public async Task <LdapAuthenticationMode> UpdateAsync(LdapAuthenticationModeSubmit ldapAuthenticationModeSubmit, Guid updatedById) { LdapAuthenticationModeModel existingAuthenticationMode = await ldapAuthenticationModeRepository.GetByIdAsync(ldapAuthenticationModeSubmit.Uuid); if (existingAuthenticationMode == null) { throw new ItemNotFoundException($"AuthenticationMode with ID '{ldapAuthenticationModeSubmit.Uuid}' not found when attempting to update a authenticationMode using this ID!"); } if (existingAuthenticationMode.Name != ldapAuthenticationModeSubmit.Name) { // Confirm the new name is available LdapAuthenticationModeModel checkExistingNameModel = await ldapAuthenticationModeRepository.GetByNameAsync(ldapAuthenticationModeSubmit.Name, false); if (checkExistingNameModel != null) { throw new ItemNotProcessableException($"AuthenticationMode with name '{ldapAuthenticationModeSubmit.Name}' already exists."); } } existingAuthenticationMode.Name = ldapAuthenticationModeSubmit.Name; existingAuthenticationMode.Account = ldapAuthenticationModeSubmit.Account; existingAuthenticationMode.BaseDn = ldapAuthenticationModeSubmit.BaseDn; existingAuthenticationMode.HostName = ldapAuthenticationModeSubmit.HostName; existingAuthenticationMode.IsLdaps = ldapAuthenticationModeSubmit.IsLdaps; existingAuthenticationMode.Password = ldapAuthenticationModeSubmit.Password; existingAuthenticationMode.Port = ldapAuthenticationModeSubmit.Port; existingAuthenticationMode.ChangedBy = updatedById; existingAuthenticationMode.LdapAttributes = mapper.Map <List <LdapAuthenticationModeLdapAttributeModel> >(ldapAuthenticationModeSubmit.LdapAttributes); return(mapper.Map <LdapAuthenticationMode>(await ldapAuthenticationModeRepository.UpdateAsync(existingAuthenticationMode))); }
public bool TestLdapSettings(LdapAuthenticationModeModel ldapAuthenticationModeModel, ref List <string> returnMessages) { try { logger.Info($"Testing LDAP connection."); var distinguishedName = $"cn={ldapAuthenticationModeModel.Account},{ldapAuthenticationModeModel.BaseDn}"; logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationModeModel.HostName}', Port '{ldapAuthenticationModeModel.Port}'"); ldapConnectionClient.Connect(ldapAuthenticationModeModel.HostName, ldapAuthenticationModeModel.Port); logger.Info($"Attempting to bind with DN '{distinguishedName}'"); ldapConnectionClient.Bind(distinguishedName, ldapAuthenticationModeModel.Password); if (ldapAuthenticationModeModel.LdapAttributes != null && ldapAuthenticationModeModel.LdapAttributes.Count > 0) { returnMessages.AddRange(TestLdapAttributes(ldapAuthenticationModeModel)); } return(true); } catch (LdapException lEx) { logger.Error(lEx.Message, lEx); returnMessages.Add(lEx.Message); return(false); } catch (Exception ex) { string message = "Generic error during LDAP connection test."; logger.Error(ex, message); returnMessages.Add(message); return(false); } }
private List <string> TestLdapAttributes(LdapAuthenticationModeModel ldapAuthenticationModeModel) { var resultMessages = new List <string>(); try { string searchBase = $"{ldapAuthenticationModeModel.BaseDn}"; string searchFilter = $"(cn = {ldapAuthenticationModeModel.Account})"; var ldapSearchResults = ldapConnectionClient.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, null, false); while (ldapSearchResults.hasMore()) { try { var ldapEntry = ldapSearchResults.next(); ProcessLdapSearchResult(ldapEntry, ldapAuthenticationModeModel, resultMessages); } catch (LdapException ex) { logger.Warn("Warning on LDAP search: " + ex.LdapErrorMessage); } } } catch { throw new LdapException("Error verifying LDAP attributes.", LdapException.NO_SUCH_ATTRIBUTE, string.Empty); } return(resultMessages); }
public async Task <LdapAuthenticationModeModel> CreateAsync(LdapAuthenticationModeModel ldapAuthenticationMode) { string password = ldapAuthenticationMode.Password; ldapAuthenticationMode.Password = string.Empty; a3SContext.LdapAuthenticationMode.Add(ldapAuthenticationMode); await a3SContext.SaveChangesAsync(); // Now store encrypted password await StoreEncryptedPassword(ldapAuthenticationMode.Id, password); return(ldapAuthenticationMode); }
