public LdapSaveSyncOperation(LdapSettings settings, Tenant tenant, LdapOperationType operation, LdapLocalization resource = null) : base(settings, tenant, operation, resource) { _ldapChanges = new LdapChangeCollection { Tenant = tenant }; }
public LdapSettings GetLdapSettings() { CheckLdapPermissions(); var settings = LdapSettings.Load(); settings = settings.Clone() as LdapSettings; // clone LdapSettings object for clear password (potencial AscCache.Memory issue) if (settings == null) { return(new LdapSettings().GetDefault() as LdapSettings); } settings.Password = null; settings.PasswordBytes = null; if (settings.IsDefault) { return(settings); } var defaultSettings = settings.GetDefault(); if (settings.Equals(defaultSettings)) { settings.IsDefault = true; } return(settings); }
public async Task SetLdapSettingsAsync(LdapSettings ldapSettings) { if (ldapSettings == null) { throw new ArgumentNullException(nameof(LdapSettings)); } ldapSettings.Password = _dataProtectionService.Encrypt(ldapSettings.Password); var json = JsonConvert.SerializeObject(ldapSettings); var appSettings = await _appSettingsRepository.GetByIdAsync(ServerConstants.Domain); if (appSettings == null) { appSettings = new AppSettings() { Id = ServerConstants.Domain, Value = json }; await _appSettingsRepository.AddAsync(appSettings); } else { appSettings.Value = json; await _appSettingsRepository.UpdateAsync(appSettings); } }
public WindowsStreamSecurityUpgradeAcceptor(WindowsStreamSecurityUpgradeProvider parent) : base(FramingUpgradeString.Negotiate) { _parent = parent; _clientSecurity = new SecurityMessageProperty(); _ldapSettings = parent.LdapSettings; }
public AdDirectoryService(LdapSettings settings, AdOptions adOptions) { // TODO NTBS-1672 run a DNS query that does the foollwing: // dig +short -t srv _ldap._tcp.SP4-0JG._sites.dc._msdcs.phe.gov.uk // dig +short -t srv _ldap._tcp.dc._msdcs.caduceus.local // and pick a dc to request _settings = settings; _adOptions = adOptions; _connection = new LdapConnection(); Log.Information($"Connecting to AD: {settings.AdAddressName}:{settings.Port}"); _connection.Connect(settings.AdAddressName, settings.Port); var withOrWithout = string.IsNullOrEmpty(settings.Password) ? "without" : "with"; Log.Information($"Binding: {settings.UserIdentifier} {withOrWithout} a password"); _connection.Bind(GetDistinguishedName(settings.UserIdentifier), settings.Password); if (_connection.Bound) { Log.Information("Bind completed"); } else { var bindingException = new ApplicationException("Binding to LDAP failed"); Log.Error(bindingException, "Aborting LDAP connection"); throw bindingException; } }
private bool UserExistsInLdapDirectory(LdapSettings ldapSettings, LoginInfo loginInfo) { var userName = loginInfo.UserName != null?loginInfo.UserName.Trim() : loginInfo.Login; var filter = I18NHelper.FormatInvariant("(&(objectCategory={0})({1}={2}))", ldapSettings.GetEffectiveUserObjectCategoryAttribute(), ldapSettings.GetEffectiveAccountNameAttribute(), LdapHelper.EscapeLdapSearchFilter(userName)); try { var found = _authenticator.SearchLdap(ldapSettings, filter); if (found) { return(true); } _log.LogInformation(LogSourceLdap, I18NHelper.FormatInvariant("User '{0}' is not found in LDAP directory {1}", userName, ldapSettings.LdapAuthenticationUrl)); return(false); } catch (Exception ex) { _log.LogInformation(LogSourceLdap, I18NHelper.FormatInvariant("Error while searching a user in LDAP directory {0}", ldapSettings.LdapAuthenticationUrl)); _log.LogError(LogSourceLdap, ex); return(false); } }
