public void Update(UpdateOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
adconn.Update(context.UpdateType, context.ObjectClass, context.Uid, context.Attributes, context.Options);
}
/// <summary>
/// Gets a user by his samAccountName.
/// </summary>
/// <param name="customerName"> The customer name. </param>
/// <param name="samAccountName"> The samAccountName. </param>
/// <returns>
/// The retrieved user.
/// </returns>
public UserFromRepository GetBySamAccountName(string customerName, string samAccountName)
{
using (var activeDirectorySearcher = ActiveDirectoryConnector.GetDirectorySearcher(customerName))
{
activeDirectorySearcher.Filter = $"(&(sAMAccountName={samAccountName}))";
var result = activeDirectorySearcher.FindOne();
if (result == null)
{
throw new UserNotFoundException($"The user with the sAMAccountName {samAccountName} could not be found.");
}
var userFromActiveDirectory = new UserFromActiveDirectory
{
DistinguishedName = result.Properties["distinguishedName"][0].ToString(),
IsLocked = (bool)result.GetDirectoryEntry().InvokeGet("IsAccountLocked"),
Attributes = result.Properties
};
var userFromRepository = Mapper.Map <UserFromActiveDirectory, UserFromRepository>(userFromActiveDirectory);
return(userFromRepository);
}
}
public void Create(CreateOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
context.Uid = adconn.Create(context.ObjectClass, context.Attributes, context.Options);
}
public void ExecuteQuery(ExecuteQueryContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
adconn.ExecuteQuery(context.ObjectClass, context.Query, context.ResultsHandler, context.Options);
}
public void Delete(DeleteOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
adconn.Delete(context.ObjectClass, context.Uid, context.Options);
}
public void Sync(SyncOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
adconn.Sync(context.ObjectClass, context.SyncToken, context.SyncResultsHandler, context.Options);
}
/// <summary>
/// Enables a single user by his samAccountName.
/// </summary>
/// <param name="customerName">The name of the customer the user belongs to.</param>
/// <param name="samAccountName">The samAccountName of the user to unblock.</param>
public void EnableBySamAccountName(string customerName, string samAccountName)
{
// Get the Directory Searcher from the Foundation
using (var activeDirectorySearcher = ActiveDirectoryConnector.GetDirectorySearcher(customerName))
{
// Search for the user to activate.
activeDirectorySearcher.Filter = "(&(sAMAccountName=" + samAccountName + "))";
activeDirectorySearcher.PropertiesToLoad.Add("userAccountControl");
var result = activeDirectorySearcher.FindOne();
if (result == null)
{
throw new UserNotFoundException("The user with the sAMAccountName " + samAccountName + " could not be found.");
}
// Get the DirectoryEntry that corresponds to the user.
var entryToUpdate = result.GetDirectoryEntry();
// Perform the Activation
var val = (int)entryToUpdate.Properties["userAccountControl"].Value;
entryToUpdate.Properties["userAccountControl"].Value = val & (int)~UserAccountControl.UF_ACCOUNT_DISABLE;
entryToUpdate.CommitChanges();
entryToUpdate.Close();
}
}
/// <summary>
/// Updates a single user by his samAccountName.
/// </summary>
/// <param name="customerNo"> The customer No. </param>
/// <param name="samAccountName">The samAccountName of the user to update.</param>
/// <param name="userData">The updated user data.</param>
public void UpdateBySamAccountName(string customerNo, string samAccountName, UserFromRepository userData)
{
using (var activeDirectorySearcher = ActiveDirectoryConnector.GetDirectorySearcher(customerNo))
{
activeDirectorySearcher.Filter = $"(&(sAMAccountName={samAccountName}))";
var result = activeDirectorySearcher.FindOne();
if (result == null)
{
throw new UserNotFoundException($"The user with the sAMAccountName {samAccountName} could not be found.");
}
var userEntry = result.GetDirectoryEntry();
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.AccountExpires, this.ParseDateToFileSystemTimeOrDefault(userData.ExpirationDate));
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.FirstName, userData.ForeName);
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.LastName, userData.SurName);
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.Mail, userData.Email);
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.Description, userData.Description);
this.SetUserProperty(userEntry, ActiveDirectoryAttributeNames.DisplayName, userData.DisplayName);
userEntry.CommitChanges();
userEntry.Close();
}
}
/// <summary>
/// Creates a user with the given profile data.
/// </summary>
/// <param name="customerName"> The requesting users customer name. </param>
/// <param name="userData">The data for the new account.</param>
public void Create(string customerName, UserFromRepository userData)
{
using (var directoryRootEntry = ActiveDirectoryConnector.GetDirectorEntry(customerName))
{
userData.Name = $"{userData.ForeName} {userData.SurName}";
userData.Cn = userData.SamAccountName;
try
{
if (this.DirectoryEntryContainsUser(directoryRootEntry, userData.Cn))
{
throw new UserAlreadyExistsException($"A user with the CN '{userData.Cn}' already exists.");
}
if (this.DirectoryEntryContainsAccount(directoryRootEntry, userData.SamAccountName))
{
throw new UserAlreadyExistsException($"A user with the sAMAccountName '{userData.SamAccountName}' already exists.");
}
var newUser = directoryRootEntry.Children.Add($"CN={userData.Cn}", "user");
var userPrincipalName = $"{userData.SamAccountName}@Blueprint.local";
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.UserPrincipalName, userPrincipalName);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.SamAccountName, userData.SamAccountName);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.AccountExpires, this.ParseDateToFileSystemTimeOrDefault(userData.ExpirationDate));
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.Name, userData.Name);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.FirstName, userData.ForeName);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.LastName, userData.SurName);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.Mail, userData.Email);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.Description, userData.Description);
this.SetUserProperty(newUser, ActiveDirectoryAttributeNames.DisplayName, userData.DisplayName);
// Password and Group Memberships cannot be set during an initial registration.
// Both can only be set on already existing users, therefore the user must be saved, before we can proceed.
try
{
newUser.CommitChanges();
}
catch (Exception ex)
{
newUser.Close();
throw new UserNotCreatedException("Failed to create user!", ex);
}
// Set the new users password to the given value.
this.SetUserPassword(newUser, userData.Password);
// Add the User to some groups.
this.AddUserToSampleGroups(directoryRootEntry, newUser, customerName);
}
finally
{
directoryRootEntry.Close();
}
}
}
public static void Run()
{
var userName = "******";
var password = "******";
try
{
// Create a connector
var connector = new ActiveDirectoryConnector(userName, password);
// Initialze Powershell Client
using (var client = PowerShellClient.Create(connector))
{
// Create Command
var geUserCommand = new PowershellCommand
{
Name = "GetUser",
CommandText = "Get-User",
CommandParameters = new List <PowershellCommandParameter> {
new PowershellCommandParameter {
Name = "ResultSize", Value = "unlimited"
}, //"100"
new PowershellCommandParameter {
Name = "OrganizationalUnit", Value = "Marketing"
}
}
};
// Execute Command
var result = client.Execute <ActiveDirectory>(new List <PowershellCommand> {
geUserCommand
});
// Success, get the data
if (result.Status == StatusCode.SUCCESS)
{
var adUsers = result.Content;
Console.WriteLine($"{adUsers.Count} users found");
}
else // Failes show the errors
{
Console.WriteLine(result.Status);
Console.WriteLine(result.StatusText);
Console.WriteLine(result.Errors);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
public void Sync(SyncOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
ICollection <string> attsToGet = null;
if (context.Options != null && context.Options.AttributesToGet != null)
{
attsToGet = CollectionUtil.NewSet(context.Options.AttributesToGet);
}
// delegate to get the exchange attributes if requested
SyncResultsHandler xchangeHandler = new SyncResultsHandler()
{
Handle = delta =>
{
if (delta.DeltaType == SyncDeltaType.DELETE)
{
return(context.SyncResultsHandler.Handle(delta));
}
// replace the ad attributes with exchange ones and add recipient type and database (if requested)
ConnectorObject updated = ExchangeUtility.ConvertAdAttributesToExchange(delta.Object);
//updated = this.AddExchangeAttributes(exconn, context.ObjectClass, updated, attsToGet);
if (updated != delta.Object)
{
// build new sync delta, cause we changed the object
SyncDeltaBuilder deltaBuilder = new SyncDeltaBuilder
{
DeltaType = delta.DeltaType,
Token = delta.Token,
Uid = delta.Uid,
Object = updated
};
delta = deltaBuilder.Build();
}
return(context.SyncResultsHandler.Handle(delta));
}
};
// call AD sync, use xchangeHandler
adconn.SyncInternal(context.ObjectClass,
context.SyncToken, xchangeHandler, context.Options,
GetAdAttributesToReturn(adconn, context.ObjectClass, context.Options));
}
public ExchangeConnector()
{
_activeDirectoryConnector = new ActiveDirectoryConnector();
_handlers = new Dictionary <string, ObjectClassHandler>()
{
{ ObjectClass.ACCOUNT_NAME, new AccountHandler() },
{ ActiveDirectoryConnector.OBJECTCLASS_OU, new DelegateToActiveDirectoryHandler() },
{ ActiveDirectoryConnector.OBJECTCLASS_GROUP, new DelegateToActiveDirectoryHandler() },
{ AcceptedDomainHandler.OBJECTCLASS_NAME, new AcceptedDomainHandler() },
{ GlobalAddressListHandler.OBJECTCLASS_NAME, new GlobalAddressListHandler() },
{ AddressListHandler.OBJECTCLASS_NAME, new AddressListHandler() },
{ OfflineAddressBookHandler.OBJECTCLASS_NAME, new OfflineAddressBookHandler() },
{ AddressBookPolicyHandler.OBJECTCLASS_NAME, new AddressBookPolicyHandler() },
{ DistributionGroupHandler.OBJECTCLASS_NAME, new DistributionGroupHandler() },
{ EmailAddressPolicyHandler.OBJECTCLASS_NAME, new EmailAddressPolicyHandler() }
};
}
private ICollection <string> GetAdAttributesToReturn(ActiveDirectoryConnector adConnector, ObjectClass oclass, OperationOptions options)
{
ICollection <string> attNames = adConnector.GetAdAttributesToReturn(oclass, options);
// In attNames there is a mix of attributes - some AD-only ones (from ObjectClasses.xml),
// and some Exchange ones (from the schema) and some AD-only-for-Exchange ones (from the schema).
