private void CreateNewPortalUser(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree)
{
try
{
AdLog.LogADObject(string.Format("New portal user - creating under {0}", parentPath), entry.Path);
var newUser = new User(Node.LoadNode(parentPath), _config.UserType);
// user actions
UpdatePortalUserProperties(entry, newUser, syncTree);
Common.UpdateLastSync(newUser, guid);
//newUser.Save(); - update lastsync already saves node
if (_portalUsers != null)
{
if (!_portalUsers.ContainsKey(guid.ToString()))
{
_portalUsers.Add(guid.ToString(), newUser.Id);
}
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
}
public static SearchResultCollection Search(DirectoryEntry searchRoot, string filter, bool novellSupport, string guidProp)
{
// Create a directory searcher
var dsDirSearcher = new DirectorySearcher(searchRoot);
// Set the search filter
dsDirSearcher.Filter = filter;
dsDirSearcher.SizeLimit = 10000;
dsDirSearcher.PageSize = 10000;
// NOVELL - force searcher to retrieve the objects' GUID
// - this is not done by default when connecting to Novell eDirectory
if (novellSupport)
{
dsDirSearcher.PropertiesToLoad.Add(guidProp);
}
// Find the user
try
{
var oResults = dsDirSearcher.FindAll();
return(oResults);
}
catch (Exception e)
{
AdLog.LogException(e);
}
return(null);
}
public static bool SyncVirtualUserFromAD(string adPath, Guid guid, User virtualUser, List <PropertyMapping> propertyMappings, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp, bool syncUserName)
{
bool success = false;
try
{
using (var serverEntry = ConnectToAD(adPath, customADAdminAccountName, customADAdminAccountPwd, novellSupport, guidProp))
{
var filter = string.Format("{0}={1}", guidProp, Common.Guid2OctetString(guid));
using (var entry = SearchADObject(serverEntry, filter, novellSupport, guidProp))
{
if (entry != null)
{
UpdatePortalUserCustomProperties(entry, virtualUser, propertyMappings, syncUserName);
virtualUser["SyncGuid"] = guid.ToString();
success = true;
}
}
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
return(success);
}
private static Dictionary <string, int> GetAllPortalObjects(ADObjectType objType)
{
var resultNodes = GetAllPortalObjectsByADObjectTypeAndPath(objType, "/Root/IMS");
//var startPath = "/Root/IMS";
//var types = (objType == ADObjectType.AllContainers)
// ? new[] { Common.GetNodeType(ADObjectType.OrgUnit).Name, Common.GetNodeType(ADObjectType.Container).Name, Common.GetNodeType(ADObjectType.Domain).Name }
// : new[] { Common.GetNodeType(objType).Name };
//var settings = new QuerySettings { EnableAutofilters = FilterStatus.Disabled, EnableLifespanFilter = FilterStatus.Disabled };
//var result = ContentQuery.Query(SafeQueries.InTreeAndTypeIs, settings, startPath, types);
var nodeList = new List <Node>();
foreach (var node in resultNodes)
{
try
{
if (!string.IsNullOrEmpty(node.GetProperty <string>("SyncGuid")))
{
nodeList.Add(node);
}
}
catch (Exception ex)
{
AdLog.LogError("Error caching nodes" + Environment.NewLine + "NodeId: " + node.Id + Environment.NewLine + "Node path: " + node.Path);
AdLog.LogException(ex);
throw ex; // rethrow, do not allow adsync to run. if there is something wrong with the syncguid property things can go wrong (content unintentionally deleted, etc.)