private async Task ApplyIndividualDefaultLdapAuthMode(SecurityContractDefaultConfigurationLdapAuthMode defaultLdapAuthMode, Guid updatedById) { logger.Debug($"Operating on default ldap auth mode '{defaultLdapAuthMode.Name}'."); var defaultLdapAuthToApply = new LdapAuthenticationModeModel(); bool newLdapAuthMode = false; var existingLdapAuthMode = await ldapAuthenticationModeRepository.GetByNameAsync(defaultLdapAuthMode.Name, false); if (existingLdapAuthMode != null) { logger.Debug($"Default LDAP Auth Mode: '{defaultLdapAuthMode.Name}' already exist. Updating it."); defaultLdapAuthToApply = existingLdapAuthMode; } else { logger.Debug($"Default LDAP Auth Mode: '{defaultLdapAuthMode.Name}' does not exist. Creating it."); newLdapAuthMode = true; } // Map the base components. defaultLdapAuthToApply.Name = defaultLdapAuthMode.Name; defaultLdapAuthToApply.HostName = defaultLdapAuthMode.HostName; defaultLdapAuthToApply.Port = defaultLdapAuthMode.Port; defaultLdapAuthToApply.IsLdaps = defaultLdapAuthMode.IsLdaps; defaultLdapAuthToApply.Account = defaultLdapAuthMode.Account; defaultLdapAuthToApply.Password = string.Empty; defaultLdapAuthToApply.BaseDn = defaultLdapAuthMode.BaseDn; defaultLdapAuthToApply.ChangedBy = updatedById; defaultLdapAuthToApply.LdapAttributes = new List <LdapAuthenticationModeLdapAttributeModel>(); foreach (var attributeToApply in defaultLdapAuthMode.LdapAttributes) { defaultLdapAuthToApply.LdapAttributes.Add(new LdapAuthenticationModeLdapAttributeModel() { UserField = attributeToApply.UserField, LdapField = attributeToApply.LdapField }); } if (newLdapAuthMode) { logger.Debug($"Persisting new Ldap Auth Mode '{defaultLdapAuthMode.Name}' into the database."); await ldapAuthenticationModeRepository.CreateAsync(defaultLdapAuthToApply); } else { logger.Debug($"Updating existing Ldap Auth Mode '{defaultLdapAuthMode.Name}' into the database."); await ldapAuthenticationModeRepository.UpdateAsync(defaultLdapAuthToApply); } }
public async Task <LdapAuthenticationMode> CreateAsync(LdapAuthenticationModeSubmit ldapAuthenticationModeSubmit, Guid createdById) { LdapAuthenticationModeModel existingAuthenticationMode = await ldapAuthenticationModeRepository.GetByNameAsync(ldapAuthenticationModeSubmit.Name, includePassword : false); if (existingAuthenticationMode != null) { throw new ItemNotProcessableException($"LDAP Authentication Mode with Name '{ldapAuthenticationModeSubmit.Name}' already exist."); } var LdapAuthenticationModeModel = mapper.Map <LdapAuthenticationModeModel>(ldapAuthenticationModeSubmit); LdapAuthenticationModeModel.ChangedBy = createdById; return(mapper.Map <LdapAuthenticationMode>(await ldapAuthenticationModeRepository.CreateAsync(LdapAuthenticationModeModel))); }
public async Task <LdapAuthenticationModeModel> UpdateAsync(LdapAuthenticationModeModel ldapAuthenticationMode) { // Record plain text password and clear from model string password = ldapAuthenticationMode.Password; ldapAuthenticationMode.Password = string.Empty; a3SContext.Entry(ldapAuthenticationMode).State = EntityState.Modified; // Replace Ldap Attribute Links a3SContext.RemoveRange(a3SContext.LdapAuthenticationModeLdapAttribute.Where(x => x.LdapAuthenticationModeId == ldapAuthenticationMode.Id)); await a3SContext.SaveChangesAsync(); // Now store encrypted password await StoreEncryptedPassword(ldapAuthenticationMode.Id, password); return(ldapAuthenticationMode); }
public AuthenticationModeService_Tests() { var config = new MapperConfiguration(cfg => { cfg.AddProfile(new LdapAuthenticationModeResourceLdapAuthenticationModeModelProfile()); }); mapper = config.CreateMapper(); authenticationModeGuid = Guid.NewGuid(); userGuid = Guid.NewGuid(); mockedAuthenticationMode = new LdapAuthenticationModeModel(); mockedAuthenticationMode.Id = authenticationModeGuid; mockedAuthenticationMode.Name = "Test AuthenticationMode Name"; mockedAuthenticationMode.Account = "TestAccount"; mockedAuthenticationMode.BaseDn = "TestBaseDN"; mockedAuthenticationMode.HostName = "TestHostName"; mockedAuthenticationMode.IsLdaps = true; mockedAuthenticationMode.Password = "******"; mockedAuthenticationMode.Port = 389; }