// We should convert Exchange ones to their AD counterparts and add "hidden useful" AD attributes.
if (oclass.Is(ObjectClass.ACCOUNT_NAME))
{
ICollection <string> newAttNames = new HashSet <string>(attNames);
// IMPORTANT: we assume that "options" do not imply any additional AD attributes
CollectionUtil.AddAll(newAttNames, ExchangeConnectorAttributes.AttMapFromAD.Keys);
CollectionUtil.AddAll(newAttNames, ExchangeConnectorAttributes.HiddenAdAttributesToRetrieve);
CollectionUtil.AddAll(newAttNames, ExchangeConnectorAttributes.VisibleAdAttributesToRetrieve);
attNames = newAttNames;
}
return(attNames);
}
/// <summary>
/// Gets all users for the given customer number.
/// </summary>
/// <param name="customerName">The customers name.</param>
/// <param name="expression">The expression by which to filter the users. Empty String = Get all users.</param>
/// <returns>A list of all retrieved users.</returns>
public IEnumerable <UserFromRepository> GetUsers(string customerName, string expression)
{
// Get the DirectorySearcher from the Foundation
using (var activeDirectorySearcher = ActiveDirectoryConnector.GetDirectorySearcher(customerName))
{
activeDirectorySearcher.Filter = this.GetSearchFilter(expression);
// Get all the users for the customer
var results = activeDirectorySearcher.FindAll();
// Convert the search result into a viable dataset.
var userList = (from SearchResult entry in results
select new UserFromActiveDirectory
{
DistinguishedName = entry.Properties["distinguishedName"][0].ToString(),
IsLocked = (bool)entry.GetDirectoryEntry().InvokeGet("IsAccountLocked"),
Attributes = entry.Properties
}).ToList();
// Map the Users into UserFromRepository Objects to make them actually readable.
var usersFromRepository = Mapper.Map <List <UserFromActiveDirectory>, List <UserFromRepository> >(userList);
return(usersFromRepository);
}
}
public void DeleteAndVerifyObject(ActiveDirectoryConnector connector,
ObjectClass oclass, Uid uid, bool verifyExists, bool verifyDeleted)
{
Filter uidFilter = FilterBuilder.EqualTo(uid);
if (verifyExists)
{
// verify that object currently exists
ICollection<ConnectorObject> foundObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter);
// verify that it was deleted
Assert.AreEqual(1, foundObjects.Count);
}
// delete
try
{
connector.Delete(oclass, uid, null);
}
catch
{
if (verifyDeleted)
{
throw;
}
}
if (verifyDeleted)
{
// verify that object was deleted
ICollection<ConnectorObject> deletedObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter);
// verify that it was deleted
Assert.AreEqual(0, deletedObjects.Count);
}
}
private async void btnCreateBackup_Click(object sender, RoutedEventArgs e)
{
if (!string.IsNullOrWhiteSpace(TxtDlAlias.Text))
{
var credManager = new CredentialManager();
var userCredentials = credManager.GetUserCredentials();
if (userCredentials != null)
{
// Disabling pieces of UI that might interfere.
DlGroupMigrationViewModel.Instance.BackupControlsEnabled = false;
DlGroupMigrationViewModel.Instance.RestoreControlsEnabled = false;
TxtBackupStatus.Text = "Identifying alias...";
var adConnector = new ActiveDirectoryConnector();
var dl = new DistributionList {
Name = TxtDlAlias.Text
};
var owner = string.Empty;
bool isValidDl;
if (!AccountSettingsViewModel.Instance.IsInternal)
{
// The user is external.
var connector = new ExchangeConnector();
owner = connector.GetExternalDistributionListOwner(TxtDlAlias.Text, userCredentials, out isValidDl);
}
else
{
// The user is internal
var dlDetails = await adConnector.GetDistributionListOwner(TxtDlAlias.Text);
owner = dlDetails.Item1;
isValidDl = dlDetails.Item2;
}
bool resolveMembers = !string.IsNullOrWhiteSpace(owner);
if (!isValidDl)
{
var result =
ModernDialog.ShowMessage(
"The alias you provided doesn't map to a valid DL.",
"Hummingbird", MessageBoxButton.OK);
resolveMembers = false;
}
else if (!resolveMembers)
{
var result =
ModernDialog.ShowMessage(
"The group owner couldn't be found. If you attempt to retrieve members for the group, the backup will be missing the Owner property. Continue?",
"Hummingbird", MessageBoxButton.YesNo);
resolveMembers = result == MessageBoxResult.Yes;
}
if (resolveMembers)
{
dl.Owner = owner;
TxtBackupStatus.Text = "getting members...";
var members = await adConnector.GetDistributionListMembers(TxtDlAlias.Text);
if (members != null)
{
dl.Members = members;
var fsOperator = new FileSystemOperator();
var filePath = fsOperator.StoreDistributionListInformation(dl);
if (!string.IsNullOrWhiteSpace(filePath))
{
var result =
ModernDialog.ShowMessage(
"A backup was created for the distribution list. Do you want to open File Explorer to find its location?",
"Hummingbird", MessageBoxButton.YesNo);
if (result == MessageBoxResult.Yes)
{
Process.Start("explorer.exe", string.Concat("/select, ", filePath));
}
}
else
{
ModernDialog.ShowMessage(
"We couldn't create a backup file for this distribution list. Please try again.", "Hummingbird",
MessageBoxButton.OK);
}
}
else
{
ModernDialog.ShowMessage(
"We couldn't retrieve members of the distribution list. Check your credentials and try again.", "Hummingbird",
MessageBoxButton.OK);
}
}
// Re-enable the pieces of UI that might interfere.