public GroupSidClaimCollection(ClaimsIdentity claimsIdentity, LdapSettings ldapSettings) { if (claimsIdentity is WindowsIdentity) { var windowsIdentity = (WindowsIdentity)claimsIdentity; if (windowsIdentity.Token != IntPtr.Zero) { foreach (var groupId in windowsIdentity.Groups) { var group = groupId.Translate(typeof(NTAccount)); string[] domainGroups = group.Value.Split(new char[] { '\\' }); if (domainGroups.Length > 1) { base.Add(new Claim(ClaimTypes.Role, domainGroups[1], Rights.Identity)); } else { base.Add(new Claim(ClaimTypes.Role, group, Rights.Identity)); } } } } else if (ldapSettings != null) { List <Claim> allClaims = LdapAdapter.RetrieveClaimsAsync(ldapSettings, claimsIdentity.Name).GetAwaiter().GetResult(); foreach (Claim roleClaim in allClaims) { base.Add(roleClaim); } } }
public static void RegisterAll() { var task = new Task(() => { var tenants = CoreContext.TenantManager.GetTenants(); foreach (var t in tenants) { var tId = t.TenantId; var cronSettings = LdapCronSettings.LoadForTenant(tId); if (string.IsNullOrEmpty(cronSettings.Cron)) { continue; } if (LdapSettings.LoadForTenant(tId).EnableLdapAuthentication) { RegisterAutoSync(t, cronSettings.Cron); } else { cronSettings.Cron = null; cronSettings.Save(); } } }, TaskCreationOptions.LongRunning); task.Start(); }
private LdapProviderService GetLdapProviderSerivce(LdapSettings settings, PolicyProvider policyProvider) { var logger = new Mock <ILogger>().Object; var ldapConnectionProvider = new LdapConnectionProvider(settings, logger); return(new LdapProviderService(ldapConnectionProvider, logger, policyProvider)); }
static X509Certificate2 Ldap(CertificateSubject certSubject) { LdapSettings settings = ConfigurationHandler.GetConfigurationSection <LdapSettings>(); // Print out info Console.WriteLine(); Console.WriteLine("2. Certificate download"); Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(" Using host"); Console.WriteLine(" " + settings.Host); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(); // Create the LDAP client LdapLookupFactory ldapClientFactory = new LdapLookupFactory(); ICertificateLookup ldapClient = ldapClientFactory.CreateLdapLookupClient(); // Lookup the certificate using LDAP X509Certificate2 certificate = ldapClient.GetCertificate(certSubject); Console.WriteLine(" Downloaded certificate with LDAP:"); Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(" " + certificate.Subject); Console.ForegroundColor = ConsoleColor.White; return(certificate); }
public AdDirectoryServiceFactory( IOptions <LdapSettings> LdapSettings, IOptions <AdOptions> adfsOptions) { _ldapSettings = LdapSettings.Value; _adOptions = adfsOptions.Value; }
/// <summary> /// Initializes an instance of this object. /// </summary> public User() { store = Store.GetStore(); if (store.DefaultDomain == null) { throw new SimiasException(User.missingDomainMessage); } // Is the default domain always the correct domain? domain = store.GetDomain(store.DefaultDomain); if (domain == null) { throw new SimiasException(User.missingDomainMessage); } if (domain.IsType("Enterprise") == false) { throw new SimiasException(User.missingDomainMessage); } ldapSettings = LdapSettings.Get(Store.StorePath); // Make sure the password is set on the admin SetAdminPassword(); }
/// <summary> /// Trys to get the provided attribues on the first found user entry /// </summary> /// <param name="ldapConfig">LDAP configuration</param> public bool TestUserAttributes(LdapSettings ldapConfig) { using DirectoryEntry entry = Connect($"{GetLdapStr(ldapConfig)}/{ldapConfig.LdapUserDN},{ldapConfig.LdapBaseDN}"); return(TestAttributes(entry, ldapConfig.LdapUserFilter, ldapConfig.LdapUserGuidAttr, ldapConfig.LdapUserNameAttr, ldapConfig.LdapUserEmailAttr)); }
