public List <UserInfo> GetDiscoveredUsersByAttributes(LDAPSupportSettings settings) { var users = new List <UserInfo>(); if (AllDomainUsers != null) { AllDomainUsers = ADDomain.GetUsersByAttributes(settings); } _domainUsers = new List <LDAPUser>(); if (AllDomainUsers != null) { foreach (var user in AllDomainUsers) { if (user != null && !user.IsDisabled && IsUserExistsInGroup(user, settings)) { _domainUsers.Add(user); var userInfo = CreateUserInfo(user, settings); if (CoreContext.UserManager.GetUserBySid("l" + userInfo.Sid).ID == Core.Users.Constants.LostUser.ID && CoreContext.UserManager.GetUserBySid(userInfo.Sid).ID == Core.Users.Constants.LostUser.ID) { if (CheckEmail(userInfo)) { users.Add(userInfo); } } } } } return(users); }
/// <summary> /// </summary> public static LDAPDomain GetDomain(LDAPSupportSettings settings) { try { string password; var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } var entry = settings.Authentication ? new DirectoryEntry(settings.Server + ":" + settings.PortNumber, settings.Login, password, type) : new DirectoryEntry(settings.Server + ":" + settings.PortNumber); return (new LDAPObjectFactory()).CreateObject(entry) as LDAPDomain; } catch (Exception e) { _log.WarnFormat("Can't get current domain. May be current user has not needed permissions. {0}", e); return null; } }
public static List<DirectoryEntry> Search(string rootDistinguishedName, string filter, SearchScope scope, LDAPSupportSettings settings) { DirectoryEntry de; var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } de = settings.Authentication ? CreateDirectoryEntry(rootDistinguishedName, settings.Login, password, type) : CreateDirectoryEntry(rootDistinguishedName); if (de != null) { return Search(de, filter, scope); } else { return null; } }
public static List <LDAPGroup> GetGroupsByParameter(LDAPSupportSettings settings) { try { var groupDNs = new List <string>(); var groups = new List <LDAPGroup>(); if (settings.GroupName == string.Empty) { groupDNs.Add(settings.GroupDN); } else { var names = settings.GroupName.Split(';'); for (int i = 0; i < names.Length; i++) { groupDNs.Add(names[i] + "," + settings.GroupDN); } } for (int i = 0; i < groupDNs.Count; i++) { groups.AddRange(Search(settings.Server + ":" + settings.PortNumber + "/" + groupDNs[i], _AllGroupCriteria, settings).ConvertAll <LDAPGroup>((LDAPObject obj) => obj as LDAPGroup).Where(g => g != null).ToList()); } return(groups); } catch (Exception e) { _log.ErrorFormat("Bad GroupDN or GroupName parameter. {0}", e); } return(null); }
public List<UserInfo> GetDiscoveredUsersByAttributes(LDAPSupportSettings settings) { var users = new List<UserInfo>(); if (AllDomainUsers != null) { AllDomainUsers = ADDomain.GetUsersByAttributes(settings); } _domainUsers = new List<LDAPUser>(); if (AllDomainUsers != null) { foreach (var user in AllDomainUsers) { if (user != null && !user.IsDisabled && IsUserExistsInGroup(user, settings)) { _domainUsers.Add(user); var userInfo = CreateUserInfo(user, settings); if (CoreContext.UserManager.GetUserBySid("l" + userInfo.Sid).ID == Core.Users.Constants.LostUser.ID && CoreContext.UserManager.GetUserBySid(userInfo.Sid).ID == Core.Users.Constants.LostUser.ID) { if (CheckEmail(userInfo)) { users.Add(userInfo); } } } } } return users; }
public static List <LDAPObject> Search(string root, Criteria criteria, LDAPSupportSettings settings) { var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } var entry = settings.Authentication ? new DirectoryEntry(root, settings.Login, password, type) : new DirectoryEntry(root); try { object nativeObject = entry.NativeObject; } catch (Exception e) { _log.ErrorFormat("Error authenticating user. Current user has not access to read this directory: {0}. {1}", root, e); return(null); } return(SearchInternal(root, criteria != null ? criteria.ToString() : null, SearchScope.Subtree, settings)); }
public override bool Equals(object obj) { LDAPSupportSettings settings = obj as LDAPSupportSettings; if (settings == null || EnableLdapAuthentication != settings.EnableLdapAuthentication || StartTls != settings.StartTls || Server != settings.Server || UserDN != settings.UserDN || PortNumber != settings.PortNumber || UserFilter != settings.UserFilter || LoginAttribute != settings.LoginAttribute || FirstNameAttribute != settings.FirstNameAttribute || SecondNameAttribute != settings.SecondNameAttribute || MailAttribute != settings.MailAttribute || TitleAttribute != settings.TitleAttribute || MobilePhoneAttribute != settings.MobilePhoneAttribute || LocationAttribute != settings.LocationAttribute || GroupMembership != settings.GroupMembership || GroupDN != settings.GroupDN || GroupNameAttribute != settings.GroupNameAttribute || GroupFilter != settings.GroupFilter || UserAttribute != settings.UserAttribute || GroupAttribute != settings.GroupAttribute || Login != settings.Login) { return(false); } return(true); }
