public async Task <LdapAuthenticationMode> UpdateAsync(LdapAuthenticationModeSubmit ldapAuthenticationModeSubmit, Guid updatedById)
{
LdapAuthenticationModeModel existingAuthenticationMode = await ldapAuthenticationModeRepository.GetByIdAsync(ldapAuthenticationModeSubmit.Uuid);
if (existingAuthenticationMode == null)
{
throw new ItemNotFoundException($"AuthenticationMode with ID '{ldapAuthenticationModeSubmit.Uuid}' not found when attempting to update a authenticationMode using this ID!");
}
if (existingAuthenticationMode.Name != ldapAuthenticationModeSubmit.Name)
{
// Confirm the new name is available
LdapAuthenticationModeModel checkExistingNameModel = await ldapAuthenticationModeRepository.GetByNameAsync(ldapAuthenticationModeSubmit.Name, false);
if (checkExistingNameModel != null)
{
throw new ItemNotProcessableException($"AuthenticationMode with name '{ldapAuthenticationModeSubmit.Name}' already exists.");
}
}
existingAuthenticationMode.Name = ldapAuthenticationModeSubmit.Name;
existingAuthenticationMode.Account = ldapAuthenticationModeSubmit.Account;
existingAuthenticationMode.BaseDn = ldapAuthenticationModeSubmit.BaseDn;
existingAuthenticationMode.HostName = ldapAuthenticationModeSubmit.HostName;
existingAuthenticationMode.IsLdaps = ldapAuthenticationModeSubmit.IsLdaps;
existingAuthenticationMode.Password = ldapAuthenticationModeSubmit.Password;
existingAuthenticationMode.Port = ldapAuthenticationModeSubmit.Port;
existingAuthenticationMode.ChangedBy = updatedById;
existingAuthenticationMode.LdapAttributes = mapper.Map <List <LdapAuthenticationModeLdapAttributeModel> >(ldapAuthenticationModeSubmit.LdapAttributes);
return(mapper.Map <LdapAuthenticationMode>(await ldapAuthenticationModeRepository.UpdateAsync(existingAuthenticationMode)));
}
public bool TestLdapSettings(LdapAuthenticationModeModel ldapAuthenticationModeModel, ref List <string> returnMessages)
{
try
{
logger.Info($"Testing LDAP connection.");
var distinguishedName = $"cn={ldapAuthenticationModeModel.Account},{ldapAuthenticationModeModel.BaseDn}";
logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationModeModel.HostName}', Port '{ldapAuthenticationModeModel.Port}'");
ldapConnectionClient.Connect(ldapAuthenticationModeModel.HostName, ldapAuthenticationModeModel.Port);
logger.Info($"Attempting to bind with DN '{distinguishedName}'");
ldapConnectionClient.Bind(distinguishedName, ldapAuthenticationModeModel.Password);
if (ldapAuthenticationModeModel.LdapAttributes != null && ldapAuthenticationModeModel.LdapAttributes.Count > 0)
{
returnMessages.AddRange(TestLdapAttributes(ldapAuthenticationModeModel));
}
return(true);
}
catch (LdapException lEx)
{
logger.Error(lEx.Message, lEx);
returnMessages.Add(lEx.Message);
return(false);
}
catch (Exception ex)
{
string message = "Generic error during LDAP connection test.";
logger.Error(ex, message);
returnMessages.Add(message);
return(false);
}
}
private List <string> TestLdapAttributes(LdapAuthenticationModeModel ldapAuthenticationModeModel)
{
var resultMessages = new List <string>();
try
{
string searchBase = $"{ldapAuthenticationModeModel.BaseDn}";
string searchFilter = $"(cn = {ldapAuthenticationModeModel.Account})";
var ldapSearchResults = ldapConnectionClient.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, null, false);
while (ldapSearchResults.hasMore())
{
try
{
var ldapEntry = ldapSearchResults.next();
ProcessLdapSearchResult(ldapEntry, ldapAuthenticationModeModel, resultMessages);
}
catch (LdapException ex)
{
logger.Warn("Warning on LDAP search: " + ex.LdapErrorMessage);
}
}
}
catch
{
throw new LdapException("Error verifying LDAP attributes.", LdapException.NO_SUCH_ATTRIBUTE, string.Empty);
}
return(resultMessages);
}
public async Task <LdapAuthenticationModeModel> CreateAsync(LdapAuthenticationModeModel ldapAuthenticationMode)
{
string password = ldapAuthenticationMode.Password;
ldapAuthenticationMode.Password = string.Empty;
a3SContext.LdapAuthenticationMode.Add(ldapAuthenticationMode);
await a3SContext.SaveChangesAsync();
// Now store encrypted password
await StoreEncryptedPassword(ldapAuthenticationMode.Id, password);
return(ldapAuthenticationMode);
}
private async Task ApplyIndividualDefaultLdapAuthMode(SecurityContractDefaultConfigurationLdapAuthMode defaultLdapAuthMode, Guid updatedById)
{
logger.Debug($"Operating on default ldap auth mode '{defaultLdapAuthMode.Name}'.");
var defaultLdapAuthToApply = new LdapAuthenticationModeModel();
bool newLdapAuthMode = false;
var existingLdapAuthMode = await ldapAuthenticationModeRepository.GetByNameAsync(defaultLdapAuthMode.Name, false);
if (existingLdapAuthMode != null)
{
logger.Debug($"Default LDAP Auth Mode: '{defaultLdapAuthMode.Name}' already exist. Updating it.");
defaultLdapAuthToApply = existingLdapAuthMode;
}
else
{
logger.Debug($"Default LDAP Auth Mode: '{defaultLdapAuthMode.Name}' does not exist. Creating it.");
newLdapAuthMode = true;
}
// Map the base components.
