public bool TryLoadLDAPUsers() { try { if (!Settings.EnableLdapAuthentication) { return(false); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var users = LdapHelper.GetUsers(); foreach (var user in users) { if (string.IsNullOrEmpty(user.Sid)) { AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongSidAttribute); continue; } if (!CheckLoginAttribute(user, Settings.LoginAttribute)) { AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongLoginAttribute); continue; } if (!Settings.GroupMembership) { AllDomainUsers.Add(user); continue; } if (!Settings.UserAttribute.Equals(LdapConstants.RfcLDAPAttributes.DN, StringComparison.InvariantCultureIgnoreCase) && !CheckUserAttribute(user, Settings.UserAttribute)) { AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongUserAttribute); continue; } AllDomainUsers.Add(user); } if (AllDomainUsers.Any()) { PrimaryGroupId = AllDomainUsers.First().GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string; } return(AllDomainUsers.Any() || !users.Any()); } catch (ArgumentException) { _log.ErrorFormat("TryLoadLDAPUsers(): Incorrect filter. userFilter = {0}", Settings.UserFilter); } return(false); }
public void Dispose() { if (LdapHelper != null) { LdapHelper.Dispose(); } }
public bool TrySyncUserGroupMembership(Tuple <UserInfo, LdapObject> ldapUserInfo) { if (ldapUserInfo == null || !Settings.GroupMembership) { return(false); } var userInfo = ldapUserInfo.Item1; var ldapUser = ldapUserInfo.Item2; var portalUserLdapGroups = CoreContext.UserManager.GetUserGroups(userInfo.ID, IncludeType.All) .Where(g => !string.IsNullOrEmpty(g.Sid)) .ToList(); List <LdapObject> ldapUserGroupList = new List <LdapObject>(); ldapUserGroupList.AddRange(GetLdapUserGroups(ldapUser)); if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var actualPortalLdapGroups = GetAndCheckCurrentGroups(ldapUser, portalUserLdapGroups).ToList(); foreach (var ldapUserGroup in ldapUserGroupList) { var groupInfo = CoreContext.UserManager.GetGroupInfoBySid(ldapUserGroup.Sid); if (Equals(groupInfo, Constants.LostGroupInfo)) { _log.DebugFormat("TrySyncUserGroupMembership(groupname: '{0}' sid: '{1}') no portal group found, creating", ldapUserGroup.DistinguishedName, ldapUserGroup.Sid); groupInfo = CoreContext.UserManager.SaveGroupInfo(ldapUserGroup.ToGroupInfo(Settings, _log)); _log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') adding user to group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, groupInfo.Name, groupInfo.Sid); CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID); } else if (!portalUserLdapGroups.Contains(groupInfo)) { _log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') adding user to group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, groupInfo.Name, groupInfo.Sid); CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID); } actualPortalLdapGroups.Add(groupInfo); } foreach (var portalUserLdapGroup in portalUserLdapGroups) { if (!actualPortalLdapGroups.Contains(portalUserLdapGroup)) { _log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') removing user from group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, portalUserLdapGroup.Name, portalUserLdapGroup.Sid); CoreContext.UserManager.RemoveUserFromGroup(userInfo.ID, portalUserLdapGroup.ID); } } return(actualPortalLdapGroups.Count != 0); }
public Tuple <UserInfo, LdapObject> Login(string login, string password) { try { if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password)) { return(null); } var ldapUsers = FindLdapUsers(login); _log.DebugFormat("FindLdapUsers(login '{0}') found: {1} users", login, ldapUsers.Count); foreach (var ldapUser in ldapUsers) { string currentLogin = null; try { var ldapUserInfo = ldapUser.Item1; var ldapUserObject = ldapUser.Item2; if (ldapUserInfo.Equals(Constants.LostUser) || ldapUserObject == null) { continue; } else if (string.IsNullOrEmpty(ldapUserObject.DistinguishedName) || string.IsNullOrEmpty(ldapUserObject.Sid)) { _log.DebugFormat("LdapUserImporter->Login(login: '******', dn: '{1}') failed. Error: missing DN or