public bool UserExistsInGroup(LdapObject domainGroup, LdapObject domainUser, LdapSettings settings) // string memberString, string groupAttribute, string primaryGroupId)
{
try
{
if (domainGroup == null || domainUser == null)
{
return(false);
}
var memberString = domainUser.GetValue(Settings.UserAttribute) as string;
if (string.IsNullOrEmpty(memberString))
{
return(false);
}
var groupAttribute = settings.GroupAttribute;
if (string.IsNullOrEmpty(groupAttribute))
{
return(false);
}
var userPrimaryGroupId = domainUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
if (!string.IsNullOrEmpty(userPrimaryGroupId) && domainGroup.Sid.EndsWith("-" + userPrimaryGroupId))
{
// Domain Users found
return(true);
}
else
{
var members = domainGroup.GetValues(groupAttribute);
if (!members.Any())
{
return(false);
}
if (members.Any(member => memberString.Equals(member, StringComparison.InvariantCultureIgnoreCase) ||
member.Equals(domainUser.DistinguishedName, StringComparison.InvariantCultureIgnoreCase)))
{
return(true);
}
}
}
catch (Exception e)
{
Log.ErrorFormat("UserExistsInGroup() failed. Error: {0}", e);
}
return(false);
}
protected bool CheckGroupAttribute(LdapObject group, string groupAttr)
{
try
{
group.GetValue(groupAttr); // Group attribute can be empty - example => Domain users
}
catch (Exception e)
{
_log.ErrorFormat("Group Attribute parameter ({0}) not found: {1}. {2}",
Settings.GroupAttribute, groupAttr, e);
return(false);
}
return(true);
}
protected bool CheckUserAttribute(LdapObject user, string userAttr)
{
try
{
var userAttribute = user.GetValue(userAttr);
if (userAttribute == null || string.IsNullOrWhiteSpace(userAttribute.ToString()))
{
_log.DebugFormat("User Attribute parameter ({0}) not found: DN = {1}", Settings.UserAttribute,
user.DistinguishedName);
return(false);
}
}
catch (Exception e)
{
_log.ErrorFormat("User Attribute parameter ({0}) not found: userAttr = {1}. {2}",
Settings.UserAttribute, userAttr, e);
return(false);
}
return(true);
}
protected bool CheckLoginAttribute(LdapObject user, string loginAttribute)
{
try
{
var member = user.GetValue(loginAttribute);
if (member == null || string.IsNullOrWhiteSpace(member.ToString()))
{
_log.DebugFormat("Login Attribute parameter ({0}) not found: DN = {1}", Settings.LoginAttribute,
user.DistinguishedName);
return(false);
}
}
catch (Exception e)
{
_log.ErrorFormat("Login Attribute parameter ({0}) not found: loginAttribute = {1}. {2}", Settings.LoginAttribute,
loginAttribute, e);
return(false);
}
return(true);
}
private bool TryGetLdapUserGroups(LdapObject ldapUser, out List <LdapObject> ldapUserGroups)
{
ldapUserGroups = new List <LdapObject>();
try
{
if (!Settings.GroupMembership)
{
return(false);
}
if (ldapUser == null ||
string.IsNullOrEmpty(ldapUser.Sid))
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var userGroups = ldapUser.GetAttributes(LdapConstants.ADSchemaAttributes.MEMBER_OF, _log)
.Select(s => s.Replace("\\", string.Empty))
.ToList();
if (!userGroups.Any())
{
userGroups = ldapUser.GetAttributes(GROUP_MEMBERSHIP, _log);
}
var searchExpressions = new List <Expression>();
PrimaryGroupId = PrimaryGroupId ??
ldapUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
if (!string.IsNullOrEmpty(PrimaryGroupId))
{
var userSid = ldapUser.Sid;
var index = userSid.LastIndexOf("-", StringComparison.InvariantCultureIgnoreCase);
if (index > -1)
{
var primaryGroupSid = userSid.Substring(0, index + 1) + PrimaryGroupId;
searchExpressions.Add(Expression.Equal(ldapUser.SidAttribute, primaryGroupSid));
}
}
if (userGroups.Any())
{
searchExpressions.AddRange(userGroups
.Select(g => g.Substring(0, g.IndexOf(",", StringComparison.InvariantCultureIgnoreCase)))
.Where(s => !string.IsNullOrEmpty(s))
.Select(Expression.Parse)
.Where(e => e != null));
var criteria = Criteria.Any(searchExpressions.ToArray());
var foundList = LdapHelper.GetGroups(criteria);
if (foundList.Any())
{
ldapUserGroups.AddRange(foundList);
return(true);
}
}
else
{
var ldapGroups = LdapHelper.GetGroups();
ldapUserGroups.AddRange(
ldapGroups.Where(
ldapGroup =>
LdapHelper.UserExistsInGroup(ldapGroup, ldapUser, Settings)));
return(ldapUserGroups.Any());
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}",
ldapUser.DistinguishedName, ldapUser.Sid, ex);
}
}
return(false);
}