private SearchResult TryGetPrincipal(PrincipalSearchType searchType, string principalName) { if (string.IsNullOrEmpty(principalName)) { return(null); } this.LogDebug($"Trying to a {searchType} search for principal \"{principalName}\"..."); PrincipalId principalId = null; var searchString = new StringBuilder(); if (searchType == PrincipalSearchType.Users) { principalId = UserId.Parse(principalName); searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})"); } else if (searchType.HasFlag(PrincipalSearchType.Groups)) { principalId = GroupId.Parse(principalName); searchString.Append("(|"); searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})"); searchString.Append($"(name={LDAP.Escape(principalId?.Principal ?? principalName)})"); searchString.Append(")"); } else if (searchType == PrincipalSearchType.UsersAndGroups) { throw new ArgumentOutOfRangeException(nameof(searchType)); } HashSet <CredentialedDomain> domains; if (principalId == null) { this.LogDebug($"No domain specified, searching through aliases."); domains = this.domainsToSearch.Value; } else { this.LogDebug($"Domain alias \"{principalId.DomainAlias}\" will be used."); domains = new HashSet <CredentialedDomain>(); domains.Add(new CredentialedDomain(principalId.DomainAlias)); } foreach (var domain in domains) { this.LogDebug($"Searching domain {domain}..."); using (var entry = new DirectoryEntry("LDAP://DC=" + domain.Name.Replace(".", ",DC="), domain.UserName, domain.Password)) using (var searcher = new DirectorySearcher(entry)) { searcher.Filter = searchString.ToString(); var result = searcher.FindOne(); if (result != null) { return(result); } } } this.LogDebug($"Principal not found."); return(null); }
private IUserDirectoryPrincipal CreatePrincipal(SearchResult result) { var principalId = PrincipalId.FromSearchResult(result); if (principalId == null) { return(null); } if (principalId is UserId) { return(new ActiveDirectoryUser((UserId)principalId, result.GetPropertyValue("displayName"), result.GetPropertyValue("mail"))); } else { return(new ActiveDirectoryGroup((GroupId)principalId)); } }
private void GetParentGroups(PrincipalId principalId, HashSet <GroupId> groupList, bool recurse) { var escapedUserPrincipalName = LDAP.Escape(principalId.ToString()); var filter = string.Format( "(&(|(objectCategory=user)(objectCategory=group))(|(userPrincipalName={0})(sAMAccountName={1})(name={1})))", LDAP.Escape(principalId.ToString()), LDAP.Escape(principalId.Principal) ); try { using (var entry = new DirectoryEntry($"LDAP://" + principalId.GetDomainSearchPath())) using (var searcher = new DirectorySearcher(entry)) { searcher.Filter = filter; var result = searcher.FindOne(); if (result == null) { return; } foreach (var group in result.ExtractGroups()) { if (groupList.Add(group) && recurse) { this.GetParentGroups(group, groupList, true); } } } } catch (Exception ex) { this.LogWarning("Failed to get active directory groups: " + ex.Message); } }