/// <summary>
/// Handle single user.
/// </summary>
/// <param name="entry">User LDAP object.</param>
private void HandleUser(SearchResultEntry entry)
{
// Create CMS object from LDAP object
var user = new User(
LdapHelper.GetObjectGuid(entry),
LdapHelper.GetAttributeString(entry.Attributes["name"], true),
LdapHelper.IsUserEnabled(entry),
UserBindings.Select(k => new KeyValuePair <string, string>(k.Cms, LdapHelper.GetAttributeString(entry.Attributes[k.Ldap]))).ToList());
// Find existing object in LDAP replica
var existing = Replica.Users.FirstOrDefault(u => u.Guid == user.Guid);
if (LdapHelper.IsDeleted(entry))
{
if (existing != null)
{
// Remove user
Sender.RemoveUser(existing);
Replica.Users.Remove(existing);
}
}
else if (existing != null)
{
// Check if any attribute has changed
var userXml = Sender.GetUser(user.Guid);
if (!string.IsNullOrEmpty(userXml))
{
bool userChanged =
User.InternalBindings.Any(
b =>
RestHelper.GetAttributeFromReponse(userXml, b.Value) !=
((b.Key == "userAccountControl" ? LdapHelper.IsUserEnabled(entry).ToString().ToLowerInvariant() : LdapHelper.GetAttributeString(entry.Attributes[b.Key], b.Key == "name")) ?? string.Empty));
userChanged |=
UserBindings.Any(
b =>
RestHelper.GetAttributeFromReponse(userXml, b.Cms) !=
(LdapHelper.GetAttributeString(entry.Attributes[b.Ldap]) ?? string.Empty));
if (userChanged)
{
// Modify user
Sender.ModifyUser(user);
}
}
}
else
{
// Add user
long?userId = Sender.AddUser(user);
if (userId != null)
{
user.Id = userId.Value;
user.DistinguishedName = entry.DistinguishedName;
Replica.Users.Add(user);
}
}
}
/// <summary>
/// Handle single role.
/// </summary>
/// <param name="entry">Group LDAP object.</param>
private void HandleGroup(SearchResultEntry entry)
{
// Create CMS object from LDAP object
var role = new Role(LdapHelper.GetObjectGuid(entry),
LdapHelper.GetAttributeString(entry.Attributes["sAMAccountName"], true),
LdapHelper.GetAttributeString(entry.Attributes["displayName"]),
GroupBindings.Select(k => new KeyValuePair <string, string>(k.Cms, LdapHelper.GetAttributeString(entry.Attributes[k.Ldap]))).ToList());
var existing = Replica.Groups.FirstOrDefault(g => g.Guid == role.Guid);
List <User> currentMembers = (existing == null) ? new List <User>() : Replica.Bindings.Where(b => b.RoleId == existing.Id).SelectMany(b => Replica.Users.Where(u => u.Id == b.UserId)).ToList();
List <User> newMembers = LdapHelper.GetGroupMembers(entry).SelectMany(d => Replica.Users.Where(u => string.Equals(u.DistinguishedName, d, StringComparison.InvariantCultureIgnoreCase))).ToList();
if (LdapHelper.IsDeleted(entry))
{
if (existing != null)
{
// Delete role
Sender.RemoveRole(existing);
Replica.Groups.Remove(existing);
}
}
else
{
if (existing != null)
{
role.Id = existing.Id;
// Check if any attribute has changed
var roleXml = Sender.GetRole(role.Id);
if (!string.IsNullOrEmpty(roleXml))
{
bool roleChanged =
Role.InternalBindings.Any(
b =>
RestHelper.GetAttributeFromReponse(roleXml, b.Value) !=
(LdapHelper.GetAttributeString(entry.Attributes[b.Key], b.Key == "sAMAccountName") ?? string.Empty));
roleChanged |=
GroupBindings.Any(
b =>
RestHelper.GetAttributeFromReponse(roleXml, b.Cms) !=
(LdapHelper.GetAttributeString(entry.Attributes[b.Ldap]) ?? string.Empty));
if (roleChanged)
{
// Modify role
Sender.ModifyRole(role);
}
}
}
else
{
// Add role
long?roleId = Sender.AddRole(role);
if (roleId != null)
{
role.Id = roleId.Value;
Replica.Groups.Add(role);
}
}
// Add members
var addedMembers = newMembers.Where(m => currentMembers.All(c => c.Guid != m.Guid)).ToList();
foreach (var member in addedMembers)
{
var userroleId = Sender.AddUserToRole(member.Id, role.Id);
if (userroleId != null)
{
Replica.Bindings.Add(new UserRoleBinding(member.Id, role.Id)
{
Id = userroleId.Value
});
}
}
// Remove members
var removedMembers =
currentMembers.Where(m => newMembers.All(c => c.Guid != m.Guid))
.SelectMany(m => Replica.Bindings.Where(b => (b.RoleId == role.Id) && (b.UserId == m.Id)))
.ToList();
foreach (var member in removedMembers)
{
Sender.RemoveUserFromRole(member.Id);
Replica.Bindings.Remove(member);
}
}
}