public void ChangeHostBehavior(ServiceHostBase host) { var srvCredentials = new CoreWCF.Description.ServiceCredentials(); LdapSettings _ldapSettings = new LdapSettings("yourownserver.mscore.local", "mscore.local", "yourowntoporg"); srvCredentials.WindowsAuthentication.LdapSetting = _ldapSettings; host.Description.Behaviors.Add(srvCredentials); }
public LdapSaveSyncOperation(LdapSettings settings, Tenant tenant, LdapOperationType operation, LdapLocalization resource = null, string userId = null) : base(settings, tenant, operation, resource) { _ldapChanges = new LdapChangeCollection { Tenant = tenant }; _currentUser = userId != null?CoreContext.UserManager.GetUsers(Guid.Parse(userId)) : null; }
protected override void OnInitialized() { AppSettingsService = ScopedServices.GetRequiredService <IAppSettingsService>(); LdapSettings = new LdapSettings() { Host = Host }; }
public UserService(IOptions <EnvironmentSettings> environmentSettings, UserManager <User> userManager, SignInManager <User> signInManager, IOptions <LdapSettings> ldapSettings, IStudentService studentService) { _environmentSettings = environmentSettings.Value; _userManager = userManager; _signInManager = signInManager; _ldapSettings = ldapSettings.Value; _studentService = studentService; }
/// <summary> /// Creates a new <see cref="LdapContext"/>. /// </summary> /// <inheritdoc /> public LdapContext( HttpContext context, AuthenticationScheme scheme, NegotiateOptions options, LdapSettings settings) : base(context, scheme, options) { LdapSettings = settings; }
static TestUtils() { settings = System.Configuration.ConfigurationSettings.GetConfig("LdapSettings") as LdapSettings; if (settings == null) { throw new InvalidOperationException("Invalid Configuration Specified"); } }
public void EnabledWithoutDomainThrows() { var settings = new LdapSettings { EnableLdapClaimResolution = true }; Assert.Throws <ArgumentException>(() => settings.Validate()); }
public ActiveDirectoryAuthProvider( ILogger <ActiveDirectoryAuthProvider> logger, LdapSettings ldapSettings, ILdapAuthRepository ldapAuthRepo) { _logger = logger; _ldapSettings = ldapSettings; _ldapRepo = ldapAuthRepo; }
private void ProcessSearchObjects(LdapConnection conn, LdapSettings settings) { foreach (string searchContext in settings.SearchContexts) { string[] searchAttributes = { "objectClass" }; log.Debug("SearchObject: " + searchContext); try { LdapEntry ldapEntry = conn.Read(searchContext, searchAttributes); LdapAttribute attrObjectClass = ldapEntry.getAttribute("objectClass"); String[] values = attrObjectClass.StringValueArray; if (IsUser(values) == true) { // Process SearchDN as log.Debug("Processing User Object..."); ProcessSearchUser(conn, searchContext, "", ""); } else if (IsGroup(values) == true) { // Process SearchDN as log.Debug("Processing Group Object..."); //ProcessSearchGroup( conn, searchContext ); ProcessSearchContainer(conn, searchContext); } else if (IsContainer(values) == true) { // Process SearchDN as Container log.Debug("Processing Container Object..."); ProcessSearchContainer(conn, searchContext); } else { log.Debug("Invalid objectClass: " + values[0]); log.Debug(attrObjectClass.ToString()); } } catch (SimiasShutdownException s) { log.Error(s.Message); throw s; } catch (LdapException e) { log.Error(e.LdapErrorMessage); log.Error(e.StackTrace); } catch (Exception e) { log.Error(e.Message); log.Error(e.StackTrace); } } }
