/// <summary>
/// Determines if the configuration is valid.
/// </summary>
/// <remarks>See <see cref="Org.IdentityConnectors.Framework.Spi.Configuration"/> for the definition of a valid
/// configuration.</remarks>
/// <exception cref="Org.IdentityConnectors.Framework.Common.Exceptions.ConfigurationException"/>
/// Thrown when the configuration is not valid.</exception>
public override void Validate()
{
var message = new StringBuilder();
Boolean foundError = false;
// can't lookup the schema without the domain name
if ((DomainName == null) || (DomainName.Length == 0))
{
message.Append(ConnectorMessages.Format(
"confReqParam_domainName", "Domain name not supplied "));
foundError = true;
}
if ((DirectoryAdminName == null) || (DirectoryAdminName.Length == 0))
{
message.Append(ConnectorMessages.Format(
"confReqParam_adminName", "Directory administrator name not supplied "));
foundError = true;
}
if ((DirectoryAdminPassword == null) || (DirectoryAdminPassword.Length == 0))
{
message.Append(ConnectorMessages.Format(
"confReqParam_adminPass", "Directory administrator password not supplied "));
foundError = true;
}
if ((ObjectClass == null) || (ObjectClass.Length == 0))
{
message.Append(ConnectorMessages.Format(
"confReqParam_objClass", "ObjectClass was not supplied "));
foundError = true;
}
if (string.IsNullOrEmpty(Container))
{
message.Append(ConnectorMessages.Format(
"confReqParam_Container", "Container was not supplied "));
foundError = true;
}
else
{
if (!ActiveDirectoryUtils.IsValidDn(Container))
{
message.Append(ConnectorMessages.Format(
"confParam_Container_invalid_path", @"Container '{0}' could not be recognized as a distinguished name (DN) ", Container));
foundError = true;
}
}
if (foundError)
{
throw new ConfigurationException(ConnectorMessages.Format(
"ex_ConfigErrors", "Configuration errors: {0}", message.ToString()));
}
}
internal Uid GetUidFromSid(SecurityIdentifier accountSid)
{
string sidString = "<SID=" + accountSid.Value + ">";
DirectoryEntry userDe = new DirectoryEntry(
ActiveDirectoryUtils.GetLDAPPath(_configuration.LDAPHostName, sidString),
_configuration.DirectoryAdminName, _configuration.DirectoryAdminPassword);
return(new Uid(ActiveDirectoryUtils.ConvertUIDBytesToGUIDString(userDe.Guid.ToByteArray())));
}
/// <summary>
/// Finds a DirectoryEntry by it's uid
/// </summary>
/// <param name="serverName"></param>
/// <param name="uid"></param>
/// <param name="adminUserName"></param>
/// <param name="adminPassword"></param>
/// <returns></returns>
internal static DirectoryEntry GetDirectoryEntryFromUid(String serverName,
Uid uid, string adminUserName, string adminPassword)
{
DirectoryEntry foundDirectoryEntry = new DirectoryEntry(
ActiveDirectoryUtils.GetLDAPPath(serverName, uid.GetUidValue()),
adminUserName, adminPassword);
string dn = (string)foundDirectoryEntry.Properties["distinguishedName"][0];
foundDirectoryEntry = new DirectoryEntry(
ActiveDirectoryUtils.GetLDAPPath(serverName, dn),
adminUserName, adminPassword);
return(foundDirectoryEntry);
}
/**
* Get the string representation of an attribute value suitable for
* embedding in an LDAP search filter (RFC 2254 / RFC 4515).
*
* @param builder A string builder on to which a suitably escaped attribute
* value will be appended.
*
* @param value The attribute value to be embedded.
