| public static LogErrorPortalObject ( string msg, string obj ) : void | ||
| msg | string | |
| obj | string | |
| return | void | |
// domain, orgunit, container (folder)
private void DeletePortalContainer(Node node)
{
try
{
AdLog.LogPortalObject("Deleting portal container (orgunit/domain/folder)", node.Path);
if (Node.Exists(node.Path))
{
// move all underlying users to deleted folder
var users = Common.GetContainerUsers(node);
// delete user nodes
foreach (Node userNode in users)
{
DeletePortalUser(userNode);
}
// delete container node if allowed
if (Common.GetContainerUsers(node).Count() == 0)
{
Node.DeletePhysical(node.Id);
}
else
{
AdLog.LogErrorPortalObject("Portal container cannot be deleted, it contains users!", node.Path);
}
}
}
catch (Exception ex)
{
AdLog.LogErrorADObject(ex.Message, node.Path);
}
}
public static bool IsADCustomAuthenticated(string adPath, string loginPropValue, string pwd, string loginProp, string customADAdminAccountName, string customADAdminAccountPwd)
{
if (string.IsNullOrEmpty(adPath))
{
return(false);
}
DirectoryEntry searchRoot = null;
try
{
searchRoot = new DirectoryEntry(adPath);
searchRoot.AuthenticationType = AuthenticationTypes.None;
if (!string.IsNullOrEmpty(customADAdminAccountName))
{
searchRoot.AuthenticationType = AuthenticationTypes.ServerBind;
searchRoot.Username = customADAdminAccountName;
searchRoot.Password = customADAdminAccountPwd;
}
var objSearch = new DirectorySearcher(searchRoot);
objSearch.SearchScope = SearchScope.Subtree;
objSearch.Filter = string.Format("({0}={1})", loginProp, loginPropValue);
var result = objSearch.FindAll();
if (result.Count != 1)
{
AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue);
return(false);
}
var userName = result[0].Path.Substring(adPath.Length + 1);
searchRoot.AuthenticationType = AuthenticationTypes.ServerBind;
searchRoot.Username = userName;
searchRoot.Password = pwd;
result = objSearch.FindAll();
if (result.Count != 1)
{
AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue);
return(false);
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
return(false);
}
finally
{
if (searchRoot != null)
{
searchRoot.Dispose();
}
}
return(true);
}
private void UpdateADGroupCustomProperies(DirectoryEntry entry, Node node)
{
if (_config.SyncUserName)
{
entry.Properties["sAMAccountName"].Value = node.Name.MaximizeLength(_config.ADsAMAccountNameMaxLength);
}
// dobsonl 20101005: probably not necessary
//entry.Properties["groupType"].Value = ADGroupOptions.GlobalSecurityGroup;
var group = (Group)node;
// membership
// 1 remove AD group users
entry.Properties["member"].Clear();
// 1 go through portal group users
// 2 decide which synctree does the user belong to
// 3 add synced user
foreach (Node portalMember in group.Members)
{
var syncTree = GetSyncTreeContainingPortalPath(portalMember.Path);
if (syncTree == null)
{
AdLog.LogWarning("Portal group contains member under path that is not synchronized!");
continue;
}
var guid = Common.GetPortalObjectGuid(portalMember);
if (!guid.HasValue)
{
AdLog.LogErrorPortalObject("Portal group contains member that has no SyncGuid property set!", portalMember.Path);
continue;
}
using (DirectoryEntry ADmember = syncTree.GetADObjectByGuid((Guid)guid))
{
if (ADmember == null)
{
AdLog.LogErrorPortalObject("No corresponding AD user found to portal member", node.Path);
continue;
}
entry.Properties["member"].Add(ADmember.Properties["distinguishedName"].Value.ToString());
}
}
}
/* ==================================================================================== VirtualUser helper methods */
public static bool IsADAuthenticated(string adPath, string domain, string username, string pwd, string userNameProp)
{
if (string.IsNullOrEmpty(adPath))
{
return(false);
}
var domainAndUsername = string.Concat(domain, @"\", username);
DirectoryEntry entry = null;
try
{
entry = new DirectoryEntry(adPath, domainAndUsername, pwd);
// Bind to the native AdsObject to force authentication.