DlGroupMigrationViewModel.Instance.BackupControlsEnabled = true;
DlGroupMigrationViewModel.Instance.RestoreControlsEnabled = true;
}
else
{
ModernDialog.ShowMessage(
"No credentials were provided. Open Settings and add your credentials.", "Hummingbird",
MessageBoxButton.OK);
}
}
else
{
ModernDialog.ShowMessage("You must include an alias.", "Hummingbird", MessageBoxButton.OK);
}
}
public void TestSearchByName_group()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
createUid = CreateAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass,
GetNormalAttributes_Group());
// find out what the name was
ConnectorObject newObject = GetConnectorObjectFromUid(connector,
ActiveDirectoryConnector.groupObjectClass, createUid);
Name nameAttr = newObject.Name;
Assert.IsNotNull(nameAttr);
//search normally
ICollection<ConnectorObject> results = TestHelpers.SearchToList(connector,
ActiveDirectoryConnector.groupObjectClass, FilterBuilder.EqualTo(nameAttr));
// there really should only be one
Assert.AreEqual(results.Count, 1);
// and it must have the value we were searching for
String createName = ActiveDirectoryUtils.NormalizeLdapString(nameAttr.GetNameValue());
String foundName = ActiveDirectoryUtils.NormalizeLdapString(results.ElementAt(0).Name.GetNameValue());
Assert.AreEqual(createName, foundName);
//search in uppercase
ConnectorAttribute nameUpper = ConnectorAttributeBuilder.Build(
nameAttr.Name, nameAttr.GetNameValue().ToUpper());
results = TestHelpers.SearchToList(connector,
ActiveDirectoryConnector.groupObjectClass, FilterBuilder.EqualTo(nameUpper));
// there really should only be one
Assert.AreEqual(results.Count, 1);
// and it must have the value we were searching for
createName = ActiveDirectoryUtils.NormalizeLdapString(nameAttr.GetNameValue());
foundName = ActiveDirectoryUtils.NormalizeLdapString(results.ElementAt(0).Name.GetNameValue());
Assert.AreEqual(createName, foundName);
//search in lowercase
ConnectorAttribute nameLower = ConnectorAttributeBuilder.Build(
nameAttr.Name, nameAttr.GetNameValue().ToLower());
results = TestHelpers.SearchToList(connector,
ActiveDirectoryConnector.groupObjectClass, FilterBuilder.EqualTo(nameLower));
// there really should only be one
Assert.AreEqual(results.Count, 1);
// and it must have the value we were searching for
createName = ActiveDirectoryUtils.NormalizeLdapString(nameAttr.GetNameValue());
foundName = ActiveDirectoryUtils.NormalizeLdapString(results.ElementAt(0).Name.GetNameValue());
Assert.AreEqual(createName, foundName);
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass,
createUid, false, true);
}
}
}
public void TestSearchByRegularAttributeWithWildcard_account()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
ICollection<Uid> uids = new HashSet<Uid>();
try
{
int randomNumber = GetRandomNumber();
String snPrefix = "nunitWCTest";
for (int i = 0; i < 10; i++)
{
ICollection<ConnectorAttribute> attributes =
GetNormalAttributes_Account();
attributes.Remove(ConnectorAttributeUtil.Find("sn", attributes));
attributes.Add(ConnectorAttributeBuilder.Build("sn",
snPrefix + GetRandomNumber()));
Uid tempUid = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
attributes);
Assert.IsNotNull(tempUid);
uids.Add(tempUid);
}
ICollection<ConnectorObject> results = TestHelpers.SearchToList(connector,
ObjectClass.ACCOUNT, FilterBuilder.StartsWith(
ConnectorAttributeBuilder.Build("sn", snPrefix)));
// there should be at least the newly created one
Assert.GreaterOrEqual(results.Count, 1);
// make a duplicate list
ICollection<Uid> uidsToValidate = new HashSet<Uid>(uids);
// and it must have the value we were searching for
foreach (ConnectorObject resultObject in results)
{
ConnectorAttribute foundSnAttr =
resultObject.GetAttributeByName("sn");
String snValue = ConnectorAttributeUtil.GetStringValue(foundSnAttr);
Assert.That(snValue.StartsWith(snPrefix));
uidsToValidate.Remove(resultObject.Uid);
if (uidsToValidate.Count == 0)
{
break;
}
}
Assert.AreEqual(0, uidsToValidate.Count);
}
finally
{
foreach (Uid createdUid in uids)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createdUid, false, true);
}
}
}
public void TestBasics_Group()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid uidToDelete = null;
try
{
// create group
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Group();
createAttributes.Add(ConnectorAttributeBuilder.Build(ActiveDirectoryConnector.ATT_ACCOUNTS,
CreateGroupMember(connector)));
// create object
uidToDelete = connector.Create(ActiveDirectoryConnector.groupObjectClass, createAttributes, null);
Uid createUid = uidToDelete;
Assert.IsNotNull(createUid);
// find new object ... have to add groups to list of things to return
OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
ICollection<String> attributesToGet = GetDefaultAttributesToGet(ActiveDirectoryConnector.groupObjectClass);
attributesToGet.Add(ActiveDirectoryConnector.ATT_ACCOUNTS);
optionsBuilder.AttributesToGet = attributesToGet.ToArray();
ConnectorObject newObject = GetConnectorObjectFromUid(connector,
ActiveDirectoryConnector.groupObjectClass, createUid, optionsBuilder.Build());
VerifyObject(createAttributes, newObject);
// update the group - replace
ICollection<ConnectorAttribute> updateReplaceAttrs =
new List<ConnectorAttribute>();
Name oldName = ConnectorAttributeUtil.GetNameFromAttributes(createAttributes);
String newName = ActiveDirectoryUtils.GetRelativeName(oldName);
newName = newName.Trim() + "_new, " + GetProperty(ConfigHelper.CONFIG_PROPERTY_CONTAINER);
updateReplaceAttrs.Add(createUid);
updateReplaceAttrs.Add(ConnectorAttributeBuilder.Build(
Name.NAME, newName));
updateReplaceAttrs.Add(ConnectorAttributeBuilder.Build(
"description", "New description"));
uidToDelete = UpdateReplaceAndVerifyObject(connector,
ActiveDirectoryConnector.groupObjectClass, createUid, updateReplaceAttrs);
Uid updateReplaceUid = uidToDelete;
// update the group - add
ICollection<ConnectorAttribute> updateAddAttrs =
new List<ConnectorAttribute>();
updateAddAttrs.Add(ConnectorAttributeBuilder.Build(ActiveDirectoryConnector.ATT_ACCOUNTS,
CreateGroupMember(connector), CreateGroupMember(connector)));
uidToDelete = UpdateAddAndVerifyUser(connector,
ActiveDirectoryConnector.groupObjectClass, updateReplaceUid, updateAddAttrs, optionsBuilder.Build());
}
finally
{
if (uidToDelete != null)
{
// delete user
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass, uidToDelete, true, true);
}
}
}
public void TestBasics_Account()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
// create user
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Account();
Uid createUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, createAttributes);
// update the user - replace
ICollection<ConnectorAttribute> updateReplaceAttrs =
new List<ConnectorAttribute>();
Name oldName = ConnectorAttributeUtil.GetNameFromAttributes(createAttributes);
String newName = ActiveDirectoryUtils.GetRelativeName(oldName);
newName = newName.Trim() + "_new, " + GetProperty(ConfigHelper.CONFIG_PROPERTY_CONTAINER);
updateReplaceAttrs.Add(ConnectorAttributeBuilder.Build(
Name.NAME, newName));
updateReplaceAttrs.Add(ConnectorAttributeBuilder.Build(
"sn", "newsn"));
Uid updateReplaceUid = UpdateReplaceAndVerifyObject(connector,
ObjectClass.ACCOUNT, createUid, updateReplaceAttrs);
// update the user - add
ICollection<ConnectorAttribute> updateAddAttrs =
new List<ConnectorAttribute>();
updateAddAttrs.Add(ConnectorAttributeBuilder.Build("otherHomePhone", "123.456.7890", "098.765.4321"));
Uid updateAddUid = UpdateAddAndVerifyUser(connector,
ObjectClass.ACCOUNT, createUid, updateAddAttrs, null);
// update the user - delete
// delete user
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT, createUid, true, true);
}
public void TestSearchNoFilter_Group()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
ICollection<Uid> createdUids = new HashSet<Uid>();
try
{
int numCreated = 0;
for (numCreated = 0; numCreated < 5; numCreated++)
{
createdUids.Add(CreateAndVerifyObject(connector,
ActiveDirectoryConnector.groupObjectClass, GetNormalAttributes_Group()));
}
ICollection<ConnectorObject> results = TestHelpers.SearchToList(connector,
ActiveDirectoryConnector.groupObjectClass, null);
// not sure how many should be found ... it should find everything
// it's hard to say how many that is, but it should at least find the
// number we created
Assert.GreaterOrEqual(results.Count, numCreated);
// check that they are all of the proper objectclass
foreach (ConnectorObject co in results)
{
ConnectorAttribute objectClassAttr =
co.GetAttributeByName("objectClass");
Boolean foundCorrectObjectClass = false;
foreach (Object o in objectClassAttr.Value)
{
if ((o is String) && (o != null))
{
String stringValue = (String)o;
if (stringValue.ToUpper().Trim().Equals(
ActiveDirectoryConnector.OBJECTCLASS_GROUP, StringComparison.CurrentCultureIgnoreCase))
{
foundCorrectObjectClass = true;
}
}
}
Assert.IsTrue(foundCorrectObjectClass);
}
}
finally
{
foreach (Uid uid in createdUids)
{
if (uid != null)
{
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass, uid, false, true);
}
}
}
}
public Uid UpdateAddAndVerifyUser(ActiveDirectoryConnector connector,
ObjectClass oclass, Uid uid, ICollection<ConnectorAttribute> attributes,
OperationOptions searchOptions)
{
// find the existing one, and save off all attributes
Filter uidFilter = FilterBuilder.EqualTo(uid);
ICollection<ConnectorObject> currentObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter, searchOptions);
Assert.IsTrue(currentObjects.Count == 1);
ICollection<ConnectorAttribute> currentAttributes =