/// <summary> /// </summary> public static LDAPDomain GetDomain(LDAPSupportSettings settings) { try { string password; var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } var entry = settings.Authentication ? new DirectoryEntry(settings.Server + ":" + settings.PortNumber, settings.Login, password, type) : new DirectoryEntry(settings.Server + ":" + settings.PortNumber); return((new LDAPObjectFactory()).CreateObject(entry) as LDAPDomain); } catch (Exception e) { _log.WarnFormat("Can't get current domain. May be current user has not needed permissions. {0}", e); return(null); } }
protected void Page_Load(object sender, EventArgs e) { AjaxPro.Utility.RegisterTypeForAjax(typeof(LdapSettings), Page); Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/management/ldapsettings/js/ldapsettings.js")); ldapSettingsConfirmContainerId.Options.IsPopup = true; ldapSettingsLimitPanelId.Options.IsPopup = true; settings = SettingsManager.Instance.LoadSettings<LDAPSupportSettings>(TenantProvider.CurrentTenantID); }
public List <GroupInfo> GetDiscoveredGroupsByAttributes(LDAPSupportSettings settings, out List <GroupInfo> existingGroups) { existingGroups = new List <GroupInfo>(); if (settings.GroupMembership) { if (DomainGroups == null) { DomainGroups = ldapHelper.GetGroupsByAttributes(settings); } if (DomainGroups != null) { var groups = new List <GroupInfo>(DomainGroups.Count); var removedGroups = new List <LDAPObject>(); foreach (var domainGroup in DomainGroups) { var lastId = domainGroup.Sid.Split(hyphen).Last(); if (lastId != primaryGroupId) { var members = ldapHelper.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members == null) { removedGroups.Add(domainGroup); continue; } } string sid = domainGroup.Sid; var groupInfo = new GroupInfo { Name = domainGroup.InvokeGet(settings.GroupNameAttribute) as string, Sid = sid }; // Domain Users - primary group if (sid.Split(hyphen).Last() == primaryGroupId) { primaryGroup = groupInfo; } if (CoreContext.UserManager.GetGroupInfoBySid(groupInfo.Sid).ID == Core.Users.Constants.LostGroupInfo.ID) { groups.Add(groupInfo); } else { existingGroups.Add(groupInfo); } } foreach (var domainGroup in removedGroups) { if (DomainGroups.Contains(domainGroup)) { DomainGroups.Remove(domainGroup); } } return(groups); } } return(null); }
public string GetSidOfCurrentUser(string login, LDAPSupportSettings settings) { var users = ADDomain.GetUsersByAttributesAndFilter(settings, "(" + settings.LoginAttribute + "=" + login + ")"); if (users.Count != 0 && users[0] != null && users[0].Sid != null) { return users[0].Sid.Value; } return null; }
private UserInfo CreateUserInfo(LDAPUser domainUser, LDAPSupportSettings settings) { var user = new UserInfo { ID = Guid.NewGuid(), UserName = domainUser.AccountName, Sid = domainUser.Sid.Value, ActivationStatus = (!string.IsNullOrEmpty(domainUser.Mail) ? EmployeeActivationStatus.Activated : EmployeeActivationStatus.NotActivated), Email = (!string.IsNullOrEmpty(domainUser.Mail) ? domainUser.Mail : string.Empty), MobilePhone = (!string.IsNullOrEmpty(domainUser.Mobile) ? domainUser.Mobile : string.Empty), Title = (!string.IsNullOrEmpty(domainUser.Title) ? domainUser.Title : string.Empty), Location = (!string.IsNullOrEmpty(domainUser.Street) ? domainUser.Street : string.Empty), WorkFromDate = TenantUtil.DateTimeNow() }; if (!string.IsNullOrEmpty(domainUser.FirstName)) { if (domainUser.FirstName.Length > MAX_NUMBER_OF_SYMBOLS) { user.FirstName = domainUser.FirstName.Substring(0, MAX_NUMBER_OF_SYMBOLS); } else { user.FirstName = domainUser.FirstName; } } else { user.FirstName = string.Empty; } if (!string.IsNullOrEmpty(domainUser.SecondName)) { if (domainUser.SecondName.Length > MAX_NUMBER_OF_SYMBOLS) { user.LastName = domainUser.SecondName.Substring(0, MAX_NUMBER_OF_SYMBOLS); } else { user.LastName = domainUser.SecondName; } } else { user.LastName = string.Empty; } if (user.Email == string.Empty) { var domain = ADDomain.GetDomain(settings); var domainName = domain != null ? domain.Name : UNKNOWN_DOMAIN; string loginName = domainUser.InvokeGet(settings.LoginAttribute).ToString(); user.Email = loginName.Contains("@") ? loginName : loginName + "@" + domainName; } return(user); }
