/* ==================================================================================== Public Methods */ public void CreateNewADUser(User user, string newPath, string passwd) { IUser originalUser = User.Current; Common.ChangeToAdminAccount(); try { var parentPath = RepositoryPath.GetParentPath(newPath); // get containing synctree var syncTree = GetSyncTreeContainingPortalPath(parentPath); if (syncTree == null) { // not synced object return; } AdLog.LogPortalObject("Creating new AD user", user.Path); var parentADPath = syncTree.GetADPath(parentPath); CreateADUser(syncTree, parentADPath, user, passwd); } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }
/* ==================================================================================== Static Methods */ // gets directoryentry from AD - no custom account is used and Novell is not supported public static DirectoryEntry ConnectToADSimple(string ldapPath) { var deADConn = new DirectoryEntry(ldapPath); Exception exADConnectException = null; bool bError = false; for (int i = 0; i < 3; i++) { try { var oNativeObject = deADConn.NativeObject; bError = false; break; } catch (Exception ex) { bError = true; exADConnectException = ex; System.Threading.Thread.Sleep(3000); } } if (bError) { AdLog.LogException(exADConnectException); throw new Exception("Connecting to AD server failed", exADConnectException); } return(deADConn); }
private void UpdatePortalDomainProperties(DirectoryEntry entry, Node node, SyncTree syncTree) { AdLog.LogObjects("Updating portal domain properties", entry.Path, node.Path); node.Name = GetADDomainName(entry); // node.Save() nem kell, később mentődik }
public static bool SyncVirtualUserFromAD(string adPath, Guid guid, User virtualUser, List <PropertyMapping> propertyMappings, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp, bool syncUserName) { bool success = false; try { using (var serverEntry = ConnectToAD(adPath, customADAdminAccountName, customADAdminAccountPwd, novellSupport, guidProp)) { var filter = string.Format("{0}={1}", guidProp, Common.Guid2OctetString(guid)); using (var entry = SearchADObject(serverEntry, filter, novellSupport, guidProp)) { if (entry != null) { UpdatePortalUserCustomProperties(entry, virtualUser, propertyMappings, syncUserName); virtualUser["SyncGuid"] = guid.ToString(); success = true; } } } } catch (Exception ex) { AdLog.LogException(ex); } return(success); }
public static SearchResultCollection Search(DirectoryEntry searchRoot, string filter, bool novellSupport, string guidProp) { //Create a directory searcher var dsDirSearcher = new DirectorySearcher(searchRoot); //Set the search filter dsDirSearcher.Filter = filter; dsDirSearcher.SizeLimit = 10000; dsDirSearcher.PageSize = 10000; // NOVELL - force searcher to retrieve the objects' GUID // - this is not done by default when connecting to Novell eDirectory if (novellSupport) { dsDirSearcher.PropertiesToLoad.Add(guidProp); } //Find the user try { var oResults = dsDirSearcher.FindAll(); return(oResults); } catch (Exception e) { AdLog.LogException(e); } return(null); }
private static Dictionary <string, int> GetAllPortalObjects(ADObjectType objType) { var resultNodes = GetAllPortalObjectsByADObjectTypeAndPath(objType, "/Root/IMS"); //var startPath = "/Root/IMS"; //var types = (objType == ADObjectType.AllContainers) // ? new[] { Common.GetNodeType(ADObjectType.OrgUnit).Name, Common.GetNodeType(ADObjectType.Container).Name, Common.GetNodeType(ADObjectType.Domain).Name } // : new[] { Common.GetNodeType(objType).Name }; //var settings = new QuerySettings { EnableAutofilters = FilterStatus.Disabled, EnableLifespanFilter = FilterStatus.Disabled }; //var result = ContentQuery.Query(SafeQueries.InTreeAndTypeIs, settings, startPath, types); var nodeList = new List <Node>(); foreach (var