SID", login, ldapUserObject.Sid); continue; } currentLogin = ldapUserObject.DistinguishedName; _log.DebugFormat("LdapUserImporter.Login('{0}')", currentLogin); LdapHelper.CheckCredentials(currentLogin, password, Settings.Server, Settings.PortNumber, Settings.StartTls, Settings.Ssl, Settings.AcceptCertificate, Settings.AcceptCertificateHash); return(new Tuple <UserInfo, LdapObject>(ldapUserInfo, ldapUserObject)); } catch (Exception ex) { _log.ErrorFormat("LdapUserImporter->Login(login: '******') failed. Error: {1}", currentLogin ?? login, ex); } } } catch (Exception ex) { _log.ErrorFormat("LdapUserImporter->Login({0}) failed {1}", login, ex); } return(null); }
private string LoadLDAPDomain() { try { if (!Settings.EnableLdapAuthentication) { return(null); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } string ldapDomain; if (AllDomainUsers.Any()) { ldapDomain = AllDomainUsers.First().GetDomainFromDn(); if (!string.IsNullOrEmpty(ldapDomain)) { return(ldapDomain); } } ldapDomain = LdapHelper.SearchDomain(); if (!string.IsNullOrEmpty(ldapDomain)) { return(ldapDomain); } ldapDomain = LdapUtils.DistinguishedNameToDomain(Settings.UserDN); if (!string.IsNullOrEmpty(ldapDomain)) { return(ldapDomain); } ldapDomain = LdapUtils.DistinguishedNameToDomain(Settings.GroupDN); if (!string.IsNullOrEmpty(ldapDomain)) { return(ldapDomain); } } catch (Exception ex) { _log.ErrorFormat("LoadLDAPDomain(): Error: {0}", ex); } return(null); }
public LdapUserImporter(LdapHelper ldapHelper, LdapLocalization resource) { LdapHelper = ldapHelper; AllDomainUsers = new List <LdapObject>(); AllDomainGroups = new List <LdapObject>(); AllSkipedDomainUsers = new Dictionary <LdapObject, LdapSettingsStatus>(); AllSkipedDomainGroups = new Dictionary <LdapObject, LdapSettingsStatus>(); Resource = resource; _log = LogManager.GetLogger(typeof(LdapUserImporter)); }
public bool TryLoadLDAPGroups() { try { if (!Settings.EnableLdapAuthentication || !Settings.GroupMembership) { return(false); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var groups = LdapHelper.GetGroups(); foreach (var group in groups) { if (string.IsNullOrEmpty(group.Sid)) { AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongSidAttribute); continue; } if (!CheckGroupAttribute(group, Settings.GroupAttribute)) { AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupAttribute); continue; } if (!CheckGroupNameAttribute(group, Settings.GroupNameAttribute)) { AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupNameAttribute); continue; } AllDomainGroups.Add(group); } return(AllDomainGroups.Any() || !groups.Any()); } catch (ArgumentException) { _log.ErrorFormat("TryLoadLDAPGroups(): Incorrect group filter. groupFilter = {0}", Settings.GroupFilter); } return(false); }
public IEnumerable <GroupInfo> GetAndCheckCurrentGroups(LdapObject ldapUser, IEnumerable <GroupInfo> portalGroups) { var result = new List <GroupInfo>(); try { var searchExpressions = new List <Expression>(); if (portalGroups != null && portalGroups.Any()) { searchExpressions.AddRange(portalGroups.Select(g => Expression.Equal(LdapConstants.ADSchemaAttributes.OBJECT_SID, g.Sid))); } else { return(result); } var criteria = Criteria.Any(searchExpressions.ToArray()); var foundList = LdapHelper.GetGroups(criteria); if (foundList.Any()) { var stillExistingGroups = portalGroups.Where(g => foundList.Any(fg => fg.Sid == g.Sid)); foreach (var group in stillExistingGroups) { if (GetGroupUsers(group).Any(u => u.Sid == ldapUser.Sid)) { result.Add(group); } } } } catch (Exception ex) { if (ldapUser != null) { _log.ErrorFormat("GetAndCheckCurrentGroups(login: '******' sid: '{1}') error {2}", ldapUser.DistinguishedName, ldapUser.Sid, ex); } } return(result); }
