public bool UserExistsInGroup(LdapObject domainGroup, LdapObject domainUser, LdapSettings settings) // string memberString, string groupAttribute, string primaryGroupId) { try { if (domainGroup == null || domainUser == null) { return(false); } var memberString = domainUser.GetValue(Settings.UserAttribute) as string; if (string.IsNullOrEmpty(memberString)) { return(false); } var groupAttribute = settings.GroupAttribute; if (string.IsNullOrEmpty(groupAttribute)) { return(false); } var userPrimaryGroupId = domainUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string; if (!string.IsNullOrEmpty(userPrimaryGroupId) && domainGroup.Sid.EndsWith("-" + userPrimaryGroupId)) { // Domain Users found return(true); } else { var members = domainGroup.GetValues(groupAttribute); if (!members.Any()) { return(false); } if (members.Any(member => memberString.Equals(member, StringComparison.InvariantCultureIgnoreCase) || member.Equals(domainUser.DistinguishedName, StringComparison.InvariantCultureIgnoreCase))) { return(true); } } } catch (Exception e) { Log.ErrorFormat("UserExistsInGroup() failed. Error: {0}", e); } return(false); }
protected bool CheckGroupAttribute(LdapObject group, string groupAttr) { try { group.GetValue(groupAttr); // Group attribute can be empty - example => Domain users } catch (Exception e) { _log.ErrorFormat("Group Attribute parameter ({0}) not found: {1}. {2}", Settings.GroupAttribute, groupAttr, e); return(false); } return(true); }
public IEnumerable <GroupInfo> GetAndCheckCurrentGroups(LdapObject ldapUser, IEnumerable <GroupInfo> portalGroups) { var result = new List <GroupInfo>(); try { var searchExpressions = new List <Expression>(); if (portalGroups != null && portalGroups.Any()) { searchExpressions.AddRange(portalGroups.Select(g => Expression.Equal(LdapConstants.ADSchemaAttributes.OBJECT_SID, g.Sid))); } else { return(result); } var criteria = Criteria.Any(searchExpressions.ToArray()); var foundList = LdapHelper.GetGroups(criteria); if (foundList.Any()) { var stillExistingGroups = portalGroups.Where(g => foundList.Any(fg => fg.Sid == g.Sid)); foreach (var group in stillExistingGroups) { if (GetGroupUsers(group).Any(u => u.Sid == ldapUser.Sid)) { result.Add(group); } } } } catch (Exception ex) { if (ldapUser != null) { _log.ErrorFormat("GetAndCheckCurrentGroups(login: '******' sid: '{1}') error {2}", ldapUser.DistinguishedName, ldapUser.Sid, ex); } } return(result); }
protected bool CheckGroupNameAttribute(LdapObject group, string groupAttr) { try { var groupNameAttribute = group.GetValues(groupAttr); if (!groupNameAttribute.Any()) { _log.DebugFormat("Group Name Attribute parameter ({0}) not found: {1}", Settings.GroupNameAttribute, groupAttr); return(false); } } catch (Exception e) { _log.ErrorFormat("Group Attribute parameter ({0}) not found: {1}. {2}", Settings.GroupNameAttribute, groupAttr, e); return(false); } return(true); }
protected bool CheckUserAttribute(LdapObject user, string userAttr) { try { var userAttribute = user.GetValue(userAttr); if (userAttribute == null || string.IsNullOrWhiteSpace(userAttribute.ToString())) { _log.DebugFormat("User Attribute parameter ({0}) not found: DN = {1}", Settings.UserAttribute, user.DistinguishedName); return(false); } } catch (Exception e) { _log.ErrorFormat("User Attribute parameter ({0}) not found: userAttr = {1}. {2}", Settings.UserAttribute, userAttr, e); return(false); } return(true); }
protected bool CheckLoginAttribute(LdapObject user, string loginAttribute) { try { var member = user.GetValue(loginAttribute); if (member == null || string.IsNullOrWhiteSpace(member.ToString())) { _log.DebugFormat("Login Attribute parameter ({0}) not found: DN = {1}", Settings.LoginAttribute, user.DistinguishedName); return(false); } } catch (Exception e) { _log.ErrorFormat("Login Attribute parameter ({0}) not found: loginAttribute = {1}. {2}", Settings.LoginAttribute, loginAttribute, e); return(false); } return(true); }
public void Add(LdapObject aObject) { fData.Add(aObject); }