node in resultNodes) { try { if (!string.IsNullOrEmpty(node.GetProperty <string>("SyncGuid"))) { nodeList.Add(node); } } catch (Exception ex) { AdLog.LogError("Error caching nodes" + Environment.NewLine + "NodeId: " + node.Id + Environment.NewLine + "Node path: " + node.Path); AdLog.LogException(ex); throw ex; // rethrow, do not allow adsync to run. if there is something wrong with the syncguid property things can go wrong (content unintentionally deleted, etc.) } } var guidIdList = nodeList.Select(node => new { Guid = node.GetProperty <string>("SyncGuid").ToLower(), ID = node.Id }); return(guidIdList.ToDictionary(a => a.Guid, a => a.ID)); }
// domain, orgunit, container (folder) private void DeletePortalContainer(Node node) { try { AdLog.LogPortalObject("Deleting portal container (orgunit/domain/folder)", node.Path); if (Node.Exists(node.Path)) { // move all underlying users to deleted folder var users = Common.GetContainerUsers(node); // delete user nodes foreach (Node userNode in users) { DeletePortalUser(userNode); } // delete container node if allowed if (Common.GetContainerUsers(node).Count() == 0) { Node.DeletePhysical(node.Id); } else { AdLog.LogErrorPortalObject("Portal container cannot be deleted, it contains users!", node.Path); } } } catch (Exception ex) { AdLog.LogErrorADObject(ex.Message, node.Path); } }
private void CreateNewPortalUser(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree) { try { AdLog.LogADObject(string.Format("New portal user - creating under {0}", parentPath), entry.Path); var newUser = new User(Node.LoadNode(parentPath), _config.UserType); // user actions UpdatePortalUserProperties(entry, newUser, syncTree); Common.UpdateLastSync(newUser, guid); //newUser.Save(); - update lastsync already saves node if (_portalUsers != null) { if (!_portalUsers.ContainsKey(guid.ToString())) { _portalUsers.Add(guid.ToString(), newUser.Id); } } } catch (Exception ex) { AdLog.LogException(ex); } }
private void UpdatePortalFolderProperties(DirectoryEntry entry, Node node, SyncTree syncTree) { AdLog.LogObjects("Updating portal folder properties", entry.Path, node.Path); node.Name = Common.GetADObjectName(entry.Name); // node.Save() nem kell, később mentődik }
private void CreateNewPortalGroup(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree) { try { AdLog.LogADObject(string.Format("New portal group - creating under {0}", parentPath), entry.Path); var newGroup = new Group(Node.LoadNode(parentPath)); UpdatePortalGroupProperties(entry, newGroup, syncTree); Common.UpdateLastSync(newGroup, guid); //newGroup.Save(); - update lastsync already saves node if (_portalGroups != null) { if (!_portalGroups.ContainsKey(guid.ToString())) { _portalGroups.Add(guid.ToString(), newGroup.Id); } } } catch (Exception ex) { AdLog.LogException(ex); } }
private void CreateNewPortalOrgUnit(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree) { try { AdLog.LogADObject(string.Format("New portal orgunit - creating under {0}", parentPath), entry.Path); OrganizationalUnit newOu = new OrganizationalUnit(Node.LoadNode(parentPath)); UpdatePortalOrgUnitProperties(entry, newOu, syncTree); Common.UpdateLastSync(newOu, guid); //newOu.Save(); - update lastsync already saves node if (_portalContainers != null) { if (!_portalContainers.ContainsKey(guid.ToString())) { _portalContainers.Add(guid.ToString(), newOu.Id); } } } catch (Exception ex) { AdLog.LogException(ex); } }