public string GetSidOfCurrentUser(string login, LDAPSupportSettings settings) { var users = ADDomain.GetUsersByAttributesAndFilter(settings, "(" + settings.LoginAttribute + "=" + login + ")"); if (users.Count != 0 && users[0] != null && users[0].Sid != null) { return(users[0].Sid.Value); } return(null); }
public void AddUserIntoGroups(UserInfo user, LDAPSupportSettings settings) { if (user == null || !settings.GroupMembership || DomainGroups == null) { return; } var domainUser = FindDomainUser(user.Sid); if (domainUser == null) { return; } var dn = ADDomain.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { var members = ADDomain.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members != null) { if (members.Value != null) { foreach (var member in members) { var memberString = member.ToString(); if (IsUser(memberString)) { if (dn.Equals(memberString, StringComparison.InvariantCultureIgnoreCase)) { var group = CoreContext.GroupManager.GetGroupInfoBySid(domainGroup.Sid.Value); if (group != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, group.ID); } } } else if (!_cache.Exists(memberString, domainGroup.Sid.Value) && IsGroup(memberString)) { _cache.Add(memberString, domainGroup.Sid.Value); } } } } } if (_primaryGroup != null) { var primaryGroup = CoreContext.GroupManager.GetGroupInfoBySid(_primaryGroup.Sid); if (primaryGroup != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, primaryGroup.ID); } } }
public void AddUserIntoGroups(UserInfo user, LDAPSupportSettings settings) { if (user == null || !settings.GroupMembership || DomainGroups == null) { return; } var domainUser = FindDomainUser(user.Sid); if (domainUser == null) { return; } var userAttributeValue = ldapHelper.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { string sid = domainGroup.Sid; var members = ldapHelper.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members != null) { foreach (string member in members) { if (IsUser(member, settings.UserAttribute)) { if (userAttributeValue.Equals(member, StringComparison.InvariantCultureIgnoreCase)) { var group = CoreContext.UserManager.GetGroupInfoBySid(sid); if (group != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, group.ID); } } } else if (!relationGroupCache.Exists(member, sid) && IsGroup(member, settings.UserAttribute)) { relationGroupCache.Add(member, sid); } } } } if (primaryGroup != null) { var getPrimaryGroup = CoreContext.UserManager.GetGroupInfoBySid(primaryGroup.Sid); if (getPrimaryGroup != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, getPrimaryGroup.ID); } } }
public List <GroupInfo> GetDiscoveredGroupsByAttributes(LDAPSupportSettings settings) { if (settings.GroupMembership) { if (DomainGroups == null) { DomainGroups = ADDomain.GetGroupsByParameter(settings); } if (DomainGroups != null) { var groups = new List <GroupInfo>(DomainGroups.Count); var removedGroups = new List <LDAPGroup>(); foreach (var domainGroup in DomainGroups) { var lastId = domainGroup.Sid.Value.Split(LAST_HYPHEN).Last(); if (lastId != PRIMARY_GROUP) { var members = ADDomain.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members == null || members.Value == null) { removedGroups.Add(domainGroup); continue; } } var groupInfo = new GroupInfo { Name = domainGroup.Name, Sid = domainGroup.Sid.Value }; // Domain Users - primary group if (domainGroup.Sid.Value.Split(LAST_HYPHEN).Last() == PRIMARY_GROUP) { _primaryGroup = groupInfo; } if (CoreContext.GroupManager.GetGroupInfoBySid(groupInfo.Sid).ID == Core.Users.Constants.LostGroupInfo.ID) { groups.Add(groupInfo); } } foreach (var domainGroup in removedGroups) { if (DomainGroups.Contains(domainGroup)) { DomainGroups.Remove(domainGroup); } } return(groups); } } return(null); }
public UserInfo GetDiscoveredUser(LDAPSupportSettings settings, string sid) { var domainUser = ldapHelper.GetUserBySid(settings, sid); if (domainUser != null && !domainUser.IsDisabled && IsUserExistsInGroup(domainUser, settings)) { domainUsers = new List <LDAPObject> { domainUser }; var userInfo = CreateUserInfo(domainUser, settings); CheckEmailIsNew(userInfo); return(userInfo); } return(Core.Users.Constants.LostUser); }
public string GetSidOfCurrentUser(string login, LDAPSupportSettings settings) { var users = ldapHelper.GetUsersByAttributesAndFilter(settings, "(" + settings.LoginAttribute + "=" + login + ")"); if (users.Count != 0) { foreach (var user in users) { if (user != null) { return(user.Sid); } } } return(null); }
public static List <LDAPUser> GetUsersFromPrimaryGroup(LDAPSupportSettings settings, string primaryGroupID) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { return(Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)).Add(Criteria.All( Expression.Equal(Constants.ADSchemaAttributes.PrimaryGroupID, primaryGroupID))), settings.UserFilter, settings). ConvertAll <LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(g => g != null).ToList()); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return(null); }
public UserInfo GetDiscoveredUser(LDAPSupportSettings settings, string sid) { var domainUser = ADDomain.GetUserBySid(settings, sid); if (domainUser != null && !domainUser.IsDisabled && IsUserExistsInGroup(domainUser, settings)) { _domainUsers = new List <LDAPUser>(); _domainUsers.Add(domainUser); var userInfo = CreateUserInfo(domainUser, settings); if (CheckEmail(userInfo)) { return(userInfo); } } return(Core.Users.Constants.LostUser); }
private bool IsUserExistsInGroup(LDAPObject domainUser, LDAPSupportSettings settings) { if (!settings.GroupMembership || DomainGroups == null || DomainGroups.Count == 0 || primaryGroup != null) { return(true); } var distinguishedName = ldapHelper.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { if (ldapHelper.UserExistsInGroup(domainGroup, distinguishedName, settings.GroupAttribute)) { return(true); } } return(false); }
private bool IsUserExistsInGroup(LDAPUser domainUser, LDAPSupportSettings settings) { if (!settings.GroupMembership || DomainGroups == null || DomainGroups.Count == 0 || _primaryGroup != null) { return(true); } var dn = ADDomain.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { if (ADDomain.UserExistsInGroup(domainGroup, dn, settings.GroupAttribute)) { return(true); } } return(false); }
public static List <LDAPUser> GetUsersByAttributesAndFilter(LDAPSupportSettings settings, string filter) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; if (!string.IsNullOrEmpty(settings.UserFilter) && !settings.UserFilter.StartsWith("(") && !settings.UserFilter.EndsWith(")")) { settings.UserFilter = "(" + settings.UserFilter + ")"; } filter = "(&" + settings.UserFilter + filter + ")"; try { return(Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)), filter, settings). ConvertAll <LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList()); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return(null); }
public static List <LDAPUser> GetUsersByAttributes(LDAPSupportSettings settings) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { return(Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute), Expression.Exists(settings.LoginAttribute)), settings.UserFilter, settings). ConvertAll <LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList()); } catch (ArgumentException) { throw new ArgumentException(); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return(null); }
public static LDAPUser GetUserBySid(LDAPSupportSettings settings, string sid) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { var list = Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)).Add(Criteria.All( Expression.Equal(Constants.ADSchemaAttributes.ObjectSid, sid))), settings.UserFilter, settings). ConvertAll <LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList(); if (list.Count == 0) { return(null); } else { return(list[0]); } } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return(null); }
public LDAPUserImporter(LDAPSupportSettings settings) { if (settings == null) { throw new ArgumentNullException("settings"); } _ldapHelper = !WorkContext.IsMono ? (LdapHelper) new SystemLdapHelper() : new NovellLdapHelper(); _settings = DeepClone(settings); if (_settings.EnableLdapAuthentication) { if (string.IsNullOrEmpty(_settings.UserFilter) || _settings.GroupMembership && string.IsNullOrEmpty(_settings.GroupFilter)) { var defaultSettings = settings.GetDefault() as LDAPSupportSettings; if (defaultSettings != null) { if (string.IsNullOrEmpty(_settings.UserFilter)) { _settings.UserFilter = defaultSettings.UserFilter; } if (_settings.GroupMembership && string.IsNullOrEmpty(_settings.GroupFilter)) { _settings.GroupFilter = defaultSettings.GroupFilter; } } } } AllDomainUsers = new List <LDAPObject>(); AllDomainGroups = new List <LDAPObject>(); }
public List<GroupInfo> GetDiscoveredGroupsByAttributes(LDAPSupportSettings settings) { if (settings.GroupMembership) { if (DomainGroups == null) { DomainGroups = ADDomain.GetGroupsByParameter(settings); } if (DomainGroups != null) { var groups = new List<GroupInfo>(DomainGroups.Count); var removedGroups = new List<LDAPGroup>(); foreach (var domainGroup in DomainGroups) { var lastId = domainGroup.Sid.Value.Split(LAST_HYPHEN).Last(); if (lastId != PRIMARY_GROUP) { var members = ADDomain.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members == null || members.Value == null) { removedGroups.Add(domainGroup); continue; } } var groupInfo = new GroupInfo { Name = domainGroup.Name, Sid = domainGroup.Sid.Value }; // Domain Users - primary group if (domainGroup.Sid.Value.Split(LAST_HYPHEN).Last() == PRIMARY_GROUP) { _primaryGroup = groupInfo; } if (CoreContext.GroupManager.GetGroupInfoBySid(groupInfo.Sid).ID == Core.Users.Constants.LostGroupInfo.ID) { groups.Add(groupInfo); } } foreach (var domainGroup in removedGroups) { if (DomainGroups.Contains(domainGroup)) { DomainGroups.Remove(domainGroup); } } return groups; } } return null; }