defaultLdapAuthToApply.Name = defaultLdapAuthMode.Name;
defaultLdapAuthToApply.HostName = defaultLdapAuthMode.HostName;
defaultLdapAuthToApply.Port = defaultLdapAuthMode.Port;
defaultLdapAuthToApply.IsLdaps = defaultLdapAuthMode.IsLdaps;
defaultLdapAuthToApply.Account = defaultLdapAuthMode.Account;
defaultLdapAuthToApply.Password = string.Empty;
defaultLdapAuthToApply.BaseDn = defaultLdapAuthMode.BaseDn;
defaultLdapAuthToApply.ChangedBy = updatedById;
defaultLdapAuthToApply.LdapAttributes = new List <LdapAuthenticationModeLdapAttributeModel>();
foreach (var attributeToApply in defaultLdapAuthMode.LdapAttributes)
{
defaultLdapAuthToApply.LdapAttributes.Add(new LdapAuthenticationModeLdapAttributeModel()
{
UserField = attributeToApply.UserField,
LdapField = attributeToApply.LdapField
});
}
if (newLdapAuthMode)
{
logger.Debug($"Persisting new Ldap Auth Mode '{defaultLdapAuthMode.Name}' into the database.");
await ldapAuthenticationModeRepository.CreateAsync(defaultLdapAuthToApply);
}
else
{
logger.Debug($"Updating existing Ldap Auth Mode '{defaultLdapAuthMode.Name}' into the database.");
await ldapAuthenticationModeRepository.UpdateAsync(defaultLdapAuthToApply);
}
}
public async Task <LdapAuthenticationMode> CreateAsync(LdapAuthenticationModeSubmit ldapAuthenticationModeSubmit, Guid createdById)
{
LdapAuthenticationModeModel existingAuthenticationMode = await ldapAuthenticationModeRepository.GetByNameAsync(ldapAuthenticationModeSubmit.Name, includePassword : false);
if (existingAuthenticationMode != null)
{
throw new ItemNotProcessableException($"LDAP Authentication Mode with Name '{ldapAuthenticationModeSubmit.Name}' already exist.");
}
var LdapAuthenticationModeModel = mapper.Map <LdapAuthenticationModeModel>(ldapAuthenticationModeSubmit);
LdapAuthenticationModeModel.ChangedBy = createdById;
return(mapper.Map <LdapAuthenticationMode>(await ldapAuthenticationModeRepository.CreateAsync(LdapAuthenticationModeModel)));
}
public async Task <LdapAuthenticationModeModel> UpdateAsync(LdapAuthenticationModeModel ldapAuthenticationMode)
{
// Record plain text password and clear from model
string password = ldapAuthenticationMode.Password;
ldapAuthenticationMode.Password = string.Empty;
a3SContext.Entry(ldapAuthenticationMode).State = EntityState.Modified;
// Replace Ldap Attribute Links
a3SContext.RemoveRange(a3SContext.LdapAuthenticationModeLdapAttribute.Where(x => x.LdapAuthenticationModeId == ldapAuthenticationMode.Id));
await a3SContext.SaveChangesAsync();
// Now store encrypted password
await StoreEncryptedPassword(ldapAuthenticationMode.Id, password);
return(ldapAuthenticationMode);
}
public AuthenticationModeService_Tests()
{
var config = new MapperConfiguration(cfg =>
{
cfg.AddProfile(new LdapAuthenticationModeResourceLdapAuthenticationModeModelProfile());
});
mapper = config.CreateMapper();
authenticationModeGuid = Guid.NewGuid();
userGuid = Guid.NewGuid();
mockedAuthenticationMode = new LdapAuthenticationModeModel();
mockedAuthenticationMode.Id = authenticationModeGuid;
mockedAuthenticationMode.Name = "Test AuthenticationMode Name";
mockedAuthenticationMode.Account = "TestAccount";
mockedAuthenticationMode.BaseDn = "TestBaseDN";
mockedAuthenticationMode.HostName = "TestHostName";
mockedAuthenticationMode.IsLdaps = true;
mockedAuthenticationMode.Password = "******";
mockedAuthenticationMode.Port = 389;
}
public LdapAuthenticationModeService_Tests()
{
var config = new MapperConfiguration(cfg =>
{
cfg.AddProfile(new LdapAuthenticationModeResourceLdapAuthenticationModeModelProfile());
cfg.AddProfile(new LdapAuthenticationModeSubmitResourceLdapAuthenticationModeModelProfile());
});
mapper = config.CreateMapper();
authenticationModeGuid = Guid.NewGuid();
mockedAuthenticationMode = new LdapAuthenticationModeModel
{
Id = authenticationModeGuid,
Name = "Test AuthenticationMode Name",
Account = "TestAccount",
BaseDn = "TestBaseDN",
HostName = "TestHostName",