currentObjects.ElementAt(0).GetAttributes();
// build a list that has the 'added' values added to the existing values
ICollection<ConnectorAttribute> comparisonAttributes = new List<ConnectorAttribute>();
foreach (ConnectorAttribute updateAttribute in attributes)
{
ConnectorAttribute existingAttribute = ConnectorAttributeUtil.Find(
updateAttribute.Name, currentAttributes);
comparisonAttributes.Add(AttConcat(updateAttribute, existingAttribute));
}
// make sure the uid is present in the attributes
attributes.Add(uid);
// now update with ADD to add additional home phones
Uid updatedUid = connector.Update(UpdateType.ADD, oclass,
attributes, null);
// find it back
ICollection<ConnectorObject> updatedObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter, searchOptions);
Assert.IsTrue(updatedObjects.Count == 1);
VerifyObject(comparisonAttributes, updatedObjects.ElementAt(0));
return updatedUid;
}
public void Test_OpAtt_Enabled_Account()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
// create user
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Account();
createAttributes.Add(ConnectorAttributeBuilder.BuildEnabled(true));
createUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, createAttributes);
ICollection<ConnectorAttribute> updateReplaceAttributes =
new HashSet<ConnectorAttribute>();
updateReplaceAttributes.Add(ConnectorAttributeBuilder.BuildEnabled(false));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, updateReplaceAttributes);
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, false, true);
}
}
}
public void TestUserPasswordChange()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
// create user
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Account();
// remove password, and set to something memorable
createAttributes.Remove(ConnectorAttributeUtil.Find(OperationalAttributes.PASSWORD_NAME, createAttributes));
GuardedString gsCurrentPassword = GetGuardedString("1Password");
createAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsCurrentPassword));
createAttributes.Add(ConnectorAttributeBuilder.BuildEnabled(true));
createUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, createAttributes);
// make sure authenticate works here
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
ICollection<ConnectorAttribute> updateReplaceAttributes =
new HashSet<ConnectorAttribute>();
GuardedString gsNewPassword = GetGuardedString("LongPassword2MeetTheRequirements!");
updateReplaceAttributes.Add(ConnectorAttributeBuilder.BuildCurrentPassword(gsCurrentPassword));
updateReplaceAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsNewPassword));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, updateReplaceAttributes);
// make sure authenticate works here
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsNewPassword, null);
bool caughtAuthenticateFailedException = false;
try
{
// make sure authenticate doesnt work with original password
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
}
catch (Exception e)
{
caughtAuthenticateFailedException = true;
}
Assert.IsTrue(caughtAuthenticateFailedException, "Negative test case should throw an exception");
// now a negative test case
GuardedString gsBogusPassword = GetGuardedString("BogusPassword");
ICollection<ConnectorAttribute> updateErrorReplaceAttributes =
new HashSet<ConnectorAttribute>();
updateErrorReplaceAttributes.Add(ConnectorAttributeBuilder.BuildCurrentPassword(gsBogusPassword));
updateErrorReplaceAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsNewPassword));
bool caughtWrongCurrentPasswordException = false;
try
{
// update should fail due to wrong current password
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, updateErrorReplaceAttributes);
}
catch (Exception e)
{
caughtWrongCurrentPasswordException = true;
}
Assert.IsTrue(caughtWrongCurrentPasswordException, "Negative test case should throw an exception");
// make sure authenticate works here
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, false, true);
}
}
}
public void TestUnmatchedCaseGUIDSearch()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid userUid = null;
try
{
// test normal case
userUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, GetNormalAttributes_Account());
Filter userUidFilter = FilterBuilder.EqualTo(userUid);
IList<ConnectorObject> foundUserObjects =
TestHelpers.SearchToList(connector, ObjectClass.ACCOUNT, userUidFilter);
Assert.AreEqual(1, foundUserObjects.Count);
// now test for searching with uppercase guid
userUidFilter = FilterBuilder.EqualTo(new Uid(userUid.GetUidValue().ToUpper()));
foundUserObjects = TestHelpers.SearchToList(
connector, ObjectClass.ACCOUNT, userUidFilter);
Assert.AreEqual(1, foundUserObjects.Count);
// now test for searching with lowercase guid
userUidFilter = FilterBuilder.EqualTo(new Uid(userUid.GetUidValue().ToLower()));
foundUserObjects = TestHelpers.SearchToList(
connector, ObjectClass.ACCOUNT, userUidFilter);
Assert.AreEqual(1, foundUserObjects.Count);
}
finally
{
if (userUid != null)
{
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT, userUid, false, false);
}
}
}
public void TestTest()
{
ActiveDirectoryConnector connectorGood = new ActiveDirectoryConnector();
ActiveDirectoryConfiguration config = (ActiveDirectoryConfiguration)ConfigHelper.GetConfiguration();
connectorGood.Init(config);
connectorGood.Test();
var objectClass = config.ObjectClass;
try
{
config.ObjectClass = "BadObjectClass";
ActiveDirectoryConnector connectorBad = new ActiveDirectoryConnector();
connectorBad.Init(config);
connectorBad.Test();
Assert.Fail("Bad configuration should have caused an exception");
}
catch (ConnectorException e)
{
config.ObjectClass = objectClass;
}
var container = config.Container;
try
{
config.Container += ",DC=BadDC";
ActiveDirectoryConnector connectorBad = new ActiveDirectoryConnector();
connectorBad.Init(config);
connectorBad.Test();
Assert.Fail("Configuration with bad DC in Container should have caused an exception");
}
catch (ConnectorException e)
{
config.Container = container;
}
}
public void TestSync(bool searchChildDomains, String container)
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
ActiveDirectoryConfiguration configuration =
(ActiveDirectoryConfiguration)ConfigHelper.GetConfiguration();
configuration.SearchContext = container;
configuration.SearchChildDomains = searchChildDomains;
connector.Init(configuration);
Uid createUid = null;
ICollection<Uid> createdUids = new List<Uid>();
try
{
SyncTestHelper syncHelper = new SyncTestHelper();
// do the first sync
//connector.Sync(ObjectClass.ACCOUNT, syncHelper.Token, syncHelper.SyncHandler_Initial, null);
syncHelper.Init(connector.GetLatestSyncToken(ObjectClass.ACCOUNT));
ICollection<ConnectorAttribute> attributes = null;
// create some users
for (int i = 0; i < 10; i++)
{
attributes = GetNormalAttributes_Account();
createUid = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
attributes);
syncHelper.AddModUid(createUid, attributes);
createdUids.Add(createUid);
}
// sync, and verify
connector.Sync(ObjectClass.ACCOUNT, syncHelper._token, syncHelper.SyncHandler_ModifiedAccounts, null);
syncHelper.CheckAllSyncsProcessed();
// reset everything
syncHelper.Init(connector.GetLatestSyncToken(ObjectClass.ACCOUNT));
// modify a user, then add some users, then modify one of the added users
attributes = new List<ConnectorAttribute>();
attributes.Add(createdUids.First());
attributes.Add(ConnectorAttributeBuilder.Build("sn", "replaced"));
connector.Update(UpdateType.REPLACE, ObjectClass.ACCOUNT, attributes, null);
syncHelper.AddModUid(createdUids.First(), attributes);
for (int i = 0; i < 10; i++)
{
attributes = GetNormalAttributes_Account();
createUid = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
attributes);
syncHelper.AddModUid(createUid, attributes);
createdUids.Add(createUid);
}
attributes = new List<ConnectorAttribute>();
attributes.Add(createdUids.Last());
attributes.Add(ConnectorAttributeBuilder.Build("sn", "replaced"));
connector.Update(UpdateType.REPLACE, ObjectClass.ACCOUNT, attributes, null);
syncHelper.AddModUid(createdUids.Last(), attributes);
// sync, and verify
connector.Sync(ObjectClass.ACCOUNT, syncHelper._token, syncHelper.SyncHandler_ModifiedAccounts, null);
syncHelper.CheckAllSyncsProcessed();
syncHelper.Init(connector.GetLatestSyncToken(ObjectClass.ACCOUNT));
// delete the user
foreach (Uid uid in createdUids)
{
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT, uid,
false, true);
syncHelper.AddDelUid(uid);
}
// sync and verify
connector.Sync(ObjectClass.ACCOUNT, syncHelper._token, syncHelper.SyncHandler_DeletedAccounts, null);
syncHelper.CheckAllSyncsProcessed();
createUid = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
GetNormalAttributes_Account());
syncHelper.AddModUid(createUid, attributes);
createdUids.Add(createUid);
// now get the latest sync token, and it
// should be greater or equal to the last one we saw
SyncToken latestToken = connector.GetLatestSyncToken(ObjectClass.ACCOUNT);
Assert.Greater(GetUpdateUsnFromToken(latestToken), GetUpdateUsnFromToken(syncHelper._token));
Assert.GreaterOrEqual(GetDeleteUsnFromToken(latestToken), GetDeleteUsnFromToken(syncHelper._token));
}
finally
{
foreach (Uid uid in createdUids)
{
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT, uid,
false, false);
}
}
}
public void TestShortnameAndDescription()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid uidAccount = null;
Uid uidGroup = null;
Uid uidOu = null;
string accountDescription = "nunit test account description";