var obj = entry.NativeObject;
var search = new DirectorySearcher(entry)
{
Filter = $"({userNameProp}={username})"
};
search.PropertiesToLoad.Add("cn");
var result = search.FindOne();
if (result == null)
{
AdLog.LogErrorPortalObject("Could not find corresponding AD user", string.Concat(domain, "\\", username));
return(false);
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
return(false);
}
finally
{
entry?.Dispose();
}
return(true);
}
private void UpdateADObject(Node node, string newPath, string passwd, Action <DirectoryEntry, SyncTree, Node, string, string> UpdateObjectProperties)
{
// ha az objektum nincs szinkronizálva
if (!IsSyncedObject(node.Path))
{
return;
}
// ha a mozgatás nem megengedett tartományok között történik
if (!AllowMoveADObject(node, newPath))
{
return;
}
AdLog.LogPortalObject("Updating AD object", node.Path);
var guid = Common.GetPortalObjectGuid(node);
if (guid.HasValue)
{
var ADObject = GetADObjectByGuid((Guid)guid);
using (DirectoryEntry entry = ADObject.entry)
{
if (entry != null)
{
var entrySyncTree = ADObject.syncTree;
UpdateObjectProperties(entry, entrySyncTree, node, newPath, passwd);
}
else
{
AdLog.LogErrorPortalObject(string.Format("AD object with the given GUID ({0}) does not exist", guid.ToString()), node.Path);
}
}
}
else
{
AdLog.LogErrorPortalObject("Portal node does not have a syncguid", node.Path);
}
}
public void DeleteADObject(string nodePath, Guid?guid)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
if (!IsSyncedObject(nodePath))
{
return;
}
AdLog.LogPortalObject("Deleting AD object", nodePath);
//var guid = Common.GetPortalObjectGuid(node);
if (guid.HasValue)
{
SyncTreeADObject ADObject = GetADObjectByGuid((Guid)guid);
using (DirectoryEntry entry = ADObject.entry)
{
if (entry != null)
{
// disable users under AD object and move them to specific folder
var deletedPath = ADObject.syncTree.DeletedADObjectsPath;
bool entryDeleted = false;
using (DirectoryEntry deletedParent = ADObject.syncTree.ConnectToObject(deletedPath))
{
using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry))
{
foreach (SearchResult result in resultColl)
{
using (DirectoryEntry userEntry = result.GetDirectoryEntry())
{
var userPath = userEntry.Path;
// disable user and move to deleted folder
if (deletedParent != null)
{
userEntry.MoveTo(deletedParent);
}
else
{
AdLog.LogError("Folder for deleted users could not be found on AD server!");
}
Common.DisableUserAccount(userEntry);
Common.DisableADObjectCustomProperties(userEntry, _propertyMappings, _config.ADNameMaxLength, _config.ADsAMAccountNameMaxLength);
userEntry.CommitChanges();
// ha a parent objektum maga egy user volt, akkor őt később már nem kell törölni
if (entry.Path == userPath)
{
entryDeleted = true;
}
}
}
}
}
// delete remaining entries under this entry including itself (if it has not been deleted yet)
if (!entryDeleted)
{
// double check user containment: if it still contains users, raise an error!
using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry))
{
if (resultColl.Count == 0)
{
entry.DeleteTree();
}
else
{
AdLog.LogErrorADObject("AD container cannot be deleted, it contains users!", entry.Path);
}
}
}
}
else
{
AdLog.LogErrorPortalObject(string.Format("AD object with the given GUID ({0}) does not exist", guid.ToString()), nodePath);
}
}
}
else
{
AdLog.LogErrorPortalObject("Portal node does not have a syncguid", nodePath);
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}