}
}
var guidIdList = nodeList.Select(node => new { Guid = node.GetProperty <string>("SyncGuid").ToLower(), ID = node.Id });
return(guidIdList.ToDictionary(a => a.Guid, a => a.ID));
}
/* ==================================================================================== Static Methods */
// gets directoryentry from AD - no custom account is used and Novell is not supported
public static DirectoryEntry ConnectToADSimple(string ldapPath)
{
var deADConn = new DirectoryEntry(ldapPath);
Exception exADConnectException = null;
bool bError = false;
for (int i = 0; i < 3; i++)
{
try
{
var oNativeObject = deADConn.NativeObject;
bError = false;
break;
}
catch (Exception ex)
{
bError = true;
exADConnectException = ex;
System.Threading.Thread.Sleep(3000);
}
}
if (bError)
{
AdLog.LogException(exADConnectException);
throw new Exception("Connecting to AD server failed", exADConnectException);
}
return(deADConn);
}
public static bool SyncVirtualUserFromAD(string adPath, string username, User virtualUser, List <PropertyMapping> propertyMappings, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp, bool syncUserName)
{
bool success = false;
try
{
using (var serverEntry = ConnectToAD(adPath, customADAdminAccountName, customADAdminAccountPwd, novellSupport, guidProp))
{
var filter = string.Format("({0}={1})", SyncConfiguration.GetUserNameProp(propertyMappings), username);
using (var entry = SearchADObject(serverEntry, filter, novellSupport, guidProp))
{
if (entry != null)
{
UpdatePortalUserCustomProperties(entry, virtualUser, propertyMappings, syncUserName);
var guid = Common.GetADObjectGuid(entry, guidProp);
if (guid.HasValue)
{
virtualUser["SyncGuid"] = ((Guid)guid).ToString();
success = true;
}
}
}
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
return(success);
}
/* ==================================================================================== Public Methods */
public void CreateNewADUser(User user, string newPath, string passwd)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
var parentPath = RepositoryPath.GetParentPath(newPath);
// get containing synctree
var syncTree = GetSyncTreeContainingPortalPath(parentPath);
if (syncTree == null)
{
// not synced object
return;
}
AdLog.LogPortalObject("Creating new AD user", user.Path);
var parentADPath = syncTree.GetADPath(parentPath);
CreateADUser(syncTree, parentADPath, user, passwd);
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
// domain, orgunit, container (folder)
private void DeletePortalContainer(Node node)
{
try
{
AdLog.LogPortalObject("Deleting portal container (orgunit/domain/folder)", node.Path);
if (Node.Exists(node.Path))
{
// move all underlying users to deleted folder
var users = Common.GetContainerUsers(node);
// delete user nodes
foreach (Node userNode in users)
{
DeletePortalUser(userNode);
}
// delete container node if allowed
if (Common.GetContainerUsers(node).Count() == 0)
{
Node.DeletePhysical(node.Id);
}
else
{
AdLog.LogErrorPortalObject("Portal container cannot be deleted, it contains users!", node.Path);
}
}
}
catch (Exception ex)
{
AdLog.LogErrorADObject(ex.Message, node.Path);
}
}
private void UpdatePortalFolderProperties(DirectoryEntry entry, Node node, SyncTree syncTree)
{
AdLog.LogObjects("Updating portal folder properties", entry.Path, node.Path);
node.Name = Common.GetADObjectName(entry.Name);
// node.Save() nem kell, később mentődik
}
private void UpdatePortalDomainProperties(DirectoryEntry entry, Node node, SyncTree syncTree)
{
AdLog.LogObjects("Updating portal domain properties", entry.Path, node.Path);
node.Name = GetADDomainName(entry);
// node.Save() nem kell, később mentődik
}
private void CreateNewPortalGroup(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree)
{
try
{
AdLog.LogADObject(string.Format("New portal group - creating under {0}", parentPath), entry.Path);
var newGroup = new Group(Node.LoadNode(parentPath));
UpdatePortalGroupProperties(entry, newGroup, syncTree);
Common.UpdateLastSync(newGroup, guid);
//newGroup.Save(); - update lastsync already saves node
if (_portalGroups != null)
{
if (!_portalGroups.ContainsKey(guid.ToString()))
{
_portalGroups.Add(guid.ToString(), newGroup.Id);
}
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
}
private void CreateNewPortalOrgUnit(DirectoryEntry entry, string parentPath, Guid guid, SyncTree syncTree)
{
try
{
AdLog.LogADObject(string.Format("New portal orgunit - creating under {0}", parentPath), entry.Path);
OrganizationalUnit newOu = new OrganizationalUnit(Node.LoadNode(parentPath));
UpdatePortalOrgUnitProperties(entry, newOu, syncTree);
Common.UpdateLastSync(newOu, guid);
//newOu.Save(); - update lastsync already saves node
if (_portalContainers != null)
{
if (!_portalContainers.ContainsKey(guid.ToString()))
{
_portalContainers.Add(guid.ToString(), newOu.Id);
}
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
}
public static bool IsADCustomAuthenticated(string adPath, string loginPropValue, string pwd, string loginProp, string customADAdminAccountName, string customADAdminAccountPwd)
{
if (string.IsNullOrEmpty(adPath))
{
return(false);
}
DirectoryEntry searchRoot = null;
try
{
searchRoot = new DirectoryEntry(adPath);
searchRoot.AuthenticationType = AuthenticationTypes.None;
if (!string.IsNullOrEmpty(customADAdminAccountName))
{
searchRoot.AuthenticationType = AuthenticationTypes.ServerBind;
searchRoot.Username = customADAdminAccountName;
searchRoot.Password = customADAdminAccountPwd;
}
var objSearch = new DirectorySearcher(searchRoot);
objSearch.SearchScope = SearchScope.Subtree;
objSearch.Filter = string.Format("({0}={1})", loginProp, loginPropValue);
var result = objSearch.FindAll();
if (result.Count != 1)
{
AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue);
return(false);
}
var userName = result[0].Path.Substring(adPath.Length + 1);
searchRoot.AuthenticationType = AuthenticationTypes.ServerBind;
searchRoot.Username = userName;
searchRoot.Password = pwd;
result = objSearch.FindAll();
if (result.Count != 1)
{
AdLog.LogErrorPortalObject("Could not find corresponding AD user", loginPropValue);
return(false);
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
return(false);
}
finally
{
if (searchRoot != null)
{
searchRoot.Dispose();
}
}
return(true);
}
private void DeletePortalUsers(SyncTree syncTree)
{
AdLog.LogMainActivity("Deleting portal users", syncTree.ADPath, syncTree.PortalPath);
DeleteObjectsFromAD(syncTree,
ADObjectType.User,
syncTree.AllADUsers,
DeletePortalUser);
}
private void DeletePortalGroups(SyncTree syncTree)
{
AdLog.LogMainActivity("Deleting portal groups", syncTree.ADPath, syncTree.PortalPath);
DeleteObjectsFromAD(syncTree,
ADObjectType.Group,
syncTree.AllADGroups,
DeletePortalGroup);
}
private void DeletePortalContainers(SyncTree syncTree)
{
AdLog.LogMainActivity("Deleting portal containers (domains, orgunits, containers)", syncTree.ADPath, syncTree.PortalPath);
DeleteObjectsFromAD(syncTree,
ADObjectType.AllContainers,
syncTree.AllADContainers,
DeletePortalContainer);
}
private void SyncContainersFromAD(SyncTree syncTree)
{
AdLog.LogMainActivity("Syncing containers (domains, orgunits, containers)", syncTree.ADPath, syncTree.PortalPath);
SyncObjectsFromAD(syncTree,
ADObjectType.AllContainers,
syncTree.AllADContainers,
CreateNewPortalContainer,
UpdatePortalContainerProperties);
}
private void SyncUsersFromAD(SyncTree syncTree)
{
AdLog.LogMainActivity("Syncing users", syncTree.ADPath, syncTree.PortalPath);
SyncObjectsFromAD(syncTree,
ADObjectType.User,
syncTree.AllADUsers,
CreateNewPortalUser,
UpdatePortalUserProperties);
}
private void SyncGroupsFromAD(SyncTree syncTree)
{
AdLog.LogMainActivity("Syncing groups", syncTree.ADPath, syncTree.PortalPath);
SyncObjectsFromAD(syncTree,
ADObjectType.Group,
syncTree.AllADGroups,
CreateNewPortalGroup,
UpdatePortalGroupProperties);
}
// gets directoryentry from AD - custom account CAN BE used and Novell IS supported
public static DirectoryEntry ConnectToAD(string ldapPath, string customADAdminAccountName, string customADAdminAccountPwd, bool novellSupport, string guidProp)
{
var deADConn = new DirectoryEntry(ldapPath);
// use custom login to retrieve AD object
if (!string.IsNullOrEmpty(customADAdminAccountName))
{
deADConn.AuthenticationType = AuthenticationTypes.ServerBind;
deADConn.Username = customADAdminAccountName;
deADConn.Password = customADAdminAccountPwd;
}
Exception exADConnectException = null;
bool bError = false;
for (int i = 0; i < 3; i++)
{
try
{
var oNativeObject = deADConn.NativeObject;
bError = false;
break;
}
catch (Exception ex)
{
bError = true;
exADConnectException = ex;
System.Threading.Thread.Sleep(3000);
}
}
if (bError)
{
AdLog.LogException(exADConnectException);
throw new Exception("Connecting to AD server failed", exADConnectException);
}
// NOVELL - use a searcher to retrieve the objects' GUID
// - directoryentry properties does not include guid when connecting to Novell eDirectory
if (novellSupport)
{
var dsDirSearcher = new DirectorySearcher(deADConn);
var dn = ldapPath.Substring(ldapPath.LastIndexOf("/") + 1);
dsDirSearcher.PropertiesToLoad.Add(guidProp);
dsDirSearcher.SearchScope = SearchScope.Base;
var result = dsDirSearcher.FindOne();
var guid = result.Properties[guidProp][0];
deADConn.Properties[guidProp].Add(guid);
}
return(deADConn);
}
// sync objects from AD to portal
private void SyncObjectsFromAD(SyncTree syncTree,
ADObjectType objType,
SearchResultCollection allADObjects,
Action <DirectoryEntry, string, Guid, SyncTree> CreateNewObject,
Action <DirectoryEntry, Node, SyncTree> UpdateProperties)
{
foreach (SearchResult result in allADObjects)
{
try
{
string nodeADpath = result.Path;
if (syncTree.IsADPathExcluded(nodeADpath))
{
continue;
}
AdLog.LogOuterADObject("Syncing", result.Path);
var guid = Common.GetADResultGuid(result, _config.GuidProp);
if (!guid.HasValue)
{
// no AD guid present for object
AdLog.LogErrorADObject("No AD GUID present", result.Path);
continue;
}
// új objektumok (ou, user, group) felvétele, átmozgatások
// - ha létezik az adott guid-ú objektum -> path ellenőrzés, átmozgatás
// - ha nem létezik, létrehozás
string nodePortalParentPath = syncTree.GetPortalParentPath(nodeADpath);
if (!Node.Exists(nodePortalParentPath))
{
// adpath: OU=OtherOrg,OU=ExampleOrg,DC=Nativ,DC=local
// portalParentPath: "/Root/IMS/NATIV/ExampleOrg"
EnsurePortalPath(syncTree, syncTree.GetADParentObjectPath(result.Path), RepositoryPath.GetParentPath(nodePortalParentPath));
}
SyncOneADObject(result, null,
(Guid)guid,
objType,
nodePortalParentPath,
CreateNewObject,
UpdateProperties,
syncTree);
}
catch (Exception ex)
{
// syncing of one object of the current tree failed
AdLog.LogException(ex);
}
}
}
public static void SetPassword(DirectoryEntry adUser, string password)
{
try
{
adUser.Invoke("SetPassword", new Object[] { password });
}
catch (Exception ex)
{
AdLog.LogException(ex);
}
}
private void DeletePortalGroup(Node node)
{
try
{
AdLog.LogPortalObject("Deleting portal group", node.Path);
node.Delete();
}
catch (Exception ex)
{
AdLog.LogErrorADObject(ex.Message, node.Path);
}
}
// gets members of an AD group and returns the corresponding list of <Guid, ADObjectType> objects
private Dictionary <Guid, ADGroupMember> GetADGroupMembers(DirectoryEntry group, SyncTree syncTree)
{
var members = new Dictionary <Guid, ADGroupMember>();
var memberCount = group.Properties["member"].Count;
AdLog.LogADObject(string.Format("Group contains {0} member(s).", memberCount), group.Path);
for (int i = 0; i < memberCount; i++)
{
string sMemberDN = group.Properties["member"][i].ToString();
var objSyncTree = GetSyncTreeForObject(sMemberDN);
if (objSyncTree == null)
{
AdLog.LogWarning(string.Format("AD group contains an object that is not contained in any of the synctrees, group's synctree will be used to retrieve the object (group: {0}, object: {1})", group.Path, sMemberDN));
objSyncTree = syncTree;
}
using (DirectoryEntry oADMember = objSyncTree.ConnectToObject(sMemberDN))
{
if (oADMember != null)
{
var guid = Common.GetADObjectGuid(oADMember, _config.GuidProp);
if (guid != null)
{
var userNameProp = oADMember.Properties[_config.UserNameProp];
var userNameValue = userNameProp == null ? null : userNameProp.Value;
if (userNameValue == null)
{
AdLog.LogError(string.Format("Property {0} of AD group member \"{1}\" is missing or value is null", _config.UserNameProp, sMemberDN));
continue;
}
members.Add(
((Guid)guid),
new ADGroupMember()
{
objType = Common.GetADObjectType(oADMember, _config.NovellSupport),
Path = oADMember.Path,
SamAccountName = userNameValue.ToString()
});
}
}
else
{
AdLog.LogWarning(string.Format("AD group member could not be retrieved (group: {0}, object: {1})", group.Path, sMemberDN));
}
}
}
return(members);
}
public static void SetPortalObjectGuid(DirectoryEntry entry, Node node, string guidProp)
{
// get guid
var guid = Common.GetADObjectGuid(entry, guidProp);
if (guid.HasValue)
{
Common.UpdateLastSync(node, guid);
}
else
{
AdLog.LogErrorADObject("Created AD object does not have a guid", entry.Path);
}
}
public bool AllowMoveADObject(Node node, string newPath)
{
try
{
// get containing synctree for previous and new path
var newParentPath = RepositoryPath.GetParentPath(newPath);
var newSyncTree = GetSyncTreeContainingPortalPath(newParentPath);
var oldParentPath = RepositoryPath.GetParentPath(node.Path);
var oldSyncTree = GetSyncTreeContainingPortalPath(oldParentPath);
if ((newSyncTree == null) && (oldSyncTree == null))
{
// not synced object
return(true);
}
if (newSyncTree == null)
{
// kikerül szinkronizált tartományból, NEM MEGENGEDETT
return(false);
}
if (oldSyncTree == null)
{
// bekerül szinkronizált tartományba, NEM MEGENGEDETT
return(false);
}
// tartománybeli vagy tartományközi moveolás?
if (newSyncTree.PortalPath != oldSyncTree.PortalPath)
{
// más tartományba mozgatjuk
if (newSyncTree.IPAddress != oldSyncTree.IPAddress)
{
// a szerver sem egyezik meg: NEM MEGENGEDETT
return(false);
}
}
return(true);
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
private void UpdatePortalUserProperties(DirectoryEntry entry, Node node, SyncTree syncTree)
{
AdLog.LogObjects("Updating portal user properties", entry.Path, node.Path);
var user = (IUser)node;
if (_config.SyncEnabledState)
{
user.Enabled = !Common.IsAccountDisabled(entry, _config.NovellSupport);
}
Common.UpdatePortalUserCustomProperties(entry, node, _propertyMappings, _config.SyncUserName);
// node.Save() nem kell, később mentődik
}
public void UpdateADContainer(Node node, string newPath)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
UpdateADObject(node, newPath, null, UpdateADContainerProperties);
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
public void UpdateADUser(User user, string newPath, string passwd)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
UpdateADObject(user, newPath, passwd, UpdateADUserProperties);
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
public void CreateNewADContainer(Node node, string newPath)
{
IUser originalUser = User.Current;
Common.ChangeToAdminAccount();
try
{
var parentPath = RepositoryPath.GetParentPath(newPath);
// get containing synctree
var syncTree = GetSyncTreeContainingPortalPath(newPath);
if (syncTree == null)
{
// not synced object
return;
}
AdLog.LogPortalObject("Creating new AD orgunit/group/container", node.Path);
var parentADPath = syncTree.GetADPath(parentPath);
// create new AD object
var adObjType = Common.GetADObjectType(node.NodeType);
switch (adObjType)
{
case ADObjectType.OrgUnit:
CreateADOrgUnit(syncTree, parentADPath, node);
break;
case ADObjectType.Group:
CreateADGroup(syncTree, parentADPath, node);
break;
case ADObjectType.Container:
CreateADContainer(syncTree, parentADPath, node);
break;
default:
break;
}
}
catch (Exception ex)
{
AdLog.LogException(ex);
throw new Exception(ex.Message, ex);
}
}
