static async Task Main(string[] args) { var u = "child@RS_Child.RuslanAD.local"; var ip = "10.199.77.175"; db = GetDomainDN(ip); user = LDAPAuthHelper.CreateUserFromInputData(u, AuthType.Basic); TryConnectInner(ip, u, "Fenofenora11"); }
private static IEnumerable <UserLogins> GetUserLogins() { // Preparing to search the Domain for the user's SAM or UPN var request = new SearchRequest(db, string.Format(SamOrUpnSearchFilter, user.Name, $"{user.Name}@{user.Domain}"), SearchScope.Subtree); request.Attributes.Add(MsDsPrincipalUserAttrName); request.Attributes.Add(UpnAttrName); var directoryResponse = connection.SendRequest(request); var dnResponse = directoryResponse as SearchResponse; if (dnResponse == null) { throw new DirectoryException( $"Failed to retrieve the user's {user.Name} attributes from the directory. " + $"Error: {((directoryResponse != null) ? directoryResponse.ErrorMessage : string.Empty)}"); } Console.WriteLine("GetUserAttributes: Search response item count: {0}", dnResponse.Entries.Count); var result = new List <UserLogins>(); if (dnResponse.Entries.Count <= 0) { return(result); } foreach (SearchResultEntry entry in dnResponse.Entries) { var sam = LDAPAuthHelper.GetAttributeNameAndValue(entry.Attributes[MsDsPrincipalUserAttrName]); var upn = LDAPAuthHelper.GetAttributeNameAndValue(entry.Attributes[UpnAttrName]); result.Add(new UserLogins(sam.Value, upn.Value)); Console.WriteLine($"GetLoginAttributes: Retrieved user's logins: {sam.Key} = {sam.Value}, {upn.Key} = {upn.Value}"); } return(result); }
private static bool TryConnectInner(string server, string userName, string password, bool isThrowException = false) { user = LDAPAuthHelper.CreateUserFromInputData(userName, AuthType.Basic); var authType = AuthType.Basic; var networkCredential = LDAPAuthHelper.CreateNetworkCredential(user, userName, password, authType); try { Console.WriteLine($"Creating LDAP connection to '{server}'."); connection = new LdapConnection(server) { AuthType = authType, AutoBind = true, Credential = networkCredential }; connection.SessionOptions.ProtocolVersion = 3; var domain = LDAPAuthHelper.GetDomainNameFromDistinguishedName(db); // Since UPN allows to define various suffixes and combination of UPN with Kerberos requires // exact domain name in the provided credential we have to create correct domain name // from configured domain distinguished name in this case, also we can use full non-parsed username if (authType == AuthType.Kerberos && user.LoginType == LoginType.Upn) { networkCredential.Domain = domain; networkCredential.UserName = userName; } // We have to do additional check for the user name // because of the following LDAP bind bug https://stackoverflow.com/questions/1153703/ldap-bind-s-returning-ldap-success-with-wrong-credentials connection.Bind(networkCredential); Console.WriteLine($"The user account '{userName}' was successfully connected to LDAP server '{server}' using '{authType}' authentication type."); // Get full SAM and UPN user names from LDAP and verify the value is equal to the login // provided by user in login page or LDAP test connection form var logins = GetUserLogins(); var login = logins.FirstOrDefault(x => (user.LoginType == LoginType.Sam ? x.Sam : x.Upn).Equals(userName, StringComparison.InvariantCultureIgnoreCase)); if (login == null && user.LoginType == LoginType.Upn) { // maybe we have short hand login like ldap@automation // that we can convert to [email protected] var userWitouhtDomain = user.Name; var userWithDomain = userWitouhtDomain + "@" + domain; login = logins.FirstOrDefault(x => x.Upn.Equals(userWithDomain, StringComparison.InvariantCultureIgnoreCase)); } if (login != null) { user.UserUpn = login.Upn; user.UserDn = GetUserDN(); Console.WriteLine($"The user account '{userName}' was successfully verified using LDAP attributes."); return(true); } Console.WriteLine($"The user account '{userName}' was not verified using LDAP attributes."); } catch (Exception ex) { Console.WriteLine(ex); } return(false); }