public List <GroupInfo> GetDiscoveredGroupsByAttributes()
{
if (!_settings.GroupMembership)
{
return(new List <GroupInfo>());
}
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(new List <GroupInfo>());
}
var groups = new List <GroupInfo>();
var groupsToAdd = from g in AllDomainGroups
select new GroupInfo
{
Name = g.InvokeGet(_settings.GroupNameAttribute) as string,
Sid = g.Sid
};
groups.AddRange(groupsToAdd);
return(groups);
}
private LdapObject FindGroupByMember(string member)
{
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(null);
}
return(AllDomainGroups.FirstOrDefault(g =>
g.DistinguishedName.Equals(member, StringComparison.InvariantCultureIgnoreCase)));
}
public List <LdapObject> FindGroupsByAttribute(string key, IEnumerable <string> value, StringComparison comparison = StringComparison.InvariantCultureIgnoreCase)
{
var gr = new List <LdapObject>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(gr);
}
return(AllDomainGroups.Where(g => !g.IsDisabled && value.Any(val => string.Equals(val, (string)g.GetValue(key), comparison))).ToList());
}
private LdapObject FindGroupByMember(string member)
{
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(null);
}
_log.DebugFormat("LdapUserImporter.FindGroupByMember(member: {0})", member);
return(AllDomainGroups.FirstOrDefault(g =>
g.DistinguishedName.Equals(member, StringComparison.InvariantCultureIgnoreCase)));
}
public bool TryLoadLDAPGroups()
{
try
{
if (!Settings.EnableLdapAuthentication || !Settings.GroupMembership)
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var groups = LdapHelper.GetGroups();
foreach (var group in groups)
{
if (string.IsNullOrEmpty(group.Sid))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongSidAttribute);
continue;
}
if (!CheckGroupAttribute(group, Settings.GroupAttribute))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupAttribute);
continue;
}
if (!CheckGroupNameAttribute(group, Settings.GroupNameAttribute))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupNameAttribute);
continue;
}
AllDomainGroups.Add(group);
}
return(AllDomainGroups.Any() || !groups.Any());
}
catch (ArgumentException)
{
_log.ErrorFormat("TryLoadLDAPGroups(): Incorrect group filter. groupFilter = {0}", Settings.GroupFilter);
}
return(false);
}
public bool IsUserExistsInGroups(UserInfo ldapUser)
{
try
{
if (!_settings.GroupMembership)
{
return(false);
}
if (ldapUser == null ||
Equals(ldapUser, Core.Users.Constants.LostUser) ||
string.IsNullOrEmpty(ldapUser.Sid))
{
return(false);
}
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(false);
}
var domainUser = _ldapHelper.GetUserBySid(_settings, ldapUser.Sid);
if (domainUser == null)
{
return(false);
}
var distinguishedName = _ldapHelper.GetUserAttribute(domainUser, _settings.UserAttribute);
foreach (var domainGroup in AllDomainGroups)
{
if (_ldapHelper.UserExistsInGroup(_settings, domainGroup, distinguishedName, _settings.GroupAttribute))
{
return(true);
}
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}", ldapUser.UserName, ldapUser.Sid, ex);
}
}
return(false);
}
public List <GroupInfo> GetDiscoveredGroupsByAttributes()
{
if (!Settings.GroupMembership)
{
return(new List <GroupInfo>());
}
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(new List <GroupInfo>());
}
var groups = new List <GroupInfo>();
var groupsToAdd = AllDomainGroups.ConvertAll(g => g.ToGroupInfo(Settings));
groups.AddRange(groupsToAdd);
return(groups);
}
private List <UserInfo> GetGroupUsers(GroupInfo groupInfo, bool clearCache)
{
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
_log.DebugFormat("LdapUserImporter.GetGroupUsers(Group name: {0})", groupInfo.Name);
var users = new List <UserInfo>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(users);
}
var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid));
if (domainGroup == null)
{
return(users);
}
if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId))
{
// Domain Users found
var ldapUsers = FindUsersByPrimaryGroup();
if (!ldapUsers.Any())
{
return(users);
}
foreach (var ldapUser in ldapUsers)
{
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
else
{
var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log);
if (!members.Any())
{
return(users);
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser == null)
{
var nestedLdapGroup = FindGroupByMember(member);