string groupDescription = "nunit test group description";
string ouDescription = "nunit test ou description";
try
{
ICollection<ConnectorAttribute> accountAttributes = GetNormalAttributes_Account();
RemoveAttributeByName(accountAttributes, "description");
accountAttributes.Add(ConnectorAttributeBuilder.Build(
"description", accountDescription));
ICollection<ConnectorAttribute> groupAttributes = GetNormalAttributes_Group();
RemoveAttributeByName(groupAttributes, "description");
groupAttributes.Add(ConnectorAttributeBuilder.Build(
"description", groupDescription));
ICollection<ConnectorAttribute> ouAttributes = GetNormalAttributes_OrganizationalUnit();
RemoveAttributeByName(ouAttributes, "description");
ouAttributes.Add(ConnectorAttributeBuilder.Build(
"description", ouDescription));
uidAccount = CreateObject(connector, ObjectClass.ACCOUNT, accountAttributes);
OperationOptionsBuilder accountOptionsBuilder = new OperationOptionsBuilder();
ICollection<String> accountAttributesToGet = GetDefaultAttributesToGet(ObjectClass.ACCOUNT);
accountAttributesToGet.Add(PredefinedAttributes.DESCRIPTION);
accountAttributesToGet.Add(PredefinedAttributes.SHORT_NAME);
accountAttributesToGet.Add("name");
accountAttributesToGet.Add("description");
accountOptionsBuilder.AttributesToGet = accountAttributesToGet.ToArray();
ConnectorObject accountObject = GetConnectorObjectFromUid(connector,
ObjectClass.ACCOUNT, uidAccount, accountOptionsBuilder.Build());
// compare description
string foundAccountDescription = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(PredefinedAttributes.DESCRIPTION, accountObject.GetAttributes()));
Assert.AreEqual(accountDescription, foundAccountDescription);
// compare shortname
string accountShortName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
PredefinedAttributes.SHORT_NAME, accountObject.GetAttributes()));
string accountDisplayName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
"name", accountObject.GetAttributes()));
Assert.AreEqual(accountShortName, accountDisplayName);
uidGroup = CreateObject(connector, ActiveDirectoryConnector.groupObjectClass, groupAttributes);
OperationOptionsBuilder groupOptionsBuilder = new OperationOptionsBuilder();
ICollection<String> groupAttributesToGet = GetDefaultAttributesToGet(ActiveDirectoryConnector.groupObjectClass);
groupAttributesToGet.Add(PredefinedAttributes.DESCRIPTION);
groupAttributesToGet.Add(PredefinedAttributes.SHORT_NAME);
groupAttributesToGet.Add("name");
groupAttributesToGet.Add("description");
groupOptionsBuilder.AttributesToGet = groupAttributesToGet.ToArray();
ConnectorObject groupObject = GetConnectorObjectFromUid(connector,
ActiveDirectoryConnector.groupObjectClass, uidGroup, groupOptionsBuilder.Build());
// compare description
string foundGroupDescription = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(PredefinedAttributes.DESCRIPTION, groupObject.GetAttributes()));
Assert.AreEqual(groupDescription, foundGroupDescription);
// compare shortnameB
string groupShortName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
PredefinedAttributes.SHORT_NAME, groupObject.GetAttributes()));
string groupDisplayName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
"name", groupObject.GetAttributes()));
Assert.AreEqual(groupShortName, groupDisplayName);
uidOu = CreateObject(connector, ActiveDirectoryConnector.ouObjectClass, ouAttributes);
OperationOptionsBuilder ouOptionsBuilder = new OperationOptionsBuilder();
ICollection<String> ouAttributesToGet = GetDefaultAttributesToGet(ActiveDirectoryConnector.ouObjectClass);
ouAttributesToGet.Add(PredefinedAttributes.DESCRIPTION);
ouAttributesToGet.Add(PredefinedAttributes.SHORT_NAME);
ouAttributesToGet.Add("name");
ouAttributesToGet.Add("description");
ouOptionsBuilder.AttributesToGet = ouAttributesToGet.ToArray();
ConnectorObject ouObject = GetConnectorObjectFromUid(connector,
ActiveDirectoryConnector.ouObjectClass, uidOu, ouOptionsBuilder.Build());
// compare description
string foundOuDescription = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(PredefinedAttributes.DESCRIPTION, ouObject.GetAttributes()));
Assert.AreEqual(ouDescription, foundOuDescription);
// compare shortname
string ouShortName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
PredefinedAttributes.SHORT_NAME, ouObject.GetAttributes()));
string ouDisplayName = ConnectorAttributeUtil.GetStringValue(
ConnectorAttributeUtil.Find(
"name", ouObject.GetAttributes()));
Assert.AreEqual(ouShortName, ouDisplayName);
}
finally
{
if (uidAccount != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
uidAccount, false, true);
}
if (uidGroup != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass,
uidGroup, false, true);
}
if (uidOu != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.ouObjectClass,
uidOu, false, true);
}
}
}
public void Create(CreateOpContext context)
{
context.Attributes = DeduplicateEmailAddresses(context, context.Attributes);
// get recipient type
string rcptType = ExchangeUtility.GetAttValue(ExchangeConnectorAttributes.AttRecipientType, context.Attributes) as string;
if (rcptType == null || rcptType.Equals(""))
{
rcptType = ExchangeConnectorAttributes.RcptTypeUser;
}
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
PSExchangeConnector.CommandInfo cmdInfoEnable = null;
PSExchangeConnector.CommandInfo cmdInfoSet = null;
switch (rcptType)
{
case ExchangeConnectorAttributes.RcptTypeMailBox:
cmdInfoEnable = PSExchangeConnector.CommandInfo.EnableMailbox;
cmdInfoSet = PSExchangeConnector.CommandInfo.SetMailbox;
break;
case ExchangeConnectorAttributes.RcptTypeMailUser:
cmdInfoEnable = PSExchangeConnector.CommandInfo.EnableMailUser;
cmdInfoSet = PSExchangeConnector.CommandInfo.SetMailUser;
break;
case ExchangeConnectorAttributes.RcptTypeUser:
break;
default:
throw new ArgumentException(
context.ConnectorConfiguration.ConnectorMessages.Format(
"ex_bad_rcpt", "Recipient type [{0}] is not supported", rcptType));
}
// first create the object in AD
ICollection <ConnectorAttribute> adAttributes = ExchangeUtility.FilterOut(context.Attributes,
PSExchangeConnector.CommandInfo.EnableMailbox,
PSExchangeConnector.CommandInfo.SetMailbox,
PSExchangeConnector.CommandInfo.EnableMailUser,
PSExchangeConnector.CommandInfo.SetMailUser);
Uid uid = adconn.Create(context.ObjectClass, adAttributes, context.Options);
if (rcptType == ExchangeConnectorAttributes.RcptTypeUser)
{
// AD account only, we do nothing
context.Uid = uid;
return;
}
// add a empty "EmailAddresses" attribute if needed (address policy is disabled and no addresses are provided)
ICollection <ConnectorAttribute> enhancedAttributes;
ConnectorAttribute policyEnabledAttribute = ConnectorAttributeUtil.Find(ExchangeConnectorAttributes.AttEmailAddressPolicyEnabled, context.Attributes);
if (policyEnabledAttribute != null &&
ConnectorAttributeUtil.GetBooleanValue(policyEnabledAttribute).HasValue&&
ConnectorAttributeUtil.GetBooleanValue(policyEnabledAttribute).Value == false &&
ConnectorAttributeUtil.Find(ExchangeConnectorAttributes.AttPrimarySmtpAddress, context.Attributes) == null &&
ConnectorAttributeUtil.Find(ExchangeConnectorAttributes.AttEmailAddresses, context.Attributes) == null)
{
enhancedAttributes = new HashSet <ConnectorAttribute>(context.Attributes);
enhancedAttributes.Add(ConnectorAttributeBuilder.Build(ExchangeConnectorAttributes.AttEmailAddresses));
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Added empty EmailAddresses attribute because address policy use is disabled and no addresses were provided");
}
else
{
enhancedAttributes = context.Attributes; // no change
}
// prepare the command
Command cmdEnable = ExchangeUtility.GetCommand(cmdInfoEnable, enhancedAttributes, uid, (ExchangeConfiguration)context.ConnectorConfiguration);
Command cmdSet = ExchangeUtility.GetCommand(cmdInfoSet, enhancedAttributes, uid, (ExchangeConfiguration)context.ConnectorConfiguration);
try {
_helper.InvokePipeline(exconn, cmdEnable);
_helper.InvokePipeline(exconn, cmdSet);
}
catch {
LOGGER.TraceEvent(TraceEventType.Information, CAT_DEFAULT, "Rolling back AD create for UID: " + uid.GetUidValue());
// rollback AD create
try {
adconn.Delete(context.ObjectClass, uid, context.Options);
} catch {
LOGGER.TraceEvent(TraceEventType.Warning, CAT_DEFAULT, "Not able to rollback AD create for UID: " + uid.GetUidValue());
// note: this is not perfect, we hide the original exception
throw;
}
// rethrow original exception
throw;
}
context.Uid = uid;
}
public Uid UpdateDeleteAndVerifyUser(ActiveDirectoryConnector connector,
ICollection<ConnectorAttribute> attributes)
{
throw new NotImplementedException();
}
public void TestAuthenticateUser()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
// create user
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Account();
// remove password, and set to something memorable
createAttributes.Remove(ConnectorAttributeUtil.Find(OperationalAttributes.PASSWORD_NAME, createAttributes));
GuardedString gsCurrentPassword = GetGuardedString("1Password");
createAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsCurrentPassword));
createAttributes.Add(ConnectorAttributeBuilder.BuildEnabled(true));
createUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, createAttributes);
// make sure authenticate works here
Uid authUid = connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
Assert.AreEqual(createUid, authUid);
// make sure authenticate fails - wrong password
bool caughtException = false;
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("boguspassword"), null);
}
catch (InvalidCredentialException e)
{