public List <Tuple <UserInfo, LdapObject> > FindLdapUsers(string login) { var listResults = new List <Tuple <UserInfo, LdapObject> >(); var ldapLogin = LdapLogin.ParseLogin(login); if (ldapLogin == null) { return(listResults); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var exps = new List <Expression> { Expression.Equal(Settings.LoginAttribute, ldapLogin.Username) }; if (!ldapLogin.Username.Equals(login) && ldapLogin.ToString().Equals(login)) { exps.Add(Expression.Equal(Settings.LoginAttribute, login)); } string email = null; if (!string.IsNullOrEmpty(Settings.MailAttribute) && !string.IsNullOrEmpty(ldapLogin.Domain) && login.Contains("@")) { email = ldapLogin.ToString(); exps.Add(Expression.Equal(Settings.MailAttribute, email)); } var searchTerm = exps.Count > 1 ? Criteria.Any(exps.ToArray()).ToString() : exps.First().ToString(); var users = LdapHelper.GetUsers(searchTerm, !string.IsNullOrEmpty(email) ? -1 : 1) .Where(user => user != null) .ToLookup(lu => { var ui = Constants.LostUser; try { if (string.IsNullOrEmpty(_ldapDomain)) { _ldapDomain = LdapUtils.DistinguishedNameToDomain(lu.DistinguishedName); } ui = lu.ToUserInfo(this, _log); } catch (Exception ex) { _log.ErrorFormat("FindLdapUser->ToUserInfo() failed. Error: {0}", ex.ToString()); } return(Tuple.Create(ui, lu)); }); if (!users.Any()) { return(listResults); } foreach (var user in users) { var ui = user.Key.Item1; if (ui.Equals(Constants.LostUser)) { continue; } var ul = user.Key.Item2; var ldapLoginAttribute = ul.GetValue(Settings.LoginAttribute) as string; if (string.IsNullOrEmpty(ldapLoginAttribute)) { _log.WarnFormat("LDAP: DN: '{0}' Login Attribute '{1}' is empty", ul.DistinguishedName, Settings.LoginAttribute); continue; } if (ldapLoginAttribute.Equals(login)) { listResults.Add(user.Key); continue; } if (!string.IsNullOrEmpty(email)) { if (ui.Email.Equals(email, StringComparison.InvariantCultureIgnoreCase)) { listResults.Add(user.Key); continue; } } if (LdapUtils.IsLoginAccepted(ldapLogin, ui, LDAPDomain)) { listResults.Add(user.Key); } } return(listResults); }
private bool TryGetLdapUserGroups(LdapObject ldapUser, out List <LdapObject> ldapUserGroups) { ldapUserGroups = new List <LdapObject>(); try { if (!Settings.GroupMembership) { return(false); } if (ldapUser == null || string.IsNullOrEmpty(ldapUser.Sid)) { return(false); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var userGroups = ldapUser.GetAttributes(LdapConstants.ADSchemaAttributes.MEMBER_OF, _log) .Select(s => s.Replace("\\", string.Empty)) .ToList(); if (!userGroups.Any()) { userGroups = ldapUser.GetAttributes(GROUP_MEMBERSHIP, _log); } var searchExpressions = new List <Expression>(); PrimaryGroupId = PrimaryGroupId ?? ldapUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string; if (!string.IsNullOrEmpty(PrimaryGroupId)) { var userSid = ldapUser.Sid; var index = userSid.LastIndexOf("-", StringComparison.InvariantCultureIgnoreCase); if (index > -1) { var primaryGroupSid = userSid.Substring(0, index + 1) + PrimaryGroupId; searchExpressions.Add(Expression.Equal(ldapUser.SidAttribute, primaryGroupSid)); } } if (userGroups.Any()) { searchExpressions.AddRange(userGroups .Select(g => g.Substring(0, g.IndexOf(",", StringComparison.InvariantCultureIgnoreCase))) .Where(s => !string.IsNullOrEmpty(s)) .Select(Expression.Parse) .Where(e => e != null)); var criteria = Criteria.Any(searchExpressions.ToArray()); var foundList = LdapHelper.GetGroups(criteria); if (foundList.Any()) { ldapUserGroups.AddRange(foundList); return(true); } } else { var ldapGroups = LdapHelper.GetGroups(); ldapUserGroups.AddRange( ldapGroups.Where( ldapGroup => LdapHelper.UserExistsInGroup(ldapGroup, ldapUser, Settings))); return(ldapUserGroups.Any()); } } catch (Exception ex) { if (ldapUser != null) { _log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}", ldapUser.DistinguishedName, ldapUser.Sid, ex); } } return(false); }