public static bool SyncVirtualUserFromAD(string adPath, string username, User virtualUser, List <PropertyMapping> propertyMappings, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp, bool syncUserName) { bool success = false; try { using (var serverEntry = ConnectToAD(adPath, customADAdminAccountName, customADAdminAccountPwd, novellSupport, guidProp)) { var filter = string.Format("({0}={1})", SyncConfiguration.GetUserNameProp(propertyMappings), username); using (var entry = SearchADObject(serverEntry, filter, novellSupport, guidProp)) { if (entry != null) { UpdatePortalUserCustomProperties(entry, virtualUser, propertyMappings, syncUserName); var guid = Common.GetADObjectGuid(entry, guidProp); if (guid.HasValue) { virtualUser["SyncGuid"] = ((Guid)guid).ToString(); success = true; } } } } } catch (Exception ex) { AdLog.LogException(ex); } return(success); }
public static bool IsADCustomAuthenticated(string adPath, string loginPropValue, string pwd, string loginProp, string customADAdminAccountName, string customADAdminAccountPwd) { if (string.IsNullOrEmpty(adPath)) { return(false); } DirectoryEntry searchRoot = null; try { searchRoot = new DirectoryEntry(adPath); searchRoot.AuthenticationType = AuthenticationTypes.None; if (!string.IsNullOrEmpty(customADAdminAccountName)) { searchRoot.AuthenticationType = AuthenticationTypes.ServerBind; searchRoot.Username = customADAdminAccountName; searchRoot.Password = customADAdminAccountPwd; } var objSearch = new DirectorySearcher(searchRoot); objSearch.SearchScope = SearchScope.Subtree; objSearch.Filter = string.Format("({0}={1})", loginProp, loginPropValue); var result = objSearch.FindAll(); if (result.Count != 1) { AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue); return(false); } var userName = result[0].Path.Substring(adPath.Length + 1); searchRoot.AuthenticationType = AuthenticationTypes.ServerBind; searchRoot.Username = userName; searchRoot.Password = pwd; result = objSearch.FindAll(); if (result.Count != 1) { AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue); return(false); } } catch (Exception ex) { AdLog.LogException(ex); return(false); } finally { if (searchRoot != null) { searchRoot.Dispose(); } } return(true); }
private void DeletePortalUsers(SyncTree syncTree) { AdLog.LogMainActivity("Deleting portal users", syncTree.ADPath, syncTree.PortalPath); DeleteObjectsFromAD(syncTree, ADObjectType.User, syncTree.AllADUsers, DeletePortalUser); }
private void DeletePortalGroups(SyncTree syncTree) { AdLog.LogMainActivity("Deleting portal groups", syncTree.ADPath, syncTree.PortalPath); DeleteObjectsFromAD(syncTree, ADObjectType.Group, syncTree.AllADGroups, DeletePortalGroup); }
private void DeletePortalContainers(SyncTree syncTree) { AdLog.LogMainActivity("Deleting portal containers (domains, orgunits, containers)", syncTree.ADPath, syncTree.PortalPath); DeleteObjectsFromAD(syncTree, ADObjectType.AllContainers, syncTree.AllADContainers, DeletePortalContainer); }
private void SyncGroupsFromAD(SyncTree syncTree) { AdLog.LogMainActivity("Syncing groups", syncTree.ADPath, syncTree.PortalPath); SyncObjectsFromAD(syncTree, ADObjectType.Group, syncTree.AllADGroups, CreateNewPortalGroup, UpdatePortalGroupProperties); }
private void SyncUsersFromAD(SyncTree syncTree) { AdLog.LogMainActivity("Syncing users", syncTree.ADPath, syncTree.PortalPath); SyncObjectsFromAD(syncTree, ADObjectType.User, syncTree.AllADUsers, CreateNewPortalUser, UpdatePortalUserProperties); }
private void SyncContainersFromAD(SyncTree syncTree) { AdLog.LogMainActivity("Syncing containers (domains, orgunits, containers)", syncTree.ADPath, syncTree.PortalPath); SyncObjectsFromAD(syncTree, ADObjectType.AllContainers, syncTree.AllADContainers, CreateNewPortalContainer, UpdatePortalContainerProperties); }