caughtException = true;
}
Assert.IsTrue(caughtException, "Negative test case should throw InvalidCredentialsException");
// change password
ICollection<ConnectorAttribute> updateReplaceAttributes =
new HashSet<ConnectorAttribute>();
GuardedString gsNewPassword = GetGuardedString("LongPassword2MeetTheRequirements!");
updateReplaceAttributes.Add(ConnectorAttributeBuilder.BuildCurrentPassword(gsCurrentPassword));
updateReplaceAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsNewPassword));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, updateReplaceAttributes);
// make sure authenticate works here - new password
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsNewPassword, null);
// make sure it fails with the wrong password
caughtException = false;
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("bogusPassword"), null);
}
catch (Exception e)
{
caughtException = true;
}
Assert.IsTrue(caughtException, "Negative test case should throw an exception");
// now set user must change password attribute
ICollection<ConnectorAttribute> expirePasswordAttrs =
new HashSet<ConnectorAttribute>();
expirePasswordAttrs.Add(ConnectorAttributeBuilder.BuildPasswordExpired(true));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, expirePasswordAttrs);
// make sure authenticate fails - correct password, but expired
caughtException = false;
try
{
// make sure authenticate fails with correct password
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsNewPassword, null);
}
catch (PasswordExpiredException e)
{
caughtException = true;
Assert.AreEqual(createUid, e.Uid);
}
Assert.IsTrue(caughtException, "Negative test case should throw an exception");
// make sure authenticate fails - incorrect password, and expired
caughtException = false;
try
{
// make sure authenticate fails with wrong password (invalid credentials exception)
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("bogusPassword"), null);
}
catch (InvalidCredentialException e)
{
caughtException = true;
}
Assert.IsTrue(caughtException, "Negative test case should throw an exception");
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, false, true);
}
}
}
public Uid UpdateReplaceAndVerifyObject(ActiveDirectoryConnector connector,
ObjectClass oclass, Uid uid, ICollection<ConnectorAttribute> attributes)
{
attributes.Add(uid);
Filter uidFilter = FilterBuilder.EqualTo(uid);
// find the object ... can't update if it doesn't exist
ICollection<ConnectorObject> currentConnectorObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter);
Assert.AreEqual(1, currentConnectorObjects.Count);
Uid updatedUid = connector.Update(UpdateType.REPLACE, oclass,
attributes, null);
Assert.IsNotNull(updatedUid);
uidFilter = FilterBuilder.EqualTo(updatedUid);
ICollection<ConnectorObject> updatedConnectorObjects = TestHelpers.SearchToList(
connector, oclass, uidFilter);
Assert.IsTrue(updatedConnectorObjects.Count == 1);
VerifyObject(attributes, updatedConnectorObjects.ElementAt(0));
return updatedUid;
}
public Uid CreateAndVerifyObject(ActiveDirectoryConnector connector,
ObjectClass oclass, ICollection<ConnectorAttribute> attributes)
{
// create object
Uid uid = CreateObject(connector, oclass, attributes);
VerifyObject(connector, uid, oclass, attributes);
return uid;
}
public void VerifyObject(ActiveDirectoryConnector connector, Uid uid,
ObjectClass oclass, ICollection<ConnectorAttribute> attributes)
{
// verify the object
VerifyObject(attributes, GetConnectorObjectFromUid(connector, oclass, uid));
}
public void TestContainerChange_account()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createOuUid = null;
Uid createUserUid = null;
try
{
// create container for this test
ICollection<ConnectorAttribute> ouAttributes = GetNormalAttributes_OrganizationalUnit();
createOuUid = CreateAndVerifyObject(connector,
ActiveDirectoryConnector.ouObjectClass, ouAttributes);
ICollection<ConnectorObject> ouResults = TestHelpers.SearchToList(
connector, ActiveDirectoryConnector.ouObjectClass, FilterBuilder.EqualTo(createOuUid));
Assert.AreEqual(1, ouResults.Count);
Assert.AreEqual(createOuUid, ouResults.ElementAt(0).Uid);
// as a reminder, the uid is the dn for non account objects (idm backward compatiblity)
String ouPath = createOuUid.GetUidValue();
// create user
ICollection<ConnectorAttribute> userAttributes = GetNormalAttributes_Account();
createUserUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, userAttributes);
//now change user container to the newly created one
Name createdName = ConnectorAttributeUtil.GetNameFromAttributes(userAttributes);
String newName = ActiveDirectoryUtils.GetRelativeName(createdName);
newName += ", " + ouPath;
ICollection<ConnectorAttribute> updateAttrs = new HashSet<ConnectorAttribute>();
updateAttrs.Add(new Name(newName));
updateAttrs.Add(createUserUid);
connector.Update(UpdateType.REPLACE, ObjectClass.ACCOUNT, updateAttrs, null);
ICollection<ConnectorObject> results = TestHelpers.SearchToList(
connector, ObjectClass.ACCOUNT, FilterBuilder.EqualTo(createUserUid));
Assert.AreEqual(1, results.Count);
Assert.AreEqual(createUserUid, results.ElementAt(0).Uid);
ConnectorAttribute foundContainerAttr = results.ElementAt(0).GetAttributeByName("ad_container");
Assert.IsNotNull(foundContainerAttr);
String lhs = ActiveDirectoryUtils.NormalizeLdapString(ouPath);
String rhs = ActiveDirectoryUtils.NormalizeLdapString(ConnectorAttributeUtil.GetStringValue(foundContainerAttr));
Assert.AreEqual(lhs, rhs);
}
finally
{
if (createUserUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUserUid, false, true);
}
if (createOuUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.ouObjectClass,
createOuUid, false, true);
}
}
}
public void Update(UpdateOpContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
// update in AD first
var filtered = ExchangeUtility.FilterOut(
context.Attributes,
PSExchangeConnector.CommandInfo.EnableMailbox,
PSExchangeConnector.CommandInfo.EnableMailUser,
PSExchangeConnector.CommandInfo.SetMailbox,
PSExchangeConnector.CommandInfo.SetMailUser);
adconn.Update(context.UpdateType, context.ObjectClass, context.Uid, filtered, context.Options);
// retrieve Exchange-related information about the user
string query = "(objectGUID=" + ActiveDirectoryUtils.ConvertUIDToSearchString(context.Uid) + ")";
ConnectorObject currentObject = _helper.GetCurrentObject(context, query);
ICollection <ConnectorAttribute> attributesForReplace = _helper.DetermineNewAttributeValues(context, currentObject);
attributesForReplace = DeduplicateEmailAddresses(context, attributesForReplace);
string origRcptType;
var newRcptType = _helper.DetermineOrigAndNewAttributeValue(context, currentObject, attributesForReplace, ExchangeConnectorAttributes.AttRecipientType, out origRcptType);
if (newRcptType == null)
{
newRcptType = ExchangeConnectorAttributes.RcptTypeUser;
}
string origDatabase;
var newDatabase = _helper.DetermineOrigAndNewAttributeValue(context, currentObject, attributesForReplace, ExchangeConnectorAttributes.AttDatabase, out origDatabase);
// PART 1 - DEALING WITH MailUser CASE
if (ExchangeConnectorAttributes.RcptTypeMailUser.Equals(newRcptType))
{
// disabling Mailbox if needed
if (ExchangeConnectorAttributes.RcptTypeMailBox.Equals(origRcptType))
{
Command cmdDisable = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.DisableMailbox, attributesForReplace, context.Uid, exconn.Configuration);
cmdDisable.Parameters.Add("Confirm", false);
_helper.InvokePipeline(exconn, cmdDisable);
}
// enabling MailUser if needed
if (!ExchangeConnectorAttributes.RcptTypeMailUser.Equals(origRcptType))
{
// Enable-MailUser needs the value of ExternalEmailAddress, so we have to get it
string origExternalEmailAddress;
var newExternalEmailAddress = _helper.DetermineOrigAndNewAttributeValue(context, currentObject, attributesForReplace, ExchangeConnectorAttributes.AttExternalEmailAddress, out origExternalEmailAddress);
if (String.IsNullOrEmpty(newExternalEmailAddress))
{
throw new InvalidOperationException("Missing ExternalEmailAddress value, which is required for a MailUser");
}
ExchangeUtility.SetAttValue(ExchangeConnectorAttributes.AttExternalEmailAddress, newExternalEmailAddress, attributesForReplace);
// now execute the Enable-MailUser command
Command cmdEnable = ExchangeUtility.GetCommand(
PSExchangeConnector.CommandInfo.EnableMailUser, attributesForReplace, context.Uid, exconn.Configuration);
_helper.InvokePipeline(exconn, cmdEnable);
}
// setting MailUser attributes
Command cmdSet = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.SetMailUser, attributesForReplace, context.Uid, exconn.Configuration);
_helper.InvokePipeline(exconn, cmdSet);
}
// PART 2 - DEALING WITH UserMailbox CASE
else if (ExchangeConnectorAttributes.RcptTypeMailBox.Equals(newRcptType))
{
// enable mailbox if necessary
// we should execute something like this here:
// get-user -identity id|?{$_.RecipientType -eq "User"}|enable-mailbox -database "db"
// unfortunately I was not able to get it working with the pipeline... that's why there are two commands
// executed :-(
// alternatively there can be something like:
// get-user -identity id -RecipientTypeDetails User|enable-mailbox -database "db", but we have then trouble
// with detecting attempt to change the database attribute
if (!ExchangeConnectorAttributes.RcptTypeMailBox.Equals(origRcptType))
{
Command cmdEnable = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.EnableMailbox, attributesForReplace, context.Uid, exconn.Configuration);
_helper.InvokePipeline(exconn, cmdEnable);
}
else
{
// are we trying to update the database?