public static LDAPUser GetUserBySid(LDAPSupportSettings settings, string sid) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { var list = Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)).Add(Criteria.All( Expression.Equal(Constants.ADSchemaAttributes.ObjectSid, sid))), settings.UserFilter, settings). ConvertAll<LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList(); if (list.Count == 0) { return null; } else { return list[0]; } } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return null; }
public static List<LDAPGroup> GetGroupsByParameter(LDAPSupportSettings settings) { try { var groupDNs = new List<string>(); var groups = new List<LDAPGroup>(); if (settings.GroupName == string.Empty) { groupDNs.Add(settings.GroupDN); } else { var names = settings.GroupName.Split(';'); for (int i = 0; i < names.Length; i++) { groupDNs.Add(names[i] + "," + settings.GroupDN); } } for (int i = 0; i < groupDNs.Count; i++) { groups.AddRange(Search(settings.Server + ":" + settings.PortNumber + "/" + groupDNs[i], _AllGroupCriteria, settings).ConvertAll<LDAPGroup>((LDAPObject obj) => obj as LDAPGroup).Where(g => g != null).ToList()); } return groups; } catch (Exception e) { _log.ErrorFormat("Bad GroupDN or GroupName parameter. {0}", e); } return null; }
public static List <DirectoryEntry> Search(string rootDistinguishedName, string filter, SearchScope scope, LDAPSupportSettings settings) { DirectoryEntry de; var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } de = settings.Authentication ? CreateDirectoryEntry(rootDistinguishedName, settings.Login, password, type) : CreateDirectoryEntry(rootDistinguishedName); if (de != null) { return(Search(de, filter, scope)); } else { return(null); } }
public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer) { if (!settings.EnableLdapAuthentication) { return OPERATION_OK; } string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch { password = string.Empty; } try { if (settings.Authentication) { CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber); } if (!CheckServerAndPort(settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return WRONG_SERVER_OR_PORT; } } catch (DirectoryServicesCOMException) { return CREDENTIALS_NOT_VALID; } catch (COMException) { return WRONG_SERVER_OR_PORT; } if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return WRONG_USER_DN; } try { importer.AllDomainUsers = GetUsersByAttributes(settings); } catch (ArgumentException) { _log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter); return INCORRECT_LDAP_FILTER; } if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0) { _log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN); return USERS_NOT_FOUND; } if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute)) { return WRONG_LOGIN_ATTRIBUTE; } if (settings.GroupMembership) { if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return WRONG_GROUP_DN_OR_GROUP_NAME; } importer.DomainGroups = GetGroupsByParameter(settings); if (importer.DomainGroups == null || importer.DomainGroups.Count == 0) { return GROUPS_NOT_FOUND; } if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute)) { return WRONG_GROUP_ATTRIBUTE; } if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute)) { return WRONG_USER_ATTRIBUTE; } } return OPERATION_OK; }
private UserInfo CreateUserInfo(LDAPUser domainUser, LDAPSupportSettings settings) { var user = new UserInfo { ID = Guid.NewGuid(), UserName = domainUser.AccountName, Sid = domainUser.Sid.Value, ActivationStatus = (!string.IsNullOrEmpty(domainUser.Mail) ? EmployeeActivationStatus.Activated : EmployeeActivationStatus.NotActivated), Email = (!string.IsNullOrEmpty(domainUser.Mail) ? domainUser.Mail : string.Empty), MobilePhone = (!string.IsNullOrEmpty(domainUser.Mobile) ? domainUser.Mobile : string.Empty), Title = (!string.IsNullOrEmpty(domainUser.Title) ? domainUser.Title : string.Empty), Location = (!string.IsNullOrEmpty(domainUser.Street) ? domainUser.Street : string.Empty), WorkFromDate = TenantUtil.DateTimeNow() }; if (!string.IsNullOrEmpty(domainUser.FirstName)) { if (domainUser.FirstName.Length > MAX_NUMBER_OF_SYMBOLS) { user.FirstName = domainUser.FirstName.Substring(0, MAX_NUMBER_OF_SYMBOLS); } else { user.FirstName = domainUser.FirstName; } } else { user.FirstName = string.Empty; } if (!string.IsNullOrEmpty(domainUser.SecondName)) { if (domainUser.SecondName.Length > MAX_NUMBER_OF_SYMBOLS) { user.LastName = domainUser.SecondName.Substring(0, MAX_NUMBER_OF_SYMBOLS); } else { user.LastName = domainUser.SecondName; } } else { user.LastName = string.Empty; } if (user.Email == string.Empty) { var domain = ADDomain.GetDomain(settings); var domainName = domain != null ? domain.Name : UNKNOWN_DOMAIN; string loginName = domainUser.InvokeGet(settings.LoginAttribute).ToString(); user.Email = loginName.Contains("@") ? loginName : loginName + "@" + domainName; } return user; }
public UserInfo GetDiscoveredUser(LDAPSupportSettings settings, string sid) { var domainUser = ADDomain.GetUserBySid(settings, sid); if (domainUser != null && !domainUser.IsDisabled && IsUserExistsInGroup(domainUser, settings)) { _domainUsers = new List<LDAPUser>(); _domainUsers.Add(domainUser); var userInfo = CreateUserInfo(domainUser, settings); if (CheckEmail(userInfo)) { return userInfo; } } return Core.Users.Constants.LostUser; }
public static List<LDAPUser> GetUsersByAttributes(LDAPSupportSettings settings) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { return Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute), Expression.Exists(settings.LoginAttribute)), settings.UserFilter, settings). ConvertAll<LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList(); } catch (ArgumentException) { throw new ArgumentException(); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return null; }
public static List<LDAPUser> GetUsersFromPrimaryGroup(LDAPSupportSettings settings, string primaryGroupID) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; try { return Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)).Add(Criteria.All( Expression.Equal(Constants.ADSchemaAttributes.PrimaryGroupID, primaryGroupID))), settings.UserFilter, settings). ConvertAll<LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(g => g != null).ToList(); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return null; }
private bool IsUserExistsInGroup(LDAPUser domainUser, LDAPSupportSettings settings) { if (!settings.GroupMembership || DomainGroups == null || DomainGroups.Count == 0 || _primaryGroup != null) { return true; } var dn = ADDomain.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { if (ADDomain.UserExistsInGroup(domainGroup, dn, settings.GroupAttribute)) { return true; } } return false; }
public static List<LDAPObject> Search(string root, Criteria criteria, string userFilter, LDAPSupportSettings settings) { var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure; string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch (Exception) { password = string.Empty; } if (settings.PortNumber == Constants.SSL_LDAP_PORT) { type |= AuthenticationTypes.SecureSocketsLayer; } var entry = settings.Authentication ? new DirectoryEntry(root, settings.Login, password, type) : new DirectoryEntry(root); try { object nativeObject = entry.NativeObject; } catch (Exception e) { _log.ErrorFormat("Error authenticating user. Current user has not access to read this directory: {0}. {1}", root, e); return new List<LDAPObject>(0); } if (!string.IsNullOrEmpty(userFilter) && !userFilter.StartsWith("(") && !userFilter.EndsWith(")")) { userFilter = "(" + userFilter + ")"; } return SearchInternal(root, criteria != null ? "(&" + criteria.ToString() + userFilter + ")" : userFilter, SearchScope.Subtree, settings); }
public void AddUserIntoGroups(UserInfo user, LDAPSupportSettings settings) { if (user == null || !settings.GroupMembership || DomainGroups == null) { return; } var domainUser = FindDomainUser(user.Sid); if (domainUser == null) { return; } var dn = ADDomain.GetUserAttribute(domainUser, settings.UserAttribute); foreach (var domainGroup in DomainGroups) { var members = ADDomain.GetGroupAttribute(domainGroup, settings.GroupAttribute); if (members != null) { if (members.Value != null) { foreach (var member in members) { var memberString = member.ToString(); if (IsUser(memberString)) { if (dn.Equals(memberString, StringComparison.InvariantCultureIgnoreCase)) { var group = CoreContext.GroupManager.GetGroupInfoBySid(domainGroup.Sid.Value); if (group != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, group.ID); } } } else if (!_cache.Exists(memberString, domainGroup.Sid.Value) && IsGroup(memberString)) { _cache.Add(memberString, domainGroup.Sid.Value); } } } } } if (_primaryGroup != null) { var primaryGroup = CoreContext.GroupManager.GetGroupInfoBySid(_primaryGroup.Sid); if (primaryGroup != Core.Users.Constants.LostGroupInfo) { CoreContext.UserManager.AddUserIntoGroup(user.ID, primaryGroup.ID); } } }
