private SearchResult TryGetPrincipal(PrincipalSearchType searchType, string principalName)
{
if (string.IsNullOrEmpty(principalName))
{
return(null);
}
this.LogDebug($"Trying to a {searchType} search for principal \"{principalName}\"...");
PrincipalId principalId = null;
var searchString = new StringBuilder();
if (searchType == PrincipalSearchType.Users)
{
principalId = UserId.Parse(principalName);
searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})");
}
else if (searchType.HasFlag(PrincipalSearchType.Groups))
{
principalId = GroupId.Parse(principalName);
searchString.Append("(|");
searchString.Append($"(sAMAccountName={LDAP.Escape(principalId?.Principal ?? principalName)})");
searchString.Append($"(name={LDAP.Escape(principalId?.Principal ?? principalName)})");
searchString.Append(")");
}
else if (searchType == PrincipalSearchType.UsersAndGroups)
{
throw new ArgumentOutOfRangeException(nameof(searchType));
}
HashSet <CredentialedDomain> domains;
if (principalId == null)
{
this.LogDebug($"No domain specified, searching through aliases.");
domains = this.domainsToSearch.Value;
}
else
{
this.LogDebug($"Domain alias \"{principalId.DomainAlias}\" will be used.");
domains = new HashSet <CredentialedDomain>();
domains.Add(new CredentialedDomain(principalId.DomainAlias));
}
foreach (var domain in domains)
{
this.LogDebug($"Searching domain {domain}...");
using (var entry = new DirectoryEntry("LDAP://DC=" + domain.Name.Replace(".", ",DC="), domain.UserName, domain.Password))
using (var searcher = new DirectorySearcher(entry))
{
searcher.Filter = searchString.ToString();
var result = searcher.FindOne();
if (result != null)
{
return(result);
}
}
}
this.LogDebug($"Principal not found.");
return(null);
}
private IEnumerable <IUserDirectoryPrincipal> FindPrincipals(PrincipalSearchType searchType, string searchTerm)
{
if (string.IsNullOrEmpty(searchTerm))
{
yield break;
}
var categoryFilter = AH.Switch <PrincipalSearchType, string>(searchType)
.Case(PrincipalSearchType.UsersAndGroups, "(|(objectCategory=user)(objectCategory=group))")
.Case(PrincipalSearchType.Groups, "(objectCategory=group)")
.Case(PrincipalSearchType.Users, "(objectCategory=user)")
.End();
var st = LDAP.Escape(searchTerm);
var filter = $"(&{categoryFilter}(|(userPrincipalName={st}*)(sAMAccountName={st}*)(name={st}*)(displayName={st}*)))";
this.LogDebug("Search term: " + searchTerm);
this.LogDebug("Filter string: " + filter);
foreach (var domain in this.domainsToSearch.Value)
{
this.LogDebug("Searching domain: " + domain);
using (var entry = new DirectoryEntry(this.GetLdapRoot() + "DC=" + domain.Name.Replace(".", ",DC="), domain.UserName, domain.Password))
using (var searcher = new DirectorySearcher(entry))
{
searcher.Filter = filter;
using (var results = searcher.FindAll())
{
foreach (SearchResult result in results)
{
var principal = this.CreatePrincipal(result);
if (principal == null)
{
continue;
}
yield return(principal);
}
}
}
}
}
private void GetParentGroups(PrincipalId principalId, HashSet <GroupId> groupList, bool recurse)
{
var escapedUserPrincipalName = LDAP.Escape(principalId.ToString());
var filter = string.Format(
"(&(|(objectCategory=user)(objectCategory=group))(|(userPrincipalName={0})(sAMAccountName={1})(name={1})))",
LDAP.Escape(principalId.ToString()),
LDAP.Escape(principalId.Principal)
);
try
{
using (var entry = new DirectoryEntry($"LDAP://" + principalId.GetDomainSearchPath()))
using (var searcher = new DirectorySearcher(entry))
{
searcher.Filter = filter;
var result = searcher.FindOne();
if (result == null)
{
return;
}
foreach (var group in result.ExtractGroups())
{
if (groupList.Add(group) && recurse)
{
this.GetParentGroups(group, groupList, true);
}
}
}
}
catch (Exception ex)
{
this.LogWarning("Failed to get active directory groups: " + ex.Message);
}
}