public bool UserExistsInGroup(LdapObject domainGroup, LdapObject domainUser, LdapSettings settings) // string memberString, string groupAttribute, string primaryGroupId)
{
try
{
if (domainGroup == null || domainUser == null)
{
return(false);
}
var memberString = domainUser.GetValue(Settings.UserAttribute) as string;
if (string.IsNullOrEmpty(memberString))
{
return(false);
}
var groupAttribute = settings.GroupAttribute;
if (string.IsNullOrEmpty(groupAttribute))
{
return(false);
}
var userPrimaryGroupId = domainUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
if (!string.IsNullOrEmpty(userPrimaryGroupId) && domainGroup.Sid.EndsWith("-" + userPrimaryGroupId))
{
// Domain Users found
return(true);
}
else
{
var members = domainGroup.GetValues(groupAttribute);
if (!members.Any())
{
return(false);
}
if (members.Any(member => memberString.Equals(member, StringComparison.InvariantCultureIgnoreCase) ||
member.Equals(domainUser.DistinguishedName, StringComparison.InvariantCultureIgnoreCase)))
{
return(true);
}
}
}
catch (Exception e)
{
Log.ErrorFormat("UserExistsInGroup() failed. Error: {0}", e);
}
return(false);
}
protected bool CheckGroupAttribute(LdapObject group, string groupAttr)
{
try
{
group.GetValue(groupAttr); // Group attribute can be empty - example => Domain users
}
catch (Exception e)
{
_log.ErrorFormat("Group Attribute parameter ({0}) not found: {1}. {2}",
Settings.GroupAttribute, groupAttr, e);
return(false);
}
return(true);
}
public IEnumerable <GroupInfo> GetAndCheckCurrentGroups(LdapObject ldapUser, IEnumerable <GroupInfo> portalGroups)
{
var result = new List <GroupInfo>();
try
{
var searchExpressions = new List <Expression>();
if (portalGroups != null && portalGroups.Any())
{
searchExpressions.AddRange(portalGroups.Select(g => Expression.Equal(LdapConstants.ADSchemaAttributes.OBJECT_SID, g.Sid)));
}
else
{
return(result);
}
var criteria = Criteria.Any(searchExpressions.ToArray());
var foundList = LdapHelper.GetGroups(criteria);
if (foundList.Any())
{
var stillExistingGroups = portalGroups.Where(g => foundList.Any(fg => fg.Sid == g.Sid));
foreach (var group in stillExistingGroups)
{
if (GetGroupUsers(group).Any(u => u.Sid == ldapUser.Sid))
{
result.Add(group);
}
}
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("GetAndCheckCurrentGroups(login: '******' sid: '{1}') error {2}",
ldapUser.DistinguishedName, ldapUser.Sid, ex);
}
}
return(result);
}
protected bool CheckGroupNameAttribute(LdapObject group, string groupAttr)
{
try
{
var groupNameAttribute = group.GetValues(groupAttr);
if (!groupNameAttribute.Any())
{
_log.DebugFormat("Group Name Attribute parameter ({0}) not found: {1}", Settings.GroupNameAttribute,
groupAttr);
return(false);
}
}
catch (Exception e)
{
_log.ErrorFormat("Group Attribute parameter ({0}) not found: {1}. {2}", Settings.GroupNameAttribute,
groupAttr, e);
return(false);
}
return(true);
}
protected bool CheckUserAttribute(LdapObject user, string userAttr)
{
try
{
var userAttribute = user.GetValue(userAttr);
if (userAttribute == null || string.IsNullOrWhiteSpace(userAttribute.ToString()))
{
_log.DebugFormat("User Attribute parameter ({0}) not found: DN = {1}", Settings.UserAttribute,
user.DistinguishedName);
return(false);
}
}
catch (Exception e)
{
_log.ErrorFormat("User Attribute parameter ({0}) not found: userAttr = {1}. {2}",
Settings.UserAttribute, userAttr, e);
return(false);
}
return(true);
}
protected bool CheckLoginAttribute(LdapObject user, string loginAttribute)
{
try
{
var member = user.GetValue(loginAttribute);
if (member == null || string.IsNullOrWhiteSpace(member.ToString()))
{
_log.DebugFormat("Login Attribute parameter ({0}) not found: DN = {1}", Settings.LoginAttribute,
user.DistinguishedName);
return(false);
}
}
catch (Exception e)
{
_log.ErrorFormat("Login Attribute parameter ({0}) not found: loginAttribute = {1}. {2}", Settings.LoginAttribute,
loginAttribute, e);
return(false);
}
return(true);
}
public void Add(LdapObject aObject)
{
fData.Add(aObject);
}
public LdapSearchResults Search(String baseObject, SearchScope scope, AliasDereferencing aliases, Int32 size, Int32 time, Boolean typesOnly,
String filter, String[] attributes)
{
if (attributes == null || attributes.Length == 0)
{
attributes = new String[] { AllAttributes }
}
;
BerValue[] attributevalues = new BerValue[attributes.Length];
for (Int32 i = 0; i < attributes.Length; i++)
{
attributevalues[i] = new BerString(Asn1.OCTETSTRING, attributes[i]);
}
Int32 lSequenceId = SendLdapRequest(Asn1.LDAPSEARCHREQ,
new BerString(Asn1.OCTETSTRING, baseObject),
new BerEnumerated((Int32)scope),
