert.ToInt32(attributeValue); uint compIdFlag = 131072; if ((supportedEncTypes.Value & compIdFlag) != compIdFlag) { string computerDN = filter + "," + targetOu; supportedEncTypes = supportedEncTypes + compIdFlag; ModifyRequest modRequest = new ModifyRequest(computerDN, DirectoryAttributeOperation.Replace, "msDS-SupportedEncryptionTypes", supportedEncTypes.ToString()); ModifyResponse modResponse = (ModifyResponse)connection.SendRequest(modRequest); } }
/// <summary> /// Replace an attribute's value in the specified entry in the directory, or replaces all values in a multivalued entry. /// </summary> /// <param name="dn">The distinguished name of the entry to replace the attribute value of.</param> /// <param name="attributeName">The name of the attribute to replace.</param> /// <param name="values">The values associated with the attribute to replace.</param> /// <returns>True if replaced, false otherwise.</returns> private bool ReplaceAttribute(string dn, string attributeName, object[] values) { if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName)) { ModifyRequest request = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, attributeName, values); try { ModifyResponse response = (ModifyResponse)connection.SendRequest(request); // Check that a response was received. if (response != null) { // A response was received. if (response.ResultCode == ResultCode.Success) { return(true); } } else { // A response was not received. return(false); } } catch { } } return(false); }
/// <summary> /// Adds or Replaces an attribute's value in the specified entry in the directory. /// </summary> /// <param name="dn">The distinguished name of the entry to add or replace an attribute of.</param> /// <param name="attributeName">The name of the attribute to add or replace a value for.</param> /// <param name="values">The values associated with the attribute to add or replace.</param> /// <returns>True if added or replaced, false otherwise.</returns> public bool AddOrReplaceAttribute(string dn, string attributeName, object[] values) { if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName)) { ModifyRequest request = new ModifyRequest(dn, DirectoryAttributeOperation.Add, attributeName, values); try { ModifyResponse response = (ModifyResponse)connection.SendRequest(request); // Check that a response was received. if (response != null) { // A response was received. if (response.ResultCode == ResultCode.Success) { return(true); } } else { // A response was not received. return(false); } } catch (DirectoryOperationException) { // The attribute already has a value. return(ReplaceAttribute(dn, attributeName, values)); } } return(false); }
/// <summary> /// Sets the new security descriptor on an account /// </summary> /// <param name="acctName">samaccountname</param> /// <param name="newSD">binary SD</param> /// <returns>true/false</returns> public bool setgMSAPwdReaders(string acctName, byte[] newSD) { string dn = getDNFromSamAccountName(acctName); if (dn != "") { //make and send req ModifyRequest mReq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "msDS-GroupMSAMembership", newSD); try { ModifyResponse mResp = (ModifyResponse)theConn.SendRequest(mReq); if (mResp.ResultCode == ResultCode.Success) { return(true); } } catch (DirectoryOperationException dox) { throw dox; } catch (Exception ex) { throw ex; } } return(false); }
/// <summary> /// Creates a ModifyResponse packet. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="resultCode">Result code of previous request, as specified in RFC 2251.</param> /// <param name="matchedDn">Matched DN.</param> /// <param name="errorMessage">Error message for result code. Required.</param> /// <param name="referral">Referral. Optional. Used for LDAP v3 only.</param> /// <returns>The packet that contains the response.</returns> internal override AdtsModifyResponsePacket CreateModifyResponse( AdtsLdapContext context, MsLdap.ResultCode resultCode, string matchedDn, string errorMessage, string[] referral) { ModifyResponse modifyResponse = new ModifyResponse( new LDAPResult_resultCode((long)resultCode), new LDAPDN(matchedDn ?? string.Empty), new LDAPString(errorMessage ?? string.Empty), CreateReferral(referral)); LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp(); operation.SetData(LDAPMessage_protocolOp.modifyResponse, modifyResponse); LDAPMessage message = new LDAPMessage(new MessageID(context.MessageId), operation, null); AdtsModifyResponsePacket packet = new AdtsModifyResponsePacket(); packet.ldapMessagev3 = message; packet.messageId = context.MessageId; return(packet); }