public static List<LDAPUser> GetUsersByAttributesAndFilter(LDAPSupportSettings settings, string filter) { var dn = settings.Server + ":" + settings.PortNumber + "/" + settings.UserDN; if (!string.IsNullOrEmpty(settings.UserFilter) && !settings.UserFilter.StartsWith("(") && !settings.UserFilter.EndsWith(")")) { settings.UserFilter = "(" + settings.UserFilter + ")"; } filter = "(&" + settings.UserFilter + filter + ")"; try { return Search(dn, Criteria.All(Expression.Exists(settings.BindAttribute)), filter, settings). ConvertAll<LDAPUser>((LDAPObject obj) => obj as LDAPUser).Where(u => u != null).ToList(); } catch (Exception e) { _log.ErrorFormat("Can not access to directory: {0}. {1}", dn, e); } return null; }
public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer) { if (!settings.EnableLdapAuthentication) { return(OPERATION_OK); } string password; try { password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes)); } catch { password = string.Empty; } try { if (settings.Authentication) { CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber); } if (!CheckServerAndPort(settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return(WRONG_SERVER_OR_PORT); } } catch (DirectoryServicesCOMException) { return(CREDENTIALS_NOT_VALID); } catch (COMException) { return(WRONG_SERVER_OR_PORT); } if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return(WRONG_USER_DN); } try { importer.AllDomainUsers = GetUsersByAttributes(settings); } catch (ArgumentException) { _log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter); return(INCORRECT_LDAP_FILTER); } if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0) { _log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN); return(USERS_NOT_FOUND); } if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute)) { return(WRONG_LOGIN_ATTRIBUTE); } if (settings.GroupMembership) { if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server, settings.PortNumber, settings.Authentication, settings.Login, password)) { return(WRONG_GROUP_DN_OR_GROUP_NAME); } importer.DomainGroups = GetGroupsByParameter(settings); if (importer.DomainGroups == null || importer.DomainGroups.Count == 0) { return(GROUPS_NOT_FOUND); } if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute)) { return(WRONG_GROUP_ATTRIBUTE); } if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute)) { return(WRONG_USER_ATTRIBUTE); } } return(OPERATION_OK); }
private UserInfo CreateUserInfo(LDAPObject domainUser, LDAPSupportSettings settings) { string userName = GetAttributeFromUser(domainUser, settings.LoginAttribute); string firstName = GetAttributeFromUser(domainUser, settings.FirstNameAttribute); string secondName = GetAttributeFromUser(domainUser, settings.SecondNameAttribute); string mail = GetAttributeFromUser(domainUser, settings.MailAttribute); string mobilePhone = GetAttributeFromUser(domainUser, settings.MobilePhoneAttribute); string title = GetAttributeFromUser(domainUser, settings.TitleAttribute); string location = GetAttributeFromUser(domainUser, settings.LocationAttribute); List <string> contacts = new List <string>(2); if (!string.IsNullOrEmpty(mobilePhone)) { contacts.Add(mobPhone); contacts.Add(mobilePhone); } var user = new UserInfo { ID = Guid.NewGuid(), UserName = userName, Sid = domainUser.Sid, ActivationStatus = (!string.IsNullOrEmpty(mail) ? EmployeeActivationStatus.Activated : EmployeeActivationStatus.NotActivated), Email = (!string.IsNullOrEmpty(mail) ? mail : string.Empty), Title = (!string.IsNullOrEmpty(title) ? title : string.Empty), Location = (!string.IsNullOrEmpty(location) ? location : string.Empty), WorkFromDate = TenantUtil.DateTimeNow(), Contacts = contacts }; if (!string.IsNullOrEmpty(firstName)) { if (firstName.Length > maxNumberOfSymbols) { user.FirstName = firstName.Substring(0, maxNumberOfSymbols); } else { user.FirstName = firstName; } } else { user.FirstName = string.Empty; } if (!string.IsNullOrEmpty(secondName)) { if (secondName.Length > maxNumberOfSymbols) { user.LastName = secondName.Substring(0, maxNumberOfSymbols); } else { user.LastName = secondName; } } else { user.LastName = string.Empty; } if (user.Email == string.Empty) { var domain = ldapHelper.GetDomain(settings); //DC= or dc= var domainName = domain != null && domain.DistinguishedName != null? domain.DistinguishedName.Remove(0, 3).Replace(",DC=", ".").Replace(",dc=", ".") : unknownDomain; string loginName = domainUser.InvokeGet(settings.LoginAttribute).ToString(); string email = loginName.Contains("@") ? loginName : loginName + "@" + domainName; user.Email = email.Replace(" ", string.Empty); } return(user); }