*/
static void GetLdapFilterValue(StringBuilder builder,
String AttributeName, Object value)
{
// at this point, this can probably go away
// it was here to properyly escape queries, but
// it doesn't seem that they need escaping.
if (value == null)
{
return;
}
else
{
builder.Append(ActiveDirectoryUtils.EscapeDnFilter(value.ToString()));
}
}
/// <summary>
/// This does not work ... for now, don't handle container changes
/// </summary>
/// <param name="type"></param>
/// <param name="directoryEntry"></param>
/// <param name="attributes"></param>
/// <param name="config"></param>
private static void HandleContainerChange(UpdateType type,
DirectoryEntry directoryEntry, ICollection <ConnectorAttribute> attributes,
ActiveDirectoryConfiguration config)
{
Name nameAttribute = ConnectorAttributeUtil.GetNameFromAttributes(attributes);
if (nameAttribute == null)
{
// no name, so must not be a container change
return;
}
if (!type.Equals(UpdateType.REPLACE))
{
// this only make sense for replace. you can't
// add a name or delete a name
return;
}
String oldContainer = GetParentDn(directoryEntry.Path);
String newContainer = GetParentDn(nameAttribute.GetNameValue());
if (!NormalizeLdapString(oldContainer).Equals(NormalizeLdapString(newContainer)))
{
if (newContainer != null)
{
try
{
if (!NormalizeLdapString(oldContainer).Equals(
NormalizeLdapString(newContainer)))
{
String newContainerLdapPath = ActiveDirectoryUtils.GetLDAPPath(
config.LDAPHostName, newContainer);
DirectoryEntry newContainerDe = new DirectoryEntry(newContainerLdapPath,
config.DirectoryAdminName, config.DirectoryAdminPassword);
directoryEntry.MoveTo(newContainerDe);
}
}
catch (Exception e)
{
throw e;
}
}
}
}
/// <summary>
/// </summary>
/// <param name="type"></param>
/// <param name="directoryEntry"></param>
/// <param name="attributes"></param>
/// <param name="config"></param>
private static void HandleNameAndContainerChange(UpdateType type,
DirectoryEntry directoryEntry, ICollection <ConnectorAttribute> attributes,
ActiveDirectoryConfiguration config)
{
Name nameAttribute = ConnectorAttributeUtil.GetNameFromAttributes(attributes);
if (nameAttribute == null)
{
// no name, so must not be a container change
return;
}
if (!type.Equals(UpdateType.REPLACE))
{
// this only make sense for replace. you can't
// add a name or delete a name
return;
}
String oldName = directoryEntry.Name;
String newName = GetRelativeName(nameAttribute);
bool nameChanged = !NormalizeLdapString(oldName).Equals(NormalizeLdapString(newName), StringComparison.OrdinalIgnoreCase);
String oldContainer = GetParentDn(directoryEntry.Path);
String newContainer = GetParentDn(nameAttribute.GetNameValue());
bool containerChanged = !NormalizeLdapString(oldContainer).Equals(NormalizeLdapString(newContainer), StringComparison.OrdinalIgnoreCase);
if (!nameChanged && !containerChanged)
{
return;
}
if (nameChanged && !containerChanged) // rename without moving
{
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Renaming {0} to {1}", oldName, newName);
directoryEntry.Rename(newName);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Rename OK");
return;
}
// so this is move with or without rename
// step 1: if WITH rename, we have to rename the entry to a temporary name first
String temporaryName = null;
if (nameChanged)
{
temporaryName = oldName + "-" + RandomStr();
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Renaming {0} to a temporary name of {1}", oldName, temporaryName);
directoryEntry.Rename(temporaryName);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Rename OK");
}
// step 2: do the move
try
{
String newContainerLdapPath = ActiveDirectoryUtils.GetLDAPPath(config.LDAPHostName, newContainer);
DirectoryEntry newContainerDe = new DirectoryEntry(newContainerLdapPath, config.DirectoryAdminName, config.DirectoryAdminPassword);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Moving from {0} to {1} ({2})", oldContainer, newContainer, newContainerLdapPath);
directoryEntry.MoveTo(newContainerDe);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Move OK");
newContainerDe.Dispose();
}
catch (Exception e)
{
LOGGER.TraceEvent(TraceEventType.Information, CAT_DEFAULT, "Exception caught when moving: {0}", e);
if (nameChanged)
{
LOGGER.TraceEvent(TraceEventType.Information, CAT_DEFAULT, "Renaming back from temporary name of {0} to {1}", temporaryName, oldName);
directoryEntry.Rename(oldName);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Rename OK");
}
throw e;
}
// step 3: if WITH rename, then rename from temporary name to the new name
if (nameChanged)
{
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Renaming from temporary name of {0} to a new name of {1}", temporaryName, newName);
directoryEntry.Rename(newName);
LOGGER.TraceEvent(TraceEventType.Verbose, CAT_DEFAULT, "Rename OK");
}
}