/// <summary> /// 修改密码 /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <param name="newpassword"></param> /// <returns></returns> public ModifyResponse ModifyPassword(string username, string password, string newpassword) { ModifyResponse modifyResponse = new ModifyResponse(); try { if (!CheckUtil.CheckAccount(username, password)) { return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.ACCOUNT_ERROR)); } if (string.IsNullOrEmpty(newpassword)) { return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.MODIFY_ERROR)); } modifyResponse.IsSuccess = SmsAccountManage.Instance.UpdatePwd(username, password, newpassword); if (modifyResponse.IsSuccess) { CacheHelper.Remove(CheckUtil.AcctountCachePre + username); } } catch (Exception exception) { return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.INNER_EXCEPTION, exception.Message)); } return(modifyResponse); }
private void AddAttribute(LdapConnection connection, string entryDn, string attributeName, string attributeValue) { string dn = entryDn + "," + LdapConfiguration.Configuration.Domain; ModifyRequest modifyRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Add, attributeName, attributeValue); ModifyResponse modifyResponse = (ModifyResponse)connection.SendRequest(modifyRequest); Assert.Equal(ResultCode.Success, modifyResponse.ResultCode); }
public static void SetObjectSecurity(LdapConnection conn, string dn, System.DirectoryServices.ActiveDirectorySecurity sec, System.DirectoryServices.Protocols.SecurityMasks securityMask) { byte[] rawSD = sec.GetSecurityDescriptorBinaryForm(); //get securityDescriptor ModifyRequest modRq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "ntSecurityDescriptor", rawSD); modRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask)); ModifyResponse rsp = (ModifyResponse)conn.SendRequest(modRq); }
public override LdapResultCompleteStatus Handle(SafeHandle handle, Native.Native.LdapResultType resType, IntPtr msg, out DirectoryResponse response) { response = default; switch (resType) { case LdapForNet.Native.Native.LdapResultType.LDAP_RES_MODIFY: response = new ModifyResponse(); return(LdapResultCompleteStatus.Complete); default: return(LdapResultCompleteStatus.Unknown); } }
public static ModifyResponse Unmarshall(UnmarshallerContext context) { ModifyResponse modifyResponse = new ModifyResponse(); modifyResponse.HttpResponse = context.HttpResponse; modifyResponse.RequestId = context.StringValue("Modify.RequestId"); modifyResponse.Success = context.BooleanValue("Modify.Success"); modifyResponse.Code = context.StringValue("Modify.Code"); modifyResponse.Message = context.StringValue("Modify.Message"); modifyResponse.Data = context.StringValue("Modify.Data"); return(modifyResponse); }
public void DeleteAttribut(String dn, String name, String value) { try { Connect2(); DirectoryAttributeModification directoryAttributModification = new DirectoryAttributeModification(); ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, name, new String[] { value }); ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest); } catch (DirectoryOperationException e) { Console.WriteLine(e.Message); throw e; } }
private static LdapPacket BuildError(LdapPacket request, LdapException ex) { BaseOperationDone operation = null; switch (request.ProtocolOperation.Tag.LdapCommand) { case LdapCommands.AddRequest: operation = new AddResponse(); break; case LdapCommands.BindRequest: operation = new BindResponse(); break; case LdapCommands.DelRequest: operation = new DelResponse(); break; case LdapCommands.SearchRequest: operation = new SearchResultDone(); break; case LdapCommands.ModifyRequest: operation = new ModifyResponse(); break; } operation.Result = new LDAPResult { MatchedDN = new DEROctetString(ex.Target), DiagnosticMessage = new DEROctetString(ex.Message), ResultCode = new DEREnumerated <LDAPResultCodes> { Value = ex.Code } }; var ldapPacket = new LdapPacket { MessageId = request.MessageId, ProtocolOperation = new DERProtocolOperation { Operation = operation } }; return(ldapPacket); }