public LdapSearchResults Search(String baseObject, SearchScope scope, AliasDereferencing aliases, Int32 size, Int32 time, Boolean typesOnly, String filter, String[] attributes) { if (attributes == null || attributes.Length == 0) { attributes = new String[] { AllAttributes } } ; BerValue[] attributevalues = new BerValue[attributes.Length]; for (Int32 i = 0; i < attributes.Length; i++) { attributevalues[i] = new BerString(Asn1.OCTETSTRING, attributes[i]); } Int32 lSequenceId = SendLdapRequest(Asn1.LDAPSEARCHREQ, new BerString(Asn1.OCTETSTRING, baseObject), new BerEnumerated((Int32)scope), new BerEnumerated((Int32)aliases), new BerInteger(size), new BerInteger(time), new BerBoolean(typesOnly), Asn1.ParseFilter(String.IsNullOrEmpty(filter) ? "(objectclass=*)" : filter), new BerSequence(Asn1.SEQUENCE, attributevalues)); LdapSearchResults lResults = new LdapSearchResults(); while (true) { Response lResponse = ReadResponse(); if (lResponse.SequenceId != lSequenceId) { throw new LdapException("Invalid sequence id in bind response"); } if (lResponse.Code != 0) { throw new LdapException(lResponse.Code); } if (lResponse.TypeCode == Asn1.LDAPSEARCHENTRY) { if (lResponse.RestData != null && lResponse.RestData.Length > 0 && lResponse.RestData[0].Type == BerType.String) { LdapObject obj = new LdapObject(((BerString)lResponse.RestData[0]).Value); lResults.Add(obj); if (lResponse.RestData.Length > 1 && lResponse.RestData[1].Type == BerType.Sequence) { foreach (BerValue attribute in ((BerSequence)lResponse.RestData[1]).Items) { if (attribute.Type == BerType.Sequence && ((BerSequence)attribute).Items.Count > 0 && ((BerSequence)attribute).Items[0].Type == BerType.String) { LdapAttribute att = new LdapAttribute(((BerString)((BerSequence)attribute).Items[0]).Value); obj.Attributes.Add(att); if (((BerSequence)attribute).Items.Count <= 1 || ((BerSequence)attribute).Items[1].Type != BerType.Sequence) { continue; } foreach (BerValue value in ((BerSequence)((BerSequence)attribute).Items[1]).Items) { switch (value.Type) { case BerType.BitString: att.Binary = true; att.Add(((BerBinary)value).Value); break; case BerType.Boolean: att.Binary = false; att.Add(((BerBoolean)value).Value.ToString()); break; case BerType.Enumerated: case BerType.Integer: att.Binary = false; att.Add(((BerInteger)value).Value.ToString()); break; case BerType.IpAddress: att.Binary = false; att.Add(((BerIpAddress)value).Value.ToString()); break; case BerType.Other: att.Binary = true; att.Add(((BerOther)value).Value); break; case BerType.String: att.Binary = false; att.Add(((BerString)value).Value); break; case BerType.UInteger: att.Binary = false; att.Add(((BerUInteger)value).Value.ToString()); break; } } } } } } } else if (lResponse.TypeCode == Asn1.LDAPSEARCHREF) { if (lResponse.Referers != null) { foreach (BerValue val in lResponse.Referers.Items) { if (val is BerString) { lResults.Referals.Add(((BerString)val).Value); } } } else if (lResponse.RestData != null) { foreach (BerValue val in lResponse.RestData) { if (val is BerString) { lResults.Referals.Add(((BerString)val).Value); } if (val is BerSequence) { foreach (BerValue val2 in ((BerSequence)val).Items) { if (val2 is BerString) { lResults.Referals.Add(((BerString)val2).Value); } } } } } } else if (lResponse.TypeCode == Asn1.LDAPSEARCHDONE) { break; } else { throw new LdapException("Unknown response from server"); } } return(lResults); } }
private bool TryGetLdapUserGroups(LdapObject ldapUser, out List <LdapObject> ldapUserGroups) { ldapUserGroups = new List <LdapObject>(); try { if (!Settings.GroupMembership) { return(false); } if (ldapUser == null || string.IsNullOrEmpty(ldapUser.Sid)) { return(false); } if (!LdapHelper.IsConnected) { LdapHelper.Connect(); } var userGroups = ldapUser.GetAttributes(LdapConstants.ADSchemaAttributes.MEMBER_OF, _log) .Select(s => s.Replace("\\", string.Empty)) .ToList(); if (!userGroups.Any()) { userGroups = ldapUser.GetAttributes(GROUP_MEMBERSHIP, _log); } var searchExpressions = new List <Expression>(); PrimaryGroupId = PrimaryGroupId ?? ldapUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string; if (!string.IsNullOrEmpty(PrimaryGroupId)) { var userSid = ldapUser.Sid; var index = userSid.LastIndexOf("-", StringComparison.InvariantCultureIgnoreCase); if (index > -1) { var primaryGroupSid = userSid.Substring(0, index + 1) + PrimaryGroupId; searchExpressions.Add(Expression.Equal(ldapUser.SidAttribute, primaryGroupSid)); } } if (userGroups.Any()) { searchExpressions.AddRange(userGroups .Select(g => g.Substring(0, g.IndexOf(",", StringComparison.InvariantCultureIgnoreCase))) .Where(s => !string.IsNullOrEmpty(s)) .Select(Expression.Parse) .Where(e => e != null)); var criteria = Criteria.Any(searchExpressions.ToArray()); var foundList = LdapHelper.GetGroups(criteria); if (foundList.Any()) { ldapUserGroups.AddRange(foundList); return(true); } } else { var ldapGroups = LdapHelper.GetGroups(); ldapUserGroups.AddRange( ldapGroups.Where( ldapGroup => LdapHelper.UserExistsInGroup(ldapGroup, ldapUser, Settings))); return(ldapUserGroups.Any()); } } catch (Exception ex) { if (ldapUser != null) { _log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}", ldapUser.DistinguishedName, ldapUser.Sid, ex); } } return(false); }