public abstract byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer, bool acceptCertificate = false);
private void CreateUsersAndGroups(LDAPSupportSettings settings) { Status = Resource.LdapSettingsStatusGettingGroupsFromLdap; var groups = _importer.GetDiscoveredGroupsByAttributes(settings); Percentage = 8; Status = Resource.LdapSettingsStatusGettingUsersFromLdap; var users = _importer.GetDiscoveredUsersByAttributes(settings); Percentage = 15; Status = Resource.LdapSettingsStatusSavingGroups; AddGroupsToCore(groups); Percentage = 35; Status = Resource.LdapSettingsStatusSavingUsers; double percents = 35; var step = percents / users.Count; if (users != null && users.Count != 0) { for (int i = 0; i < users.Count; i++) { if (users[i].FirstName == string.Empty) { users[i].FirstName = Resource.FirstName; } if (users[i].LastName == string.Empty) { users[i].LastName = Resource.LastName; } } users = users.SortByUserName(); for (int i = 0; i < users.Count; i++) { if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers) { users[i] = UserManagerWrapper.AddUser(users[i], UserManagerWrapper.GeneratePassword(), true, false); } else { users[i] = UserManagerWrapper.AddUser(users[i], UserManagerWrapper.GeneratePassword(), true, false, true); } Percentage += step; } } Percentage = 70; var allLdapUsers = CoreContext.UserManager.GetUsers().Where(u => u.Sid != null).ToArray(); percents = 20; step = percents / allLdapUsers.Length; for (int i = 0; i < allLdapUsers.Length; i++) { _importer.AddUserIntoGroups(allLdapUsers[i], settings); Percentage += step; } Percentage = 90; AddUsersInCacheGroups(); RemoveEmptyGroups(); }
internal static List <LDAPObject> SearchInternal(string root, string criteria, SearchScope scope, LDAPSupportSettings settings) { _log.InfoFormat("ADDomain.Search(root: \"{0}\", criteria: \"{1}\", scope: {2})", root, criteria, scope); List <DirectoryEntry> entries = ADHelper.Search(root, criteria, scope, settings); if (entries == null) { entries = new List <DirectoryEntry>(0); } return(new LDAPObjectFactory().CreateObjects(entries)); }
public ISettings GetDefault() { var domainName = ""; var distinguishedName = ""; var isMono = WorkContext.IsMono; if (!isMono) { try { var domain = Domain.GetCurrentDomain(); domainName = string.Format(@"LDAP://{0}", domain.Name); if (_ldapHelper == null) { _ldapHelper = new SystemLdapHelper(); } distinguishedName = _ldapHelper.GetDefaultDistinguishedName(domainName, Constants.STANDART_LDAP_PORT) ?? ""; } catch (Exception) { domainName = ""; distinguishedName = ""; } } var settings = new LDAPSupportSettings { Server = domainName, UserDN = distinguishedName, PortNumber = Constants.STANDART_LDAP_PORT, UserFilter = string.Format("({0}=*)", isMono ? Constants.RfcLDAPAttributes.UID : Constants.ADSchemaAttributes.USER_PRINCIPAL_NAME), LoginAttribute = isMono ? Constants.RfcLDAPAttributes.UID : Constants.ADSchemaAttributes.ACCOUNT_NAME, FirstNameAttribute = Constants.ADSchemaAttributes.FIRST_NAME, SecondNameAttribute = Constants.ADSchemaAttributes.SURNAME, MailAttribute = Constants.ADSchemaAttributes.MAIL, TitleAttribute = Constants.ADSchemaAttributes.TITLE, MobilePhoneAttribute = Constants.ADSchemaAttributes.MOBILE, LocationAttribute = Constants.ADSchemaAttributes.STREET, GroupDN = distinguishedName, GroupFilter = string.Format("({0}={1})", Constants.ADSchemaAttributes.OBJECT_CLASS, isMono ? Constants.ObjectClassKnowedValues.POSIX_GROUP : Constants.ObjectClassKnowedValues.GROUP), UserAttribute = isMono ? Constants.RfcLDAPAttributes.UID : Constants.ADSchemaAttributes.DISTINGUISHED_NAME, GroupAttribute = isMono ? Constants.RfcLDAPAttributes.MEMBER_UID : Constants.ADSchemaAttributes.MEMBER, GroupNameAttribute = Constants.ADSchemaAttributes.COMMON_NAME, Authentication = string.IsNullOrEmpty(distinguishedName) }; return(settings); }
internal static List<LDAPObject> SearchInternal(string root, string criteria, SearchScope scope, LDAPSupportSettings settings) { _log.InfoFormat("ADDomain.Search(root: \"{0}\", criteria: \"{1}\", scope: {2})", root, criteria, scope); List<DirectoryEntry> entries = ADHelper.Search(root, criteria, scope, settings); if (entries == null) { entries = new List<DirectoryEntry>(0); } return new LDAPObjectFactory().CreateObjects(entries); }