private static Dictionary <string, int> GetAllPortalObjects(ADObjectType objType)
{
var resultNodes = GetAllPortalObjectsByADObjectTypeAndPath(objType, "/Root/IMS");
//var startPath = "/Root/IMS";
//var types = (objType == ADObjectType.AllContainers)
// ? new[] { Common.GetNodeType(ADObjectType.OrgUnit).Name, Common.GetNodeType(ADObjectType.Container).Name, Common.GetNodeType(ADObjectType.Domain).Name }
// : new[] { Common.GetNodeType(objType).Name };
//var settings = new QuerySettings { EnableAutofilters = FilterStatus.Disabled, EnableLifespanFilter = FilterStatus.Disabled };
//var result = ContentQuery.Query(SafeQueries.InTreeAndTypeIs, settings, startPath, types);
var nodeList = new List <Node>();
foreach (var node in resultNodes)
{
try
{
if (!string.IsNullOrEmpty(node.GetProperty <string>("SyncGuid")))
{
nodeList.Add(node);
}
}
catch (Exception ex)
{
AdLog.LogError("Error caching nodes" + Environment.NewLine + "NodeId: " + node.Id + Environment.NewLine + "Node path: " + node.Path);
AdLog.LogException(ex);
throw ex; // rethrow, do not allow adsync to run. if there is something wrong with the syncguid property things can go wrong (content unintentionally deleted, etc.)
}
}
var guidIdList = nodeList.Select(node => new { Guid = node.GetProperty <string>("SyncGuid").ToLower(), ID = node.Id });
return(guidIdList.ToDictionary(a => a.Guid, a => a.ID));
}
// gets members of an AD group and returns the corresponding list of <Guid, ADObjectType> objects
private Dictionary <Guid, ADGroupMember> GetADGroupMembers(DirectoryEntry group, SyncTree syncTree)
{
var members = new Dictionary <Guid, ADGroupMember>();
var memberCount = group.Properties["member"].Count;
AdLog.LogADObject(string.Format("Group contains {0} member(s).", memberCount), group.Path);
for (int i = 0; i < memberCount; i++)
{
string sMemberDN = group.Properties["member"][i].ToString();
var objSyncTree = GetSyncTreeForObject(sMemberDN);
if (objSyncTree == null)
{
AdLog.LogWarning(string.Format("AD group contains an object that is not contained in any of the synctrees, group's synctree will be used to retrieve the object (group: {0}, object: {1})", group.Path, sMemberDN));
objSyncTree = syncTree;
}
using (DirectoryEntry oADMember = objSyncTree.ConnectToObject(sMemberDN))
{
if (oADMember != null)
{
var guid = Common.GetADObjectGuid(oADMember, _config.GuidProp);
if (guid != null)
{
var userNameProp = oADMember.Properties[_config.UserNameProp];
var userNameValue = userNameProp == null ? null : userNameProp.Value;
if (userNameValue == null)
{
AdLog.LogError(string.Format("Property {0} of AD group member \"{1}\" is missing or value is null", _config.UserNameProp, sMemberDN));
continue;
}
members.Add(
((Guid)guid),
new ADGroupMember()
{
objType = Common.GetADObjectType(oADMember, _config.NovellSupport),
Path = oADMember.Path,
SamAccountName = userNameValue.ToString()
});
}
}
else
{
AdLog.LogWarning(string.Format("AD group member could not be retrieved (group: {0}, object: {1})", group.Path, sMemberDN));
}
}
}
return(members);
}
public void DeleteADObject(string nodePath, Guid?guid)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
if (!IsSyncedObject(nodePath))
{
return;
}
AdLog.LogPortalObject("Deleting AD object", nodePath);
//var guid = Common.GetPortalObjectGuid(node);
if (guid.HasValue)
{
SyncTreeADObject ADObject = GetADObjectByGuid((Guid)guid);
using (DirectoryEntry entry = ADObject.entry)
{
if (entry != null)
{
// disable users under AD object and move them to specific folder
var deletedPath = ADObject.syncTree.DeletedADObjectsPath;
bool entryDeleted = false;
using (DirectoryEntry deletedParent = ADObject.syncTree.ConnectToObject(deletedPath))
{
using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry))
{
foreach (SearchResult result in resultColl)
{
using (DirectoryEntry userEntry = result.GetDirectoryEntry())
{
var userPath = userEntry.Path;
// disable user and move to deleted folder
if (deletedParent != null)
{
userEntry.MoveTo(deletedParent);
}
else
{
AdLog.LogError("Folder for deleted users could not be found on AD server!");
}
Common.DisableUserAccount(userEntry);
Common.DisableADObjectCustomProperties(userEntry, _propertyMappings, _config.ADNameMaxLength, _config.ADsAMAccountNameMaxLength);
userEntry.CommitChanges();
// ha a parent objektum maga egy user volt, akkor őt később már nem kell törölni
if (entry.Path == userPath)
{
entryDeleted = true;
}
}
}
}
}
// delete remaining entries under this entry including itself (if it has not been deleted yet)
if (!entryDeleted)
{
// double check user containment: if it still contains users, raise an error!
