protected bool IsValidGroup(LdapConnection connection, LdapIdentity domain, string groupName, out LdapIdentity validatedGroup) { validatedGroup = null; var group = LdapIdentity.ParseGroup(groupName); var searchFilter = $"(&({Names.ObjectClass}={Names.GroupClass})({Names.Identity(group)}={group.Name}))"; var response = Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, "DistinguishedName"); foreach (var entry in response) { var baseDn = LdapIdentity.BaseDn(entry.Dn); if (baseDn.Name == domain.Name) //only from user domain { validatedGroup = new LdapIdentity { Name = entry.Dn, Type = IdentityType.DistinguishedName }; return(true); } } return(false); }
protected virtual bool LoadProfile(LdapConnection connection, LdapIdentity domain, LdapIdentity user, out LdapProfile profile) { profile = null; var attributes = new[] { "DistinguishedName", "displayName", "mail", "telephoneNumber", "mobile", "memberOf" }; var searchFilter = $"(&(objectClass={Names.UserClass})({Names.Identity(user)}={user.Name}))"; _logger.Debug($"Querying user '{user.Name}' in {domain.Name}"); var response = Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, attributes); var entry = response.SingleOrDefault(); if (entry == null) { _logger.Error($"Unable to find user '{user.Name}' in {domain.Name}"); return(false); } profile = new LdapProfile { BaseDn = LdapIdentity.BaseDn(entry.Dn), DistinguishedName = entry.Dn, }; var attrs = entry.DirectoryAttributes; if (attrs.TryGetValue("displayName", out var displayNameAttr)) { profile.DisplayName = displayNameAttr.GetValue <string>(); } if (attrs.TryGetValue("mail", out var mailAttr)) { profile.Email = mailAttr.GetValue <string>(); } if (attrs.TryGetValue("telephoneNumber", out var phoneAttr)) { profile.Phone = phoneAttr.GetValue <string>(); } if (attrs.TryGetValue("mobile", out var mobileAttr)) { profile.Mobile = mobileAttr.GetValue <string>(); } if (attrs.TryGetValue("memberOf", out var memberOfAttr)) { profile.MemberOf = memberOfAttr.GetValues <string>().ToList(); } _logger.Debug($"User '{user.Name}' profile loaded: {profile.DistinguishedName}"); return(true); }
protected virtual async Task <LdapProfile> LoadProfile(LdapConnection connection, LdapIdentity domain, LdapIdentity user, ClientConfiguration clientConfig) { var profile = new LdapProfile(); var queryAttributes = new List <string> { "DistinguishedName", "displayName", "mail", "telephoneNumber", "mobile", "memberOf" }; var ldapReplyAttributes = clientConfig.GetLdapReplyAttributes(); foreach (var ldapReplyAttribute in ldapReplyAttributes) { if (!profile.LdapAttrs.ContainsKey(ldapReplyAttribute)) { profile.LdapAttrs.Add(ldapReplyAttribute, null); queryAttributes.Add(ldapReplyAttribute); } } var searchFilter = $"(&(objectClass={Names.UserClass})({Names.Identity(user)}={user.Name}))"; _logger.Debug($"Querying user '{{user:l}}' in {domain.Name}", user.Name); var response = await Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, queryAttributes.ToArray()); var entry = response.SingleOrDefault(); if (entry == null) { _logger.Error($"Unable to find user '{{user:l}}' in {domain.Name}", user.Name); return(null); } profile.BaseDn = LdapIdentity.BaseDn(entry.Dn); profile.DistinguishedName = entry.Dn; var attrs = entry.DirectoryAttributes; if (attrs.TryGetValue("displayName", out var displayNameAttr)) { profile.DisplayName = displayNameAttr.GetValue <string>(); } if (attrs.TryGetValue("mail", out var mailAttr)) { profile.Email = mailAttr.GetValue <string>(); } if (attrs.TryGetValue("telephoneNumber", out var phoneAttr)) { profile.Phone = phoneAttr.GetValue <string>(); } if (attrs.TryGetValue("mobile", out var mobileAttr)) { profile.Mobile = mobileAttr.GetValue <string>(); } if (attrs.TryGetValue("memberOf", out var memberOfAttr)) { profile.MemberOf = memberOfAttr.GetValues <string>().ToList(); } foreach (var key in profile.LdapAttrs.Keys.ToList()) //to list to avoid collection was modified exception { if (attrs.TryGetValue(key, out var attrValue)) { profile.LdapAttrs[key] = attrValue.GetValue <string>(); } else { _logger.Warning($"Can't load attribute '{key}' from user '{entry.Dn}'"); } } _logger.Debug($"User '{{user:l}}' profile loaded: {profile.DistinguishedName}", user.Name); if (clientConfig.ShouldLoadUserGroups()) { await LoadAllUserGroups(connection, domain, profile, clientConfig); } return(profile); }