new BerEnumerated((Int32)aliases),
new BerInteger(size),
new BerInteger(time),
new BerBoolean(typesOnly),
Asn1.ParseFilter(String.IsNullOrEmpty(filter) ? "(objectclass=*)" : filter),
new BerSequence(Asn1.SEQUENCE, attributevalues));
LdapSearchResults lResults = new LdapSearchResults();
while (true)
{
Response lResponse = ReadResponse();
if (lResponse.SequenceId != lSequenceId)
{
throw new LdapException("Invalid sequence id in bind response");
}
if (lResponse.Code != 0)
{
throw new LdapException(lResponse.Code);
}
if (lResponse.TypeCode == Asn1.LDAPSEARCHENTRY)
{
if (lResponse.RestData != null && lResponse.RestData.Length > 0 && lResponse.RestData[0].Type == BerType.String)
{
LdapObject obj = new LdapObject(((BerString)lResponse.RestData[0]).Value);
lResults.Add(obj);
if (lResponse.RestData.Length > 1 && lResponse.RestData[1].Type == BerType.Sequence)
{
foreach (BerValue attribute in ((BerSequence)lResponse.RestData[1]).Items)
{
if (attribute.Type == BerType.Sequence && ((BerSequence)attribute).Items.Count > 0 && ((BerSequence)attribute).Items[0].Type == BerType.String)
{
LdapAttribute att = new LdapAttribute(((BerString)((BerSequence)attribute).Items[0]).Value);
obj.Attributes.Add(att);
if (((BerSequence)attribute).Items.Count <= 1 || ((BerSequence)attribute).Items[1].Type != BerType.Sequence)
{
continue;
}
foreach (BerValue value in ((BerSequence)((BerSequence)attribute).Items[1]).Items)
{
switch (value.Type)
{
case BerType.BitString:
att.Binary = true;
att.Add(((BerBinary)value).Value);
break;
case BerType.Boolean:
att.Binary = false;
att.Add(((BerBoolean)value).Value.ToString());
break;
case BerType.Enumerated:
case BerType.Integer:
att.Binary = false;
att.Add(((BerInteger)value).Value.ToString());
break;
case BerType.IpAddress:
att.Binary = false;
att.Add(((BerIpAddress)value).Value.ToString());
break;
case BerType.Other:
att.Binary = true;
att.Add(((BerOther)value).Value);
break;
case BerType.String:
att.Binary = false;
att.Add(((BerString)value).Value);
break;
case BerType.UInteger:
att.Binary = false;
att.Add(((BerUInteger)value).Value.ToString());
break;
}
}
}
}
}
}
}
else if (lResponse.TypeCode == Asn1.LDAPSEARCHREF)
{
if (lResponse.Referers != null)
{
foreach (BerValue val in lResponse.Referers.Items)
{
if (val is BerString)
{
lResults.Referals.Add(((BerString)val).Value);
}
}
}
else if (lResponse.RestData != null)
{
foreach (BerValue val in lResponse.RestData)
{
if (val is BerString)
{
lResults.Referals.Add(((BerString)val).Value);
}
if (val is BerSequence)
{
foreach (BerValue val2 in ((BerSequence)val).Items)
{
if (val2 is BerString)
{
lResults.Referals.Add(((BerString)val2).Value);
}
}
}
}
}
}
else if (lResponse.TypeCode == Asn1.LDAPSEARCHDONE)
{
break;
}
else
{
throw new LdapException("Unknown response from server");
}
}
return(lResults);
}
}
private bool TryGetLdapUserGroups(LdapObject ldapUser, out List <LdapObject> ldapUserGroups)
{
ldapUserGroups = new List <LdapObject>();
try
{
if (!Settings.GroupMembership)
{
return(false);
}
if (ldapUser == null ||
string.IsNullOrEmpty(ldapUser.Sid))
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var userGroups = ldapUser.GetAttributes(LdapConstants.ADSchemaAttributes.MEMBER_OF, _log)
.Select(s => s.Replace("\\", string.Empty))
.ToList();
if (!userGroups.Any())
{
userGroups = ldapUser.GetAttributes(GROUP_MEMBERSHIP, _log);
}
var searchExpressions = new List <Expression>();
PrimaryGroupId = PrimaryGroupId ??
ldapUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
if (!string.IsNullOrEmpty(PrimaryGroupId))
{
var userSid = ldapUser.Sid;
var index = userSid.LastIndexOf("-", StringComparison.InvariantCultureIgnoreCase);
if (index > -1)
{
var primaryGroupSid = userSid.Substring(0, index + 1) + PrimaryGroupId;
searchExpressions.Add(Expression.Equal(ldapUser.SidAttribute, primaryGroupSid));
}
}
if (userGroups.Any())
{
searchExpressions.AddRange(userGroups
.Select(g => g.Substring(0, g.IndexOf(",", StringComparison.InvariantCultureIgnoreCase)))
.Where(s => !string.IsNullOrEmpty(s))
.Select(Expression.Parse)
.Where(e => e != null));
var criteria = Criteria.Any(searchExpressions.ToArray());
var foundList = LdapHelper.GetGroups(criteria);
if (foundList.Any())
{
ldapUserGroups.AddRange(foundList);
return(true);
}
}
else
{
var ldapGroups = LdapHelper.GetGroups();
ldapUserGroups.AddRange(
ldapGroups.Where(
ldapGroup =>
LdapHelper.UserExistsInGroup(ldapGroup, ldapUser, Settings)));
return(ldapUserGroups.Any());
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}",
ldapUser.DistinguishedName, ldapUser.Sid, ex);
}
}
return(false);
}