if (nestedLdapGroup != null)
{
_log.DebugFormat("Found nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName);
if (clearCache)
{
_watchedNestedGroups = new List <string>();
}
if (_watchedNestedGroups.Contains(nestedLdapGroup.DistinguishedName))
{
_log.DebugFormat("Skip already watched nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName);
continue;
}
_watchedNestedGroups.Add(nestedLdapGroup.DistinguishedName);
var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log);
var nestedGroupUsers = GetGroupUsers(nestedGroupInfo, false);
foreach (var groupUser in nestedGroupUsers)
{
if (!users.Exists(u => u.Sid == groupUser.Sid))
{
users.Add(groupUser);
}
}
}
continue;
}
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
return(users);
}
public void SyncUserGroupMembership(UserInfo user)
{
if (user == null ||
!_settings.GroupMembership ||
AllDomainGroups == null ||
!AllDomainGroups.Any() && !TryLoadLDAPGroups() ||
!AllDomainUsers.Any() && !TryLoadLDAPUsers())
{
return;
}
var domainUser = AllDomainUsers.FirstOrDefault(u => u.Sid.Equals(user.Sid));
if (domainUser == null)
{
return;
}
var userAttributeValue = _ldapHelper.GetUserAttribute(domainUser, _settings.UserAttribute);
foreach (var domainGroup in AllDomainGroups)
{
var sid = domainGroup.Sid;
var members = _ldapHelper.GetGroupAttribute(domainGroup, _settings.GroupAttribute);
if (members == null)
{
continue;
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser == null)
{
continue;
}
if (!userAttributeValue.Equals(member, StringComparison.InvariantCultureIgnoreCase))
{
continue;
}
var groupInfo = CoreContext.UserManager.GetGroupInfoBySid(sid);
if (!Equals(groupInfo, Core.Users.Constants.LostGroupInfo))
{
CoreContext.UserManager.AddUserIntoGroup(user.ID, groupInfo.ID);
}
}
}
var primaryGroup = AllDomainGroups.FirstOrDefault(g => g.Sid.EndsWith("-513"));
if (primaryGroup == null)
{
return;
}
var getPrimaryGroup = CoreContext.UserManager.GetGroupInfoBySid(primaryGroup.Sid);
if (!Equals(getPrimaryGroup, Core.Users.Constants.LostGroupInfo))
{
CoreContext.UserManager.AddUserIntoGroup(user.ID, getPrimaryGroup.ID);
}
}
public List <UserInfo> GetGroupUsers(GroupInfo groupInfo)
{
var users = new List <UserInfo>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(users);
}
var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid));
if (domainGroup == null)
{
return(users);
}
if (domainGroup.Sid.EndsWith("-513"))
{
// Domain Users found
//var ldapUsers = _ldapHelper.GetUsersByAttributesAndFilter(_settings, "(&(objectCategory=person)(objectClass=user)(primaryGroupID=513))");
var ldapUsers = _ldapHelper.GetUsersFromPrimaryGroup(_settings, "513");
if (ldapUsers == null)
{
return(users);
}
foreach (var ldapUser in ldapUsers)
{
var userInfo = CreateUserInfo(ldapUser);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
else
{
var members = _ldapHelper.GetGroupAttribute(domainGroup, _settings.GroupAttribute);
if (members == null)
{
return(users);
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser != null)
{
var userInfo = CreateUserInfo(ldapUser);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
}
return(users);
}
public List <UserInfo> GetGroupUsers(GroupInfo groupInfo)
{
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var users = new List <UserInfo>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(users);
}
var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid));
if (domainGroup == null)
{
return(users);
}
if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId))
{
// Domain Users found
var ldapUsers = FindUsersByPrimaryGroup();
if (!ldapUsers.Any())
{
return(users);
}
foreach (var ldapUser in ldapUsers)
{
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
else
{
var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log);
if (!members.Any())
{
return(users);
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser == null)
{
var nestedLdapGroup = FindGroupByMember(member);
if (nestedLdapGroup != null)
{
var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log);
var nestedGroupUsers = GetGroupUsers(nestedGroupInfo);
foreach (var groupUser in nestedGroupUsers)
{
if (!users.Exists(u => u.Sid == groupUser.Sid))
{
users.Add(groupUser);
}
}
}
continue;
}
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
return(users);
}