if (newDatabase != null && origDatabase != null && !newDatabase.Equals(origDatabase))
{
throw new ArgumentException(
context.ConnectorConfiguration.ConnectorMessages.Format(
"ex_not_updatable", "Update of [{0}] attribute is not supported", ExchangeConnectorAttributes.AttDatabase));
}
}
Command cmdSet = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.SetMailbox, attributesForReplace, context.Uid, exconn.Configuration);
_helper.InvokePipeline(exconn, cmdSet);
}
// PART 3 - DEALING WITH User CASE
else if (ExchangeConnectorAttributes.RcptTypeUser.Equals(newRcptType))
{
if (ExchangeConnectorAttributes.RcptTypeMailBox.Equals(origRcptType))
{
Command cmdDisable = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.DisableMailbox, attributesForReplace, context.Uid, exconn.Configuration);
cmdDisable.Parameters.Add("Confirm", false);
_helper.InvokePipeline(exconn, cmdDisable);
}
else if (ExchangeConnectorAttributes.RcptTypeMailUser.Equals(origRcptType))
{
Command cmdDisable = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.DisableMailUser, attributesForReplace, context.Uid, exconn.Configuration);
cmdDisable.Parameters.Add("Confirm", false);
_helper.InvokePipeline(exconn, cmdDisable);
}
else if (ExchangeConnectorAttributes.RcptTypeUser.Equals(origRcptType))
{
// if orig is User, there is no need to disable anything
}
else
{
throw new InvalidOperationException("Invalid original recipient type: " + origRcptType);
}
Command cmdSet = ExchangeUtility.GetCommand(PSExchangeConnector.CommandInfo.SetUser, attributesForReplace, context.Uid, exconn.Configuration);
_helper.InvokePipeline(exconn, cmdSet);
}
else
{
// unsupported rcpt type
throw new ArgumentException(
context.ConnectorConfiguration.ConnectorMessages.Format(
"ex_bad_rcpt", "Recipient type [{0}] is not supported", newRcptType));
}
}
public ConnectorObject GetConnectorObjectFromUid(
ActiveDirectoryConnector connector, ObjectClass oclass, Uid uid)
{
return GetConnectorObjectFromUid(connector, oclass, uid, null);
}
public ConnectorObject GetConnectorObjectFromUid(
ActiveDirectoryConnector connector, ObjectClass oclass, Uid uid,
OperationOptions options)
{
// get sid to check permissions
Filter uidFilter = FilterBuilder.EqualTo(uid);
ICollection<ConnectorObject> objects = TestHelpers.SearchToList(connector,
oclass, uidFilter, options);
Assert.AreEqual(1, objects.Count);
return objects.ElementAt(0);
}
public void TestSearchByCNWithWildcard_account()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid uid1 = null;
Uid uid2 = null;
try
{
// create a couple things to find
uid1 = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
GetNormalAttributes_Account());
uid2 = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
GetNormalAttributes_Account());
ICollection<ConnectorObject> results = TestHelpers.SearchToList(connector,
ObjectClass.ACCOUNT, FilterBuilder.EqualTo(
ConnectorAttributeBuilder.Build("CN", "nunit*")));
// there should be at least the two we just created
Assert.GreaterOrEqual(results.Count, 2);
foreach (ConnectorObject co in results)
{
// and it must have the value we were searching for
String foundName = ActiveDirectoryUtils.NormalizeLdapString(
co.Name.GetNameValue());
Assert.That(foundName.ToUpper().StartsWith("CN=NUNIT"));
}
}
finally
{
if (uid1 != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
uid1, false, true);
}
if (uid2 != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
uid2, false, true);
}
}
}
public ICollection<String> GetDefaultAttributesToGet(ObjectClass oclass)
{
ICollection<string> attributesToGet = new HashSet<String>();
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Schema schema = connector.Schema();
ObjectClassInfo ocInfo = schema.FindObjectClassInfo(oclass.GetObjectClassValue());
Assert.IsNotNull(ocInfo);
foreach (ConnectorAttributeInfo caInfo in ocInfo.ConnectorAttributeInfos)
{
if (caInfo.IsReturnedByDefault)
{
attributesToGet.Add(caInfo.Name);
}
}
return attributesToGet;
}
public void TestScriptOnResource()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
try
{
RunScript(connector, "", "", "");
RunScript(connector, GetProperty(ConfigHelper.CONFIG_PROPERTY_SCRIPT_USER_LOCAL),
GetProperty(ConfigHelper.CONFIG_PROPERTY_SCRIPT_PASSWORD_LOCAL), "");
RunScript(connector, GetProperty(ConfigHelper.CONFIG_PROPERTY_SCRIPT_USER_DOMAIN),
GetProperty(ConfigHelper.CONFIG_PROPERTY_SCRIPT_PASSWORD_DOMAIN), "");
// now try one with the prefix set
ActiveDirectoryConfiguration prefixConfig = (ActiveDirectoryConfiguration)ConfigHelper.GetConfiguration();
string prefix = "UnitTest_";
connector.Dispose();
connector.Init(prefixConfig);
RunScript(connector, "", "", prefix);
// try with invalid credentials
bool scriptFailed = false;
try
{
RunScript(connector, GetProperty(ConfigHelper.CONFIG_PROPERTY_USER), "bogus", "");
}
catch (Exception e)
{
scriptFailed = true;
}
Assert.That(scriptFailed);
}
finally
{
}
}
public void RunScript(ActiveDirectoryConnector connector, String user,
string password, string prefix)
{
string tempFileName = Path.GetTempFileName();
String arg0Name = "ARG0";
String arg1Name = "ARG1";
string scriptText = String.Format(
"echo %{0}%:%{1}%:%USERNAME%:%PASSWORD% > \"{2}\"", prefix + arg0Name,
prefix + arg1Name, tempFileName);
IDictionary<string, object> arguments = new Dictionary<string, object>();
string arg0 = "argument_zero";
string arg1 = "argument one";
arguments.Add(arg0Name, arg0);
arguments.Add(arg1Name, arg1);
OperationOptionsBuilder builder = new OperationOptionsBuilder();
if (user.Length > 0)
{
builder.RunAsUser = user;
}
if (password.Length > 0)
{
builder.RunWithPassword = GetGuardedString(password);
}
builder.Options["variablePrefix"] = prefix;
ScriptContext context = new ScriptContext("Shell", scriptText, arguments);
object resultObject = connector.RunScriptOnResource(context, builder.Build());
Assert.IsNotNull(resultObject);
Assert.That(resultObject is int);
Assert.AreEqual(0, resultObject);
FileStream outputFs = new FileStream(tempFileName, FileMode.Open, FileAccess.Read);
StreamReader outputReader = new StreamReader(outputFs);
// read the first line
string output = outputReader.ReadLine();
string[] returnedArray = output.Split(':');
Assert.AreEqual(4, returnedArray.Length);
Assert.AreEqual((arg0), returnedArray[0]);
Assert.AreEqual((arg1), returnedArray[1]);
}
public void TestSchema()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Schema schema = connector.Schema();
Boolean foundOptionalAttributes = false;
Boolean foundOperationalAttributes = false;
// just a very high level check of things. Should have 3 ObjectClassInfos,
// (group, account, and organizationalUnit) and nothing contained in them
// should be null. Group and account should have some operational
// attributes
Assert.AreEqual(3, schema.ObjectClassInfo.Count);
foreach (ObjectClassInfo ocInfo in schema.ObjectClassInfo)
{
Assert.IsNotNull(ocInfo);
Assert.That((ocInfo.ObjectType == ObjectClass.ACCOUNT.GetObjectClassValue())
|| (ocInfo.ObjectType == ActiveDirectoryConnector.OBJECTCLASS_GROUP)
|| (ocInfo.ObjectType == ActiveDirectoryConnector.OBJECTCLASS_OU));
Trace.WriteLine("****** " + ocInfo.ObjectType);
// skip this for organizational unit ... it doesnt really have this
if (ocInfo.ObjectType.Equals(ActiveDirectoryConnector.ouObjectClass))
{
continue;
}
foreach (ConnectorAttributeInfo caInfo in ocInfo.ConnectorAttributeInfos)
{
Assert.IsNotNull(caInfo);
Trace.WriteLine(String.Format("{0} {1} {2} {3}", caInfo.Name,
caInfo.IsCreatable ? "createable" : "",
caInfo.IsUpdateable ? "updateable" : "",
caInfo.IsRequired ? "required" : "",
caInfo.IsMultiValued ? "multivalue" : ""));
if (ConnectorAttributeUtil.IsSpecial(caInfo))
{
foundOperationalAttributes = true;
}
else
{
if (!caInfo.IsRequired)
{
foundOptionalAttributes = true;
}
}
}
Assert.That(foundOperationalAttributes && foundOptionalAttributes);
}
}
public void TestAccountLocked()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
// create user
ICollection<ConnectorAttribute> createAttributes = GetNormalAttributes_Account();
// remove password, and set to something memorable
createAttributes.Remove(ConnectorAttributeUtil.Find(OperationalAttributes.PASSWORD_NAME, createAttributes));
GuardedString gsCurrentPassword = GetGuardedString("1Password");
createAttributes.Add(ConnectorAttributeBuilder.BuildPassword(gsCurrentPassword));
createAttributes.Add(ConnectorAttributeBuilder.BuildEnabled(true));
createUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, createAttributes);
// make sure authenticate works here
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
// not allowed to lock ... only unlock, so test unlock
// setting on machine must lockout user after 3 unsuccessful
// attempst for this to work.
// lock out by having unsucessful attempts.