public void ReplaceAttribut(String dn, String name, byte[] value) { Connect2(); try { ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, name, value); ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest); Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value)); } catch (DirectoryOperationException e) { Console.WriteLine(e.Message); throw e; } catch (Exception e) { Console.WriteLine(e.Message); throw e; } }
public void AddAttribut(String dn, String name, byte[][] value) { Connect2(); try { LdapObj ldapObj = ReadDn(dn, new String[] { name }); if (!ldapObj.HasAttribut(name)) { ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Add, name, value); // example of modifyrequest not using the response object... ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest); Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value)); } else { DirectoryAttributeModification directoryAttributeModification = new DirectoryAttributeModification(); directoryAttributeModification.Operation = DirectoryAttributeOperation.Replace; directoryAttributeModification.Name = name; ldapObj.ldapAttributs[name].AddRange(value); foreach (byte[] tbb in ldapObj.ldapAttributs[name].values) { directoryAttributeModification.Add(tbb); } ModifyRequest modRequest = new ModifyRequest(dn, new DirectoryAttributeModification[] { directoryAttributeModification }); ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest); Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value)); } } catch (DirectoryOperationException e) { Console.WriteLine(e.Message); throw e; } catch (Exception e) { Console.WriteLine(e.Message); throw e; } }
/// <summary> /// Deletes an attribute's value in the specified entry in the directory. /// </summary> /// <param name="dn">The distinguished name of the entry to delete an attribute from.</param> /// <param name="attributeName">The name of the attribute to delete.</param> /// <param name="values">Optional: The specific values to delete (if desired). Supplying null will delete all values associated with the attribute.</param> /// <returns>True if deleted, false otherwise.</returns> public bool DeleteAttribute(string dn, string attributeName, object[] values = null) { if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName)) { ModifyRequest request = null; if (values != null) { request = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, attributeName, values); } else { request = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, attributeName); } // This control allows for deletes of values that don't already exist to succeed without throwing an exception. // The value is already gone from the attribute so it returns success as if it deleted it. request.Controls.Add(new PermissiveModifyControl()); ModifyResponse response = (ModifyResponse)connection.SendRequest(request); // Check that a response was received. if (response != null) { // A response was received. if (response.ResultCode == ResultCode.Success) { return(true); } } else { // A response was not received. return(false); } } return(false); }
/// <summary> /// Creates a ModifyResponse packet. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="resultCode">Result code of previous request, as specified in RFC 2251.</param> /// <param name="matchedDn">Matched DN.</param> /// <param name="errorMessage">Error message for result code. Required.</param> /// <param name="referral">Referral. Optional. Used for LDAP v3 only.</param> /// <returns>The packet that contains the response.</returns> internal override AdtsModifyResponsePacket CreateModifyResponse( AdtsLdapContext context, MsLdap.ResultCode resultCode, string matchedDn, string errorMessage, string[] referral) { ModifyResponse modifyResponse = new ModifyResponse( new LDAPResult_resultCode((long)resultCode), new LDAPDN(matchedDn ?? string.Empty), new LDAPString(errorMessage ?? string.Empty), CreateReferral(referral)); LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp(); operation.SetData(LDAPMessage_protocolOp.modifyResponse, modifyResponse); LDAPMessage message = new LDAPMessage(new MessageID(context.MessageId), operation, null); AdtsModifyResponsePacket packet = new AdtsModifyResponsePacket(); packet.ldapMessagev3 = message; packet.messageId = context.MessageId; return packet; }