// gets directoryentry from AD - custom account CAN BE used and Novell IS supported public static DirectoryEntry ConnectToAD(string ldapPath, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp) { var deADConn = new DirectoryEntry(ldapPath); // use custom login to retrieve AD object if (!string.IsNullOrEmpty(customADAdminAccountName)) { deADConn.AuthenticationType = AuthenticationTypes.ServerBind; deADConn.Username = customADAdminAccountName; deADConn.Password = customADAdminAccountPwd; } Exception exADConnectException = null; bool bError = false; for (int i = 0; i < 3; i++) { try { var oNativeObject = deADConn.NativeObject; bError = false; break; } catch (Exception ex) { bError = true; exADConnectException = ex; System.Threading.Thread.Sleep(3000); } } if (bError) { AdLog.LogException(exADConnectException); throw new Exception("Connecting to AD server failed", exADConnectException); } // NOVELL - use a searcher to retrieve the objects' GUID // - directoryentry properties does not include guid when connecting to Novell eDirectory if (novellSupport) { var dsDirSearcher = new DirectorySearcher(deADConn); var dn = ldapPath.Substring(ldapPath.LastIndexOf("/") + 1); dsDirSearcher.PropertiesToLoad.Add(guidProp); dsDirSearcher.SearchScope = SearchScope.Base; var result = dsDirSearcher.FindOne(); var guid = result.Properties[guidProp][0]; deADConn.Properties[guidProp].Add(guid); } return(deADConn); }
// sync objects from AD to portal private void SyncObjectsFromAD(SyncTree syncTree, ADObjectType objType, SearchResultCollection allADObjects, Action <DirectoryEntry, string, Guid, SyncTree> CreateNewObject, Action <DirectoryEntry, Node, SyncTree> UpdateProperties) { foreach (SearchResult result in allADObjects) { try { string nodeADpath = result.Path; if (syncTree.IsADPathExcluded(nodeADpath)) { continue; } AdLog.LogOuterADObject("Syncing", result.Path); var guid = Common.GetADResultGuid(result, _config.GuidProp); if (!guid.HasValue) { // no AD guid present for object AdLog.LogErrorADObject("No AD GUID present", result.Path); continue; } // új objektumok (ou, user, group) felvétele, átmozgatások // - ha létezik az adott guid-ú objektum -> path ellenőrzés, átmozgatás // - ha nem létezik, létrehozás string nodePortalParentPath = syncTree.GetPortalParentPath(nodeADpath); if (!Node.Exists(nodePortalParentPath)) { // adpath: OU=OtherOrg,OU=ExampleOrg,DC=Nativ,DC=local // portalParentPath: "/Root/IMS/NATIV/ExampleOrg" EnsurePortalPath(syncTree, syncTree.GetADParentObjectPath(result.Path), RepositoryPath.GetParentPath(nodePortalParentPath)); } SyncOneADObject(result, null, (Guid)guid, objType, nodePortalParentPath, CreateNewObject, UpdateProperties, syncTree); } catch (Exception ex) { // syncing of one object of the current tree failed AdLog.LogException(ex); } } }
public static void SetPassword(DirectoryEntry adUser, string password) { try { adUser.Invoke("SetPassword", new Object[] { password }); } catch (Exception ex) { //Log the error AdLog.LogException(ex); } }
private void DeletePortalGroup(Node node) { try { AdLog.LogPortalObject("Deleting portal group", node.Path); node.Delete(); } catch (Exception ex) { AdLog.LogErrorADObject(ex.Message, node.Path); } }
// gets members of an AD group and returns the corresponding list of <Guid, ADObjectType> objects private Dictionary <Guid, ADGroupMember> GetADGroupMembers(DirectoryEntry group, SyncTree syncTree) { var members = new Dictionary <Guid, ADGroupMember>(); var memberCount = group.Properties["member"].Count; AdLog.LogADObject(string.Format("Group contains {0} member(s).", memberCount), group.Path); for (int i = 0; i < memberCount; i++) { string sMemberDN = group.Properties["member"][i].ToString(); var objSyncTree = GetSyncTreeForObject(sMemberDN); if (objSyncTree == null) { AdLog.LogWarning(string.Format("AD group contains an object that is not contained in any of the synctrees, group's synctree will be used to retrieve the object (group: {0}, object: {1})", group.Path, sMemberDN)); objSyncTree = syncTree; } using (DirectoryEntry oADMember = objSyncTree.ConnectToObject(sMemberDN)) { if (oADMember != null) { var guid = Common.GetADObjectGuid(oADMember, _config.GuidProp); if (guid != null) { var userNameProp = oADMember.Properties[_config.UserNameProp]; var userNameValue = userNameProp == null ? null : userNameProp.Value; if (userNameValue == null) { AdLog.LogError(string.Format("Property {0} of AD group member \"{1}\" is missing or value is null", _config.UserNameProp, sMemberDN)); continue; } members.Add( ((Guid)guid), new ADGroupMember() { objType = Common.GetADObjectType(oADMember, _config.NovellSupport), Path = oADMember.Path, SamAccountName = userNameValue.ToString() }); } } else { AdLog.LogWarning(string.Format("AD group member could not be retrieved (group: {0}, object: {1})", group.Path, sMemberDN)); } } } return(members); }
public bool AllowMoveADObject(Node node, string newPath) { try { // get containing synctree for previous and new path var newParentPath = RepositoryPath.GetParentPath(newPath); var newSyncTree = GetSyncTreeContainingPortalPath(newParentPath); var oldParentPath = RepositoryPath.GetParentPath(node.Path); var oldSyncTree = GetSyncTreeContainingPortalPath(oldParentPath); if ((newSyncTree == null) && (oldSyncTree == null)) { // not synced object return(true); } if (newSyncTree == null) { // kikerül szinkronizált tartományból, NEM MEGENGEDETT return(false); } if (oldSyncTree == null) { // bekerül szinkronizált tartományba, NEM MEGENGEDETT return(false); } // tartománybeli vagy tartományközi moveolás? if (newSyncTree.PortalPath != oldSyncTree.PortalPath) { // más tartományba mozgatjuk if (newSyncTree.IPAddress != oldSyncTree.IPAddress) { // a szerver sem egyezik meg: NEM MEGENGEDETT return(false); } } return(true); } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }
public static void SetPortalObjectGuid(DirectoryEntry entry, Node node, string guidProp) { // get guid var guid = Common.GetADObjectGuid(entry, guidProp); if (guid.HasValue) { Common.UpdateLastSync(node, guid); //node.Save(); } else { AdLog.LogErrorADObject("Created AD object does not have a guid", entry.Path); } }
private void UpdatePortalUserProperties(DirectoryEntry entry, Node node, SyncTree syncTree) { AdLog.LogObjects("Updating portal user properties", entry.Path, node.Path); var user = (IUser)node; if (_config.SyncEnabledState) { user.Enabled = !Common.IsAccountDisabled(entry, _config.NovellSupport); } Common.UpdatePortalUserCustomProperties(entry, node, _propertyMappings, _config.SyncUserName); // node.Save() nem kell, később mentődik }
public void UpdateADContainer(Node node, string newPath) { IUser originalUser = User.Current; Common.ChangeToAdminAccount(); try { UpdateADObject(node, newPath, null, UpdateADContainerProperties); } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }
public void UpdateADUser(User user, string newPath, string passwd) { IUser originalUser = User.Current; Common.ChangeToAdminAccount(); try { UpdateADObject(user, newPath, passwd, UpdateADUserProperties); } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }
public void CreateNewADContainer(Node node, string newPath) { IUser originalUser = User.Current; Common.ChangeToAdminAccount(); try { var parentPath = RepositoryPath.GetParentPath(newPath); // get containing synctree var syncTree = GetSyncTreeContainingPortalPath(newPath); if (syncTree == null) { // not synced object return; } AdLog.LogPortalObject("Creating new AD orgunit/group/container", node.Path); var parentADPath = syncTree.GetADPath(parentPath); // create new AD object var adObjType = Common.GetADObjectType(node.NodeType); switch (adObjType) { case ADObjectType.OrgUnit: CreateADOrgUnit(syncTree, parentADPath, node); break; case ADObjectType.Group: CreateADGroup(syncTree, parentADPath, node); break; case ADObjectType.Container: CreateADContainer(syncTree, parentADPath, node); break; default: break; } } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }