/// <summary>
/// Returns a connected/authenticated ldapclient. Authentication info either comes from
/// the standard authentication header or from local configuration.
/// Default scope and domain controller IP/Host must be in service configuration.
/// </summary>
/// <param name="requireHeaderAuth">Will only accept authenticate from request header</param>
/// <returns></returns>
private LdapClient GetLdapClient(DreamContext context, DreamMessage request, bool requireAuth)
{
string authuser = string.Empty;
string authpassword = string.Empty;
HttpUtil.GetAuthentication(context.Uri.ToUri(), request.Headers, out authuser, out authpassword);
if (_config.VerboseLogging)
{
LogUtils.LogTrace(_log, context.Feature.VerbSignature, string.Format("Performing LDAP lookup uri: '{0}' username: '******' pw: '{2}'", context.Feature.VerbSignature, authuser, authpassword));
}
if (string.IsNullOrEmpty(authuser) && requireAuth)
{
throw new DreamAbortException(DreamMessage.AccessDenied(AuthenticationRealm, "Provide credentials to authenticate with ldap"));
}
LdapClient ldap = new LdapClient(_config, authuser, authpassword, _log);
ldap.TimeLimit = context.GetParam <int>("timelimit", _config.LdapTimeOut);
if (requireAuth)
{
bool authenticated = ldap.Authenticate();
if (!authenticated)
{
string msg = string.Format("Invalid LDAP username or password. Login DN used: '{0}'", ldap.BuildBindDn(authuser));
throw new DreamAbortException(DreamMessage.AccessDenied(AuthenticationRealm, msg));
}
}
return(ldap);
}
public Yield GetUserInfo(DreamContext context, DreamMessage request, Result <DreamMessage> response)
{
string username = context.GetParam("username");
LdapClient ldap = GetLdapClient(context, request, false);
XDoc userXml = ldap.GetUserInfo(true, 3, username);
if (userXml == null)
{
response.Return(DreamMessage.NotFound(string.Format("User '{0}' not found. Search query used: '{1}'", username, ldap.BuildUserSearchQuery(username))));
}
else
{
response.Return(DreamMessage.Ok(userXml));
}
yield break;
}
public Yield GetGroups(DreamContext context, DreamMessage request, Result <DreamMessage> response)
{
string output = context.GetParam("output", "brief").Trim();
LdapClient ldap = GetLdapClient(context, request, false);
XDoc groupXml = ldap.GetGroupInfo(StringUtil.EqualsInvariant(output, "verbose"), 3, null);
if (groupXml == null)
{
response.Return(DreamMessage.NotFound("No groups found"));
}
else
{
response.Return(DreamMessage.Ok(groupXml));
}
yield break;
}
public Yield UserLogin(DreamContext context, DreamMessage request, Result <DreamMessage> response)
{
//This will attempt to bind to ldap with credentials from http header.
//Non authentication exceptions will be returned to user.
//Authentication failure will result in a DreamMessage.AccessDenied response
LdapClient ldapClient = GetLdapClient(context, request, true);
XDoc userXml = ldapClient.GetUserInfo(true, 3, ldapClient.UserName);
if (userXml == null)
{
response.Return(DreamMessage.NotFound(string.Format("User '{0}' not found. Search query used: '{1}'", ldapClient.UserName, ldapClient.BuildUserSearchQuery(ldapClient.UserName))));
}
else
{
response.Return(DreamMessage.Ok(userXml));
}
yield break;
}
/// <summary>
/// Returns a connected/authenticated ldapclient. Authentication info either comes from
/// the standard authentication header or from local configuration.
/// Default scope and domain controller IP/Host must be in service configuration.
/// </summary>
/// <param name="requireHeaderAuth">Will only accept authenticate from request header</param>
/// <returns></returns>
private LdapClient GetLdapClient(DreamContext context, DreamMessage request, bool requireAuth) {
string authuser = string.Empty;
string authpassword = string.Empty;
HttpUtil.GetAuthentication(context.Uri.ToUri(), request.Headers, out authuser, out authpassword);
if (_config.VerboseLogging) {
_log.DebugMethodCall(context.Feature.VerbSignature, string.Format("Performing LDAP lookup uri: '{0}' username: '******' pw: '{2}'", context.Feature.VerbSignature, authuser, authpassword));
}
if (string.IsNullOrEmpty(authuser) && requireAuth)
throw new DreamAbortException(DreamMessage.AccessDenied(AuthenticationRealm, "Provide credentials to authenticate with ldap"));
LdapClient ldap = new LdapClient(_config, authuser, authpassword, _log);
ldap.TimeLimit = context.GetParam<int>("timelimit", _config.LdapTimeOut);
if (requireAuth) {
bool authenticated = ldap.Authenticate();
if (!authenticated) {
string msg = string.Format("Invalid LDAP username or password. Login DN used: '{0}'", ldap.BuildBindDn(authuser));
throw new DreamAbortException(DreamMessage.AccessDenied(AuthenticationRealm, msg));
}
}
return ldap;
}