public bool RestoreObject(string dc, ADObjectInfo objectInfo, QueryControl queryInfo) { bool ret = false; ForestBase.CurrentPorts.SelectedPort = queryInfo.Port; Connect(dc, ReferralChasingOptions.None); DirectoryAttributeModification damdel = new DirectoryAttributeModification() { Name = "isDeleted", Operation = DirectoryAttributeOperation.Delete }; string newdn = (objectInfo.ObjectClass.ToLowerInvariant() == "organizationalunit") ? "OU=" : "CN="; newdn = newdn + objectInfo.LastKnownRDN.ToEscapedLdapComponent() + ","; newdn = newdn + objectInfo.LastKnownParent; GlobalEventHandler.RaiseMessageOccured("Restoring:", true); GlobalEventHandler.RaiseMessageOccured("\t" + objectInfo.Path, true); GlobalEventHandler.RaiseMessageOccured("to:", true); GlobalEventHandler.RaiseMessageOccured("\t" + newdn, true); DirectoryAttributeModification damdn = new DirectoryAttributeModification() { Name = "distinguishedName", Operation = DirectoryAttributeOperation.Replace }; damdn.Add(newdn); DirectoryAttributeModification[] damlist = new DirectoryAttributeModification[] { damdel, damdn }; string delpath = String.Format("<GUID={0}>", objectInfo.ObjectGuid); delpath = objectInfo.Path; ModifyRequest mrcall = new ModifyRequest(delpath, damlist); mrcall.Controls.Add(new ShowDeletedControl { ServerSide = true }); mrcall.Controls.Add(new PermissiveModifyControl()); try { ModifyResponse mrresult = (ModifyResponse)base.Connection.SendRequest(mrcall); if (mrresult.ResultCode == ResultCode.Success) { GlobalEventHandler.RaiseMessageOccured("Restored " + objectInfo.LastKnownRDN, true); ret = true; } else { GlobalEventHandler.RaiseErrorOccured("ERROR: " + mrresult.ResultCode.ToString(), true); } } catch (DirectoryOperationException doex) { GlobalEventHandler.RaiseErrorOccured("ERROR: " + doex.Message, true); } catch (Exception ex) { GlobalEventHandler.RaiseErrorOccured("ERROR: " + ex.Message, true); } return(ret); }
/// <summary> /// Updates the entry in the directory. /// </summary> /// <param name="connection">The connection to the directory.</param> /// <param name="entry">The entry to update.</param> /// <param name="log">The log for query information. Defaults to null.</param> /// <param name="controls">Any <see cref="DirectoryControl"/>s to be sent with the request</param> /// <param name="listeners">The event listeners to be notified.</param> /// <param name="resultProcessing">How the async results are processed</param> /// <returns></returns> /// <exception cref="ArgumentNullException">Thrown if <paramref name="entry"/> is null. /// </exception> /// <exception cref="DirectoryOperationException">Thrown if the operation fails</exception> /// <exception cref="LdapException">Thrown if the operation fails</exception> public static async Task UpdateAsync(this LdapConnection connection, IDirectoryAttributes entry, ILinqToLdapLogger log = null, DirectoryControl[] controls = null, IEnumerable <IUpdateEventListener> listeners = null, PartialResultProcessing resultProcessing = LdapConfiguration.DefaultAsyncResultProcessing) { string distinguishedName = null; try { if (connection == null) { throw new ArgumentNullException("connection"); } if (entry == null) { throw new ArgumentNullException("entry"); } distinguishedName = entry.DistinguishedName; if (distinguishedName.IsNullOrEmpty()) { throw new ArgumentException("entry.DistinguishedName is invalid."); } var changes = entry.GetChangedAttributes(); if (changes.Any()) { var request = new ModifyRequest(distinguishedName, changes.ToArray()); if (controls != null) { request.Controls.AddRange(controls); } if (listeners != null) { var args = new ListenerPreArgs <object, ModifyRequest>(entry, request, connection); foreach (var eventListener in listeners.OfType <IPreUpdateEventListener>()) { eventListener.Notify(args); } } if (log != null && log.TraceEnabled) { log.Trace(request.ToLogString()); } ModifyResponse response = null; #if NET45 await System.Threading.Tasks.Task.Factory.FromAsync( (callback, state) => { return(connection.BeginSendRequest(request, resultProcessing, callback, state)); }, (asyncresult) => { response = (ModifyResponse)connection.EndSendRequest(asyncresult); response.AssertSuccess(); }, null ).ConfigureAwait(false); #else response = await Task.Run(() => connection.SendRequest(request) as ModifyResponse).ConfigureAwait(false); response.AssertSuccess(); #endif if (listeners != null) { var args = new ListenerPostArgs <object, ModifyRequest, ModifyResponse>(entry, request, response, connection); foreach (var eventListener in listeners.OfType <IPostUpdateEventListener>()) { eventListener.Notify(args); } } } else { if (log != null && log.TraceEnabled) { log.Trace(string.Format("No changes found for {0}.", distinguishedName)); } } } catch (Exception ex) { if (log != null) { log.Error(ex, string.Format("An error occurred while trying to update '{0}'.", distinguishedName)); } throw; } }
public void TestAddingMultipleAttributes() { using (LdapConnection connection = GetConnection()) { string ouName = "ProtocolsGroup6"; string dn = "ou=" + ouName; try { DeleteEntry(connection, dn); AddOrganizationalUnit(connection, dn); DirectoryAttributeModification mod1 = new DirectoryAttributeModification(); mod1.Operation = DirectoryAttributeOperation.Add; mod1.Name = "description"; mod1.Add("Description 5"); DirectoryAttributeModification mod2 = new DirectoryAttributeModification(); mod2.Operation = DirectoryAttributeOperation.Add; mod2.Name = "postalAddress"; mod2.Add("123 4th Ave NE, State, Country"); DirectoryAttributeModification[] mods = new DirectoryAttributeModification[2] { mod1, mod2 }; string fullDn = dn + "," + LdapConfiguration.Configuration.Domain; ModifyRequest modRequest = new ModifyRequest(fullDn, mods); ModifyResponse modResponse = (ModifyResponse)connection.SendRequest(modRequest); Assert.Equal(ResultCode.Success, modResponse.ResultCode); Assert.Throws <DirectoryOperationException>(() => (ModifyResponse)connection.SendRequest(modRequest)); SearchResultEntry sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName); Assert.NotNull(sre); Assert.Equal("Description 5", (string)sre.Attributes["description"][0]); Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "description", "Description 5")); Assert.Equal("123 4th Ave NE, State, Country", (string)sre.Attributes["postalAddress"][0]); Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "postalAddress", "123 4th Ave NE, State, Country")); mod1 = new DirectoryAttributeModification(); mod1.Operation = DirectoryAttributeOperation.Replace; mod1.Name = "description"; mod1.Add("Modified Description 5"); mod2 = new DirectoryAttributeModification(); mod2.Operation = DirectoryAttributeOperation.Replace; mod2.Name = "postalAddress"; mod2.Add("689 5th Ave NE, State, Country"); mods = new DirectoryAttributeModification[2] { mod1, mod2 }; modRequest = new ModifyRequest(fullDn, mods); modResponse = (ModifyResponse)connection.SendRequest(modRequest); Assert.Equal(ResultCode.Success, modResponse.ResultCode); sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName); Assert.NotNull(sre); Assert.Equal("Modified Description 5", (string)sre.Attributes["description"][0]); Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "description", "Modified Description 5")); Assert.Equal("689 5th Ave NE, State, Country", (string)sre.Attributes["postalAddress"][0]); Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "postalAddress", "689 5th Ave NE, State, Country")); mod1 = new DirectoryAttributeModification(); mod1.Operation = DirectoryAttributeOperation.Delete; mod1.Name = "description"; mod2 = new DirectoryAttributeModification(); mod2.Operation = DirectoryAttributeOperation.Delete; mod2.Name = "postalAddress"; mods = new DirectoryAttributeModification[2] { mod1, mod2 }; modRequest = new ModifyRequest(fullDn, mods); modResponse = (ModifyResponse)connection.SendRequest(modRequest); Assert.Equal(ResultCode.Success, modResponse.ResultCode); sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName); Assert.NotNull(sre); Assert.Null(sre.Attributes["description"]); Assert.Null(sre.Attributes["postalAddress"]); } finally { DeleteEntry(connection, dn); } } }