private bool IsValidGroup(LdapConnection connection, LdapIdentity domain, string groupName, out LdapIdentity validatedGroup) { validatedGroup = null; var group = LdapIdentity.ParseGroup(groupName); var searchFilter = $"(&(objectCategory=group)({group.TypeName}={group.Name}))"; var response = Query(connection, domain.Name, searchFilter, SearchScope.Subtree); for (var i = 0; i < response.Entries.Count; i++) { var entry = response.Entries[i]; var baseDn = LdapIdentity.BaseDn(entry.DistinguishedName); if (baseDn.Name == domain.Name) //only from user domain { validatedGroup = new LdapIdentity { Name = entry.DistinguishedName, Type = IdentityType.DistinguishedName }; return(true); } } return(false); }
protected override bool IsMemberOf(LdapConnection connection, LdapIdentity domain, LdapIdentity user, LdapProfile profile, string groupName) { var isValidGroup = IsValidGroup(connection, domain, groupName, out var group); if (!isValidGroup) { _logger.Warning($"Security group '{groupName}' not exists in {domain.Name}"); return(false); } var searchFilter = $"(&({Names.Identity(user)}={user.Name})(memberOf:1.2.840.113556.1.4.1941:={group.Name}))"; var response = Query(connection, domain.Name, searchFilter, LdapSearchScope.LDAP_SCOPE_SUB, "DistinguishedName"); return(response.Any()); }