public LdapAuthenticationModeService_Tests() { var config = new MapperConfiguration(cfg => { cfg.AddProfile(new LdapAuthenticationModeResourceLdapAuthenticationModeModelProfile()); cfg.AddProfile(new LdapAuthenticationModeSubmitResourceLdapAuthenticationModeModelProfile()); }); mapper = config.CreateMapper(); authenticationModeGuid = Guid.NewGuid(); mockedAuthenticationMode = new LdapAuthenticationModeModel { Id = authenticationModeGuid, Name = "Test AuthenticationMode Name", Account = "TestAccount", BaseDn = "TestBaseDN", HostName = "TestHostName", IsLdaps = true, Password = "******", Port = 389, Users = new List <UserModel>() { new UserModel(), new UserModel() } }; mockedAuthenticationModeSubmit = new LdapAuthenticationModeSubmit() { Uuid = mockedAuthenticationMode.Id, Name = mockedAuthenticationMode.Name, Account = mockedAuthenticationMode.Account, BaseDn = mockedAuthenticationMode.BaseDn, HostName = mockedAuthenticationMode.HostName, IsLdaps = mockedAuthenticationMode.IsLdaps, Password = mockedAuthenticationMode.Password, Port = mockedAuthenticationMode.Port }; }
private void ProcessLdapSearchResult(LdapEntry ldapEntry, LdapAuthenticationModeModel ldapAuthenticationModeModel, List <string> resultMessages) { var ldapAttributeSet = ldapEntry.getAttributeSet(); var ienum = ldapAttributeSet.GetEnumerator(); var attributeValues = new Dictionary <string, string>(); while (ienum.MoveNext()) { var attribute = (LdapAttribute)ienum.Current; attributeValues.Add(attribute.Name, attribute.StringValue); } foreach (LdapAuthenticationModeLdapAttributeModel attributeMapping in ldapAuthenticationModeModel.LdapAttributes) { var ldapValue = string.Empty; if (!attributeValues.TryGetValue(attributeMapping.LdapField, out ldapValue)) { var message = $"LDAP attribute {attributeMapping.LdapField} not found."; logger.Info(message); resultMessages.Add(message); } } }
private async Task <bool> FindUser(string userName, LdapAuthenticationModeModel ldapAuthenticationMode, string password, bool testLogin, bool syncLdapAttributes) { try { var adminDistinguishedName = $"cn={ldapAuthenticationMode.Account},{ldapAuthenticationMode.BaseDn}"; // Search for user in directory var searchBase = $"{ldapAuthenticationMode.BaseDn}"; var searchFilter = $"(cn = {userName})"; try { logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationMode.HostName}', Port '{ldapAuthenticationMode.Port}'"); ldapConnectionClient.Connect(ldapAuthenticationMode.HostName, ldapAuthenticationMode.Port); logger.Info($"Attempting to bind with DN '{adminDistinguishedName}'"); ldapConnectionClient.Bind(adminDistinguishedName, ldapAuthenticationMode.Password); } catch (Exception ex) { // User not authenticated logger.Error(ex, "LDAP admin account user not authenticated."); return(false); } LdapSearchResults lsc = ldapConnectionClient.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, null, false); while (lsc.hasMore()) { LdapEntry ldapEntry; try { ldapEntry = lsc.next(); } catch (LdapException ex) { logger.Warn("Warning on LDAP search: " + ex.LdapErrorMessage); continue; } // User found, try to log in if (testLogin) { try { logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationMode.HostName}', Port '{ldapAuthenticationMode.Port}'"); ldapTestConnectionClient.Connect(ldapAuthenticationMode.HostName, ldapAuthenticationMode.Port); logger.Info($"Attempting to bind with DN '{ldapEntry.DN}'"); ldapTestConnectionClient.Bind(ldapEntry.DN, password); } catch (Exception ex) { // User not authenticated logger.Error(ex, "LDAP user not authenticated."); return(false); } } // Login successful. Sync attributes if (syncLdapAttributes) { LdapAttributeSet attributeSet = ldapEntry.getAttributeSet(); System.Collections.IEnumerator ienum = attributeSet.GetEnumerator(); var attributeValues = new Dictionary <string, string>(); while (ienum.MoveNext()) { var attribute = (LdapAttribute)ienum.Current; attributeValues.Add(attribute.Name, attribute.StringValue); } await SyncLdapAttributeToUserField(userName, ldapAuthenticationMode.LdapAttributes, attributeValues); } return(true); } // If we reached this point, we were not able authenticate the user return(false); } catch (Exception ex) { logger.Error(ex, "General error during LDAP authentication process."); return(false); } }
public async Task DeleteAsync(LdapAuthenticationModeModel ldapAuthenticationMode) { a3SContext.LdapAuthenticationMode.Remove(ldapAuthenticationMode); await a3SContext.SaveChangesAsync(); }