IsLdaps = true,
Password = "******",
Port = 389,
Users = new List <UserModel>()
{
new UserModel(),
new UserModel()
}
};
mockedAuthenticationModeSubmit = new LdapAuthenticationModeSubmit()
{
Uuid = mockedAuthenticationMode.Id,
Name = mockedAuthenticationMode.Name,
Account = mockedAuthenticationMode.Account,
BaseDn = mockedAuthenticationMode.BaseDn,
HostName = mockedAuthenticationMode.HostName,
IsLdaps = mockedAuthenticationMode.IsLdaps,
Password = mockedAuthenticationMode.Password,
Port = mockedAuthenticationMode.Port
};
}
private void ProcessLdapSearchResult(LdapEntry ldapEntry, LdapAuthenticationModeModel ldapAuthenticationModeModel, List <string> resultMessages)
{
var ldapAttributeSet = ldapEntry.getAttributeSet();
var ienum = ldapAttributeSet.GetEnumerator();
var attributeValues = new Dictionary <string, string>();
while (ienum.MoveNext())
{
var attribute = (LdapAttribute)ienum.Current;
attributeValues.Add(attribute.Name, attribute.StringValue);
}
foreach (LdapAuthenticationModeLdapAttributeModel attributeMapping in ldapAuthenticationModeModel.LdapAttributes)
{
var ldapValue = string.Empty;
if (!attributeValues.TryGetValue(attributeMapping.LdapField, out ldapValue))
{
var message = $"LDAP attribute {attributeMapping.LdapField} not found.";
logger.Info(message);
resultMessages.Add(message);
}
}
}
private async Task <bool> FindUser(string userName, LdapAuthenticationModeModel ldapAuthenticationMode, string password, bool testLogin, bool syncLdapAttributes)
{
try
{
var adminDistinguishedName = $"cn={ldapAuthenticationMode.Account},{ldapAuthenticationMode.BaseDn}";
// Search for user in directory
var searchBase = $"{ldapAuthenticationMode.BaseDn}";
var searchFilter = $"(cn = {userName})";
try
{
logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationMode.HostName}', Port '{ldapAuthenticationMode.Port}'");
ldapConnectionClient.Connect(ldapAuthenticationMode.HostName, ldapAuthenticationMode.Port);
logger.Info($"Attempting to bind with DN '{adminDistinguishedName}'");
ldapConnectionClient.Bind(adminDistinguishedName, ldapAuthenticationMode.Password);
}
catch (Exception ex)
{
// User not authenticated
logger.Error(ex, "LDAP admin account user not authenticated.");
return(false);
}
LdapSearchResults lsc = ldapConnectionClient.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, null, false);
while (lsc.hasMore())
{
LdapEntry ldapEntry;
try
{
ldapEntry = lsc.next();
}
catch (LdapException ex)
{
logger.Warn("Warning on LDAP search: " + ex.LdapErrorMessage);
continue;
}
// User found, try to log in
if (testLogin)
{
try
{
logger.Info($"Attempting to connect to LDAP connection. Hostname '{ldapAuthenticationMode.HostName}', Port '{ldapAuthenticationMode.Port}'");
ldapTestConnectionClient.Connect(ldapAuthenticationMode.HostName, ldapAuthenticationMode.Port);
logger.Info($"Attempting to bind with DN '{ldapEntry.DN}'");
ldapTestConnectionClient.Bind(ldapEntry.DN, password);
}
catch (Exception ex)
{
// User not authenticated
logger.Error(ex, "LDAP user not authenticated.");
return(false);
}
}
// Login successful. Sync attributes
if (syncLdapAttributes)
{
LdapAttributeSet attributeSet = ldapEntry.getAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
var attributeValues = new Dictionary <string, string>();
while (ienum.MoveNext())
{
var attribute = (LdapAttribute)ienum.Current;
attributeValues.Add(attribute.Name, attribute.StringValue);
}
await SyncLdapAttributeToUserField(userName, ldapAuthenticationMode.LdapAttributes, attributeValues);
}
return(true);
}
// If we reached this point, we were not able authenticate the user
return(false);
}
catch (Exception ex)
{
logger.Error(ex, "General error during LDAP authentication process.");
return(false);
}
}
public async Task DeleteAsync(LdapAuthenticationModeModel ldapAuthenticationMode)
{
a3SContext.LdapAuthenticationMode.Remove(ldapAuthenticationMode);
await a3SContext.SaveChangesAsync();
}