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("bogusPassword"), null);
}
catch (Exception e)
{
}
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("bogusPassword"), null);
}
catch (Exception e)
{
}
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
GetGuardedString("bogusPassword"), null);
}
catch (Exception e)
{
}
bool exceptionCaught = false;
try
{
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
}
catch (Exception e)
{
exceptionCaught = true;
}
Assert.IsTrue(exceptionCaught, "Account not locked. Make sure that the server is setup for account lockout after 3 attempts");
ICollection<ConnectorAttribute> unlockAttrs =
new HashSet<ConnectorAttribute>();
unlockAttrs.Add(
ConnectorAttributeBuilder.BuildLockOut(false));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, unlockAttrs);
// make sure succeeds
connector.Authenticate(ObjectClass.ACCOUNT,
ConnectorAttributeUtil.GetAsStringValue(ConnectorAttributeUtil.Find("sAMAccountName", createAttributes)),
gsCurrentPassword, null);
// now try to write lockout. Should get connector exception
bool connectorExceptionCaught = false;
try
{
ICollection<ConnectorAttribute> lockAttrs =
new HashSet<ConnectorAttribute>();
lockAttrs.Add(
ConnectorAttributeBuilder.BuildLockOut(true));
UpdateReplaceAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, lockAttrs);
}
catch (ConnectorException e)
{
connectorExceptionCaught = true;
}
Assert.IsTrue(connectorExceptionCaught);
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, false, true);
}
}
}
public void ExecuteQuery(ExecuteQueryContext context)
{
ExchangeConnector exconn = (ExchangeConnector)context.Connector;
ActiveDirectoryConnector adconn = exconn.ActiveDirectoryConnector;
ICollection <string> attsToGet = null;
if (context.Options != null && context.Options.AttributesToGet != null)
{
attsToGet = CollectionUtil.NewList(context.Options.AttributesToGet);
}
// delegate to get the exchange attributes if requested
ResultsHandler filter = new SearchResultsHandler()
{
Handle = cobject =>
{
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Object returned from AD connector: {0}", CommonUtils.DumpConnectorAttributes(cobject.GetAttributes()));
ConnectorObject filtered = ExchangeUtility.ConvertAdAttributesToExchange(cobject);
//filtered = AddExchangeAttributes(exconn, context.ObjectClass, filtered, attsToGet);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Object as passed from Exchange connector: {0}", CommonUtils.DumpConnectorAttributes(filtered.GetAttributes()));
return(context.ResultsHandler.Handle(filtered));
},
HandleResult = result =>
{
if (context.ResultsHandler is SearchResultsHandler)
{
((SearchResultsHandler)context.ResultsHandler).HandleResult(result);
}
}
};
ResultsHandler handler2use = filter;
OperationOptions options2use = context.Options;
// mapping AttributesToGet from Exchange to AD "language"
// actually, we don't need this code any more, because there are no attribute that are not retrieved by default
// Uncomment this code if necessary in the future.
if (context.Options != null && context.Options.AttributesToGet != null)
{
/*
* ISet<string> mappedExchangeAttributesToGet = new HashSet<string>(AttMap2AD.Keys);
* mappedExchangeAttributesToGet.IntersectWith(options.AttributesToGet);
* if (mappedExchangeAttributesToGet.Count > 0 || attsToGet.Contains(AttRecipientType))
* {
* // replace Exchange attributes with AD names
* var newAttsToGet = ExchangeUtility.FilterReplace(attsToGet, AttMap2AD);
*
* // we have to remove recipient type, as it is unknown to AD
* newAttsToGet.Remove(AttRecipientType);
*
* // build new op options
* var builder = new OperationOptionsBuilder(options);
* string[] attributesToGet = new string[newAttsToGet.Count];
* newAttsToGet.CopyTo(attributesToGet, 0);
* builder.AttributesToGet = attributesToGet;
* options2use = builder.Build();
* } */
/*
* if (attsToGet.Contains(ExchangeConnectorAttributes.AttDatabase))
* {
* attsToGet.Remove(ExchangeConnectorAttributes.AttDatabase);
*
* // build new op options
* var builder = new OperationOptionsBuilder(context.Options);
* string[] attributesToGet = new string[attsToGet.Count];
* attsToGet.CopyTo(attributesToGet, 0);
* builder.AttributesToGet = attributesToGet;
* options2use = builder.Build();
* }
*/
}
adconn.ExecuteQueryInternal(context.ObjectClass,
context.Query, handler2use, options2use,
GetAdAttributesToReturn(adconn, context.ObjectClass, context.Options));
}
public void TestAddGroup_Account()
{
//Initialize Connector
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid groupUid = null;
Uid userUid = null;
try
{
userUid = CreateAndVerifyObject(connector,
ObjectClass.ACCOUNT, GetNormalAttributes_Account());
Filter userUidFilter = FilterBuilder.EqualTo(userUid);
IList<ConnectorObject> foundUserObjects =
TestHelpers.SearchToList(connector, ObjectClass.ACCOUNT, userUidFilter);
Assert.AreEqual(1, foundUserObjects.Count);
groupUid = CreateAndVerifyObject(connector,
ActiveDirectoryConnector.groupObjectClass, GetNormalAttributes_Group());
Filter groupUidFilter = FilterBuilder.EqualTo(groupUid);
IList<ConnectorObject> foundGroupObjects =
TestHelpers.SearchToList(connector, ActiveDirectoryConnector.groupObjectClass, groupUidFilter);
Assert.AreEqual(1, foundGroupObjects.Count);
String groupName = foundGroupObjects[0].Name.GetNameValue();
ICollection<ConnectorAttribute> modifiedAttrs = new HashSet<ConnectorAttribute>();
modifiedAttrs.Add(ConnectorAttributeBuilder.Build(PredefinedAttributes.GROUPS_NAME, groupName));
OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
ICollection<String> attributesToGet = GetDefaultAttributesToGet(ObjectClass.ACCOUNT);
attributesToGet.Add(PredefinedAttributes.GROUPS_NAME);
optionsBuilder.AttributesToGet = attributesToGet.ToArray();
UpdateAddAndVerifyUser(connector, ObjectClass.ACCOUNT,
userUid, modifiedAttrs, optionsBuilder.Build());
}
finally
{
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT, userUid, false, false);
DeleteAndVerifyObject(connector, ActiveDirectoryConnector.groupObjectClass, groupUid, false, false);
}
}
private void RenameObjectAndVerify(ActiveDirectoryConnector connector, ObjectClass oc, ICollection<ConnectorAttribute> createAttributes)
{
Uid createdUid = null;
Uid updatedUid = null;
try
{
// create the objec
createdUid = CreateAndVerifyObject(connector, oc, createAttributes);
// update the name of the object
var oldName = ConnectorAttributeUtil.GetNameFromAttributes(createAttributes);
var newName = ActiveDirectoryUtils.GetRelativeName(oldName);
newName = newName.Trim() + "_new, " + GetProperty(ConfigHelper.CONFIG_PROPERTY_CONTAINER);
updatedUid = UpdateReplaceAndVerifyObject(connector, oc, createdUid,
new List<ConnectorAttribute>() { ConnectorAttributeBuilder.Build(Name.NAME, newName) });
if (oc.Equals(ObjectClass.ACCOUNT))
{
Assert.AreEqual(createdUid, updatedUid, "The Uid of an object of type ACCOUNT must not change.");
}
// test if the original object exists
var nameFilter = FilterBuilder.EqualTo(ConnectorAttributeBuilder.Build(Name.NAME, oldName.Value));
var optionsBuilder = new OperationOptionsBuilder()
{
AttributesToGet = new[] { Name.NAME }
};
var originalObjects = TestHelpers.SearchToList(connector, oc, nameFilter, optionsBuilder.Build());
Assert.AreEqual(0, originalObjects.Count,
string.Format(System.Globalization.CultureInfo.InvariantCulture,
"An object of type '{0}' with the original name exists.", oc));
}
finally
{
if (createdUid != null)
{
DeleteAndVerifyObject(connector, oc, createdUid, false, false);
}
//make sure that the updated object is deleted as well
if (updatedUid != null)
{
DeleteAndVerifyObject(connector, oc, updatedUid, false, false);
}
}
}
public void TestSearchByRegularAttribute_account()
{
ActiveDirectoryConnector connector = new ActiveDirectoryConnector();
connector.Init(ConfigHelper.GetConfiguration());
Uid createUid = null;
try
{
ConnectorAttribute createSnAttr =
ConnectorAttributeBuilder.Build("sn", "nunitSearch");
ICollection<ConnectorAttribute> attributes = GetNormalAttributes_Account();
attributes.Remove(ConnectorAttributeUtil.Find("sn", attributes));
attributes.Add(createSnAttr);
createUid = CreateAndVerifyObject(connector, ObjectClass.ACCOUNT,
attributes);
ICollection<ConnectorObject> results = TestHelpers.SearchToList(connector,
ObjectClass.ACCOUNT, FilterBuilder.EqualTo(createSnAttr));
// there should be at least the newly created one
Assert.GreaterOrEqual(results.Count, 1);
// and it must have the value we were searching for
Boolean foundCreated = false;
foreach (ConnectorObject resultObject in results)
{
ConnectorAttribute foundSnAttr =
resultObject.GetAttributeByName("sn");
Assert.AreEqual(createSnAttr, foundSnAttr);
// keep track of if we've found the one we created
if (createUid.Equals(resultObject.Uid))
{
// cant have it twice
Assert.IsFalse(foundCreated);
foundCreated = true;
}
}
// be certain we saw the one we created
Assert.IsTrue(foundCreated);
}
finally
{
if (createUid != null)
{
//remove the one we created
DeleteAndVerifyObject(connector, ObjectClass.ACCOUNT,
createUid, false, true);
}
}
}