private void ConnectLdapConnection(LdapConnection ldapConnection, LdapSettings settings)
{
ldapConnection.UserDefinedServerCertValidationDelegate += (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
foreach (var cert in chain.ChainElements)
{
if (cert.Certificate.Thumbprint.ToLower() == settings.CertificateThumbprint.ToLower())
{
return(true);
}
}
return(false);
};
/**
* CONFIGURE SSL
*/
if (settings.UseSSL)
{
logger.LogDebug("Starting SSL session.");
ldapConnection.SecureSocketLayer = true;
}
/**
* CONNECT
*/
ldapConnection.Connect(settings.Server, settings.Port);
/**
* CONFIGURE TLS
*/
if (settings.UseTLS)
{
logger.LogDebug("Starting TLS session.");
ldapConnection.StartTls();
}
}
public List <User> GetUsers(IEnumerable <string> organizationalUnits, string uniqueIdAttributeName, LdapSettings settings)
{
var list = new List <User>();
using (var ldapConnection = new LdapConnection())
{
try
{
ConnectLdapConnection(ldapConnection, settings);
ldapConnection.Bind(settings.Username, settings.Password);
var attributes = new List <string>()
{
LastModifiedAttribute, UserPrincipalNameAttribute, MemberOfAttribute, EmailAttribute, DisplayNameAttribute, FirstnameAttribute, LastnameAttribute, UsernameAttribute, AccountControlAttribute, GuidAttribute
};
if (!string.IsNullOrEmpty(uniqueIdAttributeName))
{
attributes.Add(uniqueIdAttributeName);
}
foreach (var ou in organizationalUnits)
{
logger.LogDebug($"Search OU {ou}...");
var results = ldapConnection.Search(ou, LdapConnection.SCOPE_SUB, SearchFilter, attributes.ToArray(), false);
while (results.HasMore())
{
var entry = results.Next();
logger.LogDebug($"Found user {entry.DN}");
string uniqueId = null;
if (!string.IsNullOrEmpty(uniqueIdAttributeName))
{
uniqueId = entry.getAttribute(uniqueIdAttributeName).StringValue;
}
var isActive = false;
var accountControlValue = entry.getAttribute(AccountControlAttribute)?.StringValue;
if (accountControlValue != null)
{
var accountControlIntValue = int.Parse(accountControlValue);
isActive = !((accountControlIntValue & IsActiveAttributeValue) == IsActiveAttributeValue);
}
var lastModified = DateTime.ParseExact(
entry.getAttribute(LastModifiedAttribute).StringValue,
LastModifiedDateFormat,
CultureInfo.InvariantCulture
);
list.Add(new User
{
IsActive = isActive,
Username = entry.getAttribute(UsernameAttribute)?.StringValue,
UPN = entry.getAttribute(UserPrincipalNameAttribute)?.StringValue,
Firstname = entry.getAttribute(FirstnameAttribute)?.StringValue,
Lastname = entry.getAttribute(LastnameAttribute)?.StringValue,
DisplayName = entry.getAttribute(DisplayNameAttribute)?.StringValue,
Email = entry.getAttribute(EmailAttribute)?.StringValue,
Guid = GetGuidAsString(entry.getAttribute(GuidAttribute)?.ByteValueArray),
UniqueId = uniqueId,
Groups = entry.getAttribute(MemberOfAttribute)?.StringValueArray,
OU = GetOU(entry.DN),
LastModified = lastModified
});
}
}
}
catch (LdapException e)
{
logger.LogError(e, "LDAP error.");
list = null;
}
catch (Exception e)
{
logger.LogError(e, "Non-LDAP error.");
list = null;
}
// Needed to prevent Dispose() from an infinite call, see https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard/issues/101
if (ldapConnection.TLS)
{
ldapConnection.StopTls();
}
}
return(list);
}