using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry))
{
if (resultColl.Count == 0)
{
entry.DeleteTree();
}
else
{
AdLog.LogErrorADObject("AD container cannot be deleted, it contains users!", entry.Path);
}
}
}
}
else
{
AdLog.LogErrorPortalObject(string.Format("AD object with the given GUID ({0}) does not exist", guid.ToString()), nodePath);
}
}
}
else
{
AdLog.LogErrorPortalObject("Portal node does not have a syncguid", nodePath);
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
private void UpdatePortalGroupProperties(DirectoryEntry entry, Node node, SyncTree syncTree)
{
AdLog.LogObjects("Updating portal group properties", entry.Path, node.Path);
node.Name = Common.GetADObjectName(entry.Name);
// set members
var group = (Group)node;
var portalMembers = group.Members;
var adMembers = GetADGroupMembers(entry, syncTree);
var removeMembers = new List <Node>();
// add new members:
foreach (Guid guid in adMembers.Keys)
{
try
{
//bool validResult;
//Node portalNode = GetNodeByGuid(guid, adMembers[guid].objType, out validResult);
//string adPath = adMembers[guid].Path;
//var portalNodePath = syncTree.GetPortalPath(adPath);
//portalNodePath = portalNodePath.Substring(0, portalNodePath.LastIndexOf('/'));
//portalNodePath = RepositoryPath.Combine(portalNodePath, adMembers[guid].SamAccountName);
//Node portalNode = Node.Load<Node>(portalNodePath);
Node portalNode = null;
string guidStr = guid.ToString();
if (_useOnTheFlyMemberQuery)
{
portalNode = Common.GetPortalObjectByGuid(guid);
}
else
{
switch (adMembers[guid].objType)
{
case ADObjectType.User:
portalNode = (_portalUsers.ContainsKey(guidStr)) ? Node.LoadNode(_portalUsers[guidStr]) : null;
break;
case ADObjectType.Group:
portalNode = (_portalGroups.ContainsKey(guidStr)) ? Node.LoadNode(_portalGroups[guidStr]) : null;
break;
default:
break;
}
}
if (portalNode != null)
{
if (!portalMembers.Any(n => n.Id == portalNode.Id))
{
switch (adMembers[guid].objType)
{
case ADObjectType.Group:
group.AddMember((IGroup)portalNode);
break;
case ADObjectType.User:
group.AddMember((IUser)portalNode);
break;
default:
// log: AD group membere se nem user, se nem group
AdLog.LogErrorObjects("Member is neither a user nor a group", adMembers[guid].Path, portalNode.Path);
break;
}
}
}
else
{
// log: a group a portálon nem létező user-t tartalmaz
// a synctree-k elvileg tartalmazzák, mert a GetADGroupMembers csak synctree által tartalmazott objektumokat ad vissza
AdLog.LogErrorADObject("Member does not exist in portal", adMembers[guid].Path);
}
}
catch
{
AdLog.LogErrorADObject("Could not add member to group", adMembers[guid].Path);
}
}
// remove old members
// add nodes of portal group members to removeMembers list,
// that have no corresponding AD objects in AD group
foreach (Node member in portalMembers)
{
string guidStr = member["SyncGuid"] as string;
if (guidStr != null)
{
if (!adMembers.Keys.Contains(new Guid(guidStr)))
{
removeMembers.Add(member);
}
}
else
{
// log: a portál csoport szinkronizálatlan objektumot is tartalmaz
AdLog.LogError(string.Format("Portal group contains unsynchronized object (group: {0}, object: {1}", group.Path, member.Path));
}
}
// remove members from portal group
foreach (Node member in removeMembers)
{
var portalUser = member as IUser;
if (portalUser != null)
{
group.RemoveMember(portalUser);
}
else
{
var portalGroup = member as IGroup;
if (portalGroup != null)
{
group.RemoveMember(portalGroup);
}
}
}
// node.Save() nem kell, később mentődik
}