private List <UserInfo> GetGroupUsers(GroupInfo groupInfo, bool clearCache) { if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } _log.DebugFormat("LdapUserImporter.GetGroupUsers(Group name: {0})", groupInfo.Name); var users = new List <UserInfo>(); if (!AllDomainGroups.Any() && !TryLoadLDAPGroups()) { return(users); } var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid)); if (domainGroup == null) { return(users); } if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId)) { // Domain Users found var ldapUsers = FindUsersByPrimaryGroup(); if (!ldapUsers.Any()) { return(users); } foreach (var ldapUser in ldapUsers) { var userInfo = ldapUser.ToUserInfo(this, _log); if (!users.Exists(u => u.Sid == userInfo.Sid)) { users.Add(userInfo); } } } else { var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log); if (!members.Any()) { return(users); } foreach (var member in members) { var ldapUser = FindUserByMember(member); if (ldapUser == null) { var nestedLdapGroup = FindGroupByMember(member); if (nestedLdapGroup != null) { _log.DebugFormat("Found nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName); if (clearCache) { _watchedNestedGroups = new List <string>(); } if (_watchedNestedGroups.Contains(nestedLdapGroup.DistinguishedName)) { _log.DebugFormat("Skip already watched nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName); continue; } _watchedNestedGroups.Add(nestedLdapGroup.DistinguishedName); var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log); var nestedGroupUsers = GetGroupUsers(nestedGroupInfo, false); foreach (var groupUser in nestedGroupUsers) { if (!users.Exists(u => u.Sid == groupUser.Sid)) { users.Add(groupUser); } } } continue; } var userInfo = ldapUser.ToUserInfo(this, _log); if (!users.Exists(u => u.Sid == userInfo.Sid)) { users.Add(userInfo); } } } return(users); }
public bool TrySyncUserGroupMembership(Tuple <UserInfo, LdapObject> ldapUserInfo) { if (ldapUserInfo == null || !Settings.GroupMembership) { return(false); } var userInfo = ldapUserInfo.Item1; var ldapUser = ldapUserInfo.Item2; List <LdapObject> ldapUserGroupList; if (!TryGetLdapUserGroups(ldapUser, out ldapUserGroupList)) { return(false); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var portalUserLdapGroups = CoreContext.UserManager.GetUserGroups(userInfo.ID, IncludeType.All) .Where(g => !string.IsNullOrEmpty(g.Sid)) .ToList(); var actualPortalLdapGroups = new List <GroupInfo>(); foreach (var ldapUserGroup in ldapUserGroupList) { var groupInfo = CoreContext.UserManager.GetGroupInfoBySid(ldapUserGroup.Sid); if (Equals(groupInfo, Constants.LostGroupInfo)) { groupInfo = CoreContext.UserManager.SaveGroupInfo(ldapUserGroup.ToGroupInfo(Settings, _log)); CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID); actualPortalLdapGroups.Add(groupInfo); } else if (!portalUserLdapGroups.Contains(groupInfo)) { CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID); actualPortalLdapGroups.Add(groupInfo); } } if (!actualPortalLdapGroups.Any()) { return(true); } foreach (var portalUserLdapGroup in portalUserLdapGroups) { if (!actualPortalLdapGroups.Contains(portalUserLdapGroup)) { CoreContext.UserManager.RemoveUserFromGroup(userInfo.ID, portalUserLdapGroup.ID); } } return(true); }
public List <UserInfo> GetGroupUsers(GroupInfo groupInfo) { if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var users = new List <UserInfo>(); if (!AllDomainGroups.Any() && !TryLoadLDAPGroups()) { return(users); } var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid)); if (domainGroup == null) { return(users); } if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId)) { // Domain Users found var ldapUsers = FindUsersByPrimaryGroup(); if (!ldapUsers.Any()) { return(users); } foreach (var ldapUser in ldapUsers) { var userInfo = ldapUser.ToUserInfo(this, _log); if (!users.Exists(u => u.Sid == userInfo.Sid)) { users.Add(userInfo); } } } else { var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log); if (!members.Any()) { return(users); } foreach (var member in members) { var ldapUser = FindUserByMember(member); if (ldapUser == null) { var nestedLdapGroup = FindGroupByMember(member); if (nestedLdapGroup != null) { var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log); var nestedGroupUsers = GetGroupUsers(nestedGroupInfo); foreach (var groupUser in nestedGroupUsers) { if (!users.Exists(u => u.Sid == groupUser.Sid)) { users.Add(groupUser); } } } continue; } var userInfo = ldapUser.ToUserInfo(this, _log); if (!users.Exists(u => u.Sid == userInfo.Sid)) { users.Add(userInfo); } } } return(users); }