public ActiveDirectoryAccountServiceTest() { var settings = new LdapSettings(); settings.ServerName = "dir.company.com"; settings.SearchBase = "o=company,c=an"; //settings.Credentials.DomainUserName = "******"; //settings.Credentials.Password = ""; service = new ActiveDirectoryAccountService(settings); }
public void AccountPasswordWithoutAccountNameThrows() { var settings = new LdapSettings { EnableLdapClaimResolution = true, MachineAccountPassword = "******" }; Assert.Throws <ArgumentException>(() => settings.Validate()); }
internal WindowsClaimSet(ClaimsIdentity claimsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone, IList <Claim> _fromClaims, LdapSettings ldapSettings) : this(authenticationType, includeWindowsGroups, expirationTime, clone, _fromClaims) { if (claimsIdentity == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(claimsIdentity)); } _windowsIdentity = (clone && claimsIdentity is WindowsIdentity) ? SecurityUtils.CloneWindowsIdentityIfNecessary((WindowsIdentity)claimsIdentity, authenticationType) : claimsIdentity; _ldapSettings = ldapSettings; }
public NovellLdapHelper(LdapSettings settings) : base(settings) { var password = string.IsNullOrEmpty(settings.Password) ? GetPassword(settings.PasswordBytes) : settings.Password; LDAPSearcher = new NovellLdapSearcher(settings.Login, password, settings.Server, settings.PortNumber, settings.StartTls, settings.Ssl, settings.AcceptCertificate, settings.AcceptCertificateHash); }
/// <summary> /// /// </summary> /// <param name="ldapConfig"></param> /// <param name="appConfig"></param> public UserManager(IOptions <LdapSettings> ldapConfig, IOptions <AppSettings> appConfig) { _ldapconfig = ldapConfig.Value; _appConfig = appConfig.Value; _connection = new LdapConnection { SecureSocketLayer = true }; }
public async Task <IActionResult> TestLDAPAsync([FromForm] LdapSettings ldapConfig) { // Check authorization if (!(await User.IsAdminAsync(_authorizationService))) { return(Unauthorized()); } _logger.LogDebug("Testing LDAP for config: {0}", ldapConfig); int userCount = 0; int groupCount = 0; try { // Combine host, port and protocol to a single string string ldapStr = _ldapService.GetLdapStr(ldapConfig); // Try to connect if (!_ldapService.TestConnection(ldapStr)) { _logger.LogWarning("LDAP connection test failed"); return(Ok(new FailureResponse("Connection test failed: Check hostname and credientials"))); } // Count entries userCount = _ldapService.GetUserCount(ldapConfig); groupCount = _ldapService.GetGroupCount(ldapConfig); // Test user attributes if (userCount > 0 && !_ldapService.TestUserAttributes(ldapConfig)) { _logger.LogWarning("User attribute test failed"); return(Ok(new FailureResponse("User attributes not found"))); } // Test group attributes if (groupCount > 0 && !_ldapService.TestGroupAttrbutes(ldapConfig)) { _logger.LogWarning("Group attribute test failed"); return(Ok(new FailureResponse("Group attributes not found"))); } } catch (Exception e) { _logger.LogWarning(e, "Error while LDAP test"); return(Ok(new ErrorRespose(e))); } // Return success message _logger.LogDebug("LDAP test successfull. Found {0} users and {1} groups.", userCount, groupCount); return(Ok(new StringValueRespose($"Found {userCount} users and {groupCount} groups"))); }
/// <summary> /// Saves new LDAP settings /// </summary> /// <param name="ldapConfig">LDAP configuration</param> public async Task <int> ChangeLdapConfig(LdapSettings ldapConfig) { // AppSettings has only one record var appSettings = _dbContext.AppSettings.First(); // Update config appSettings.LdapConfig = ldapConfig; // Save return(await _dbContext.SaveChangesAsync()); }
/// <summary> /// Fill configuration section with default live values /// </summary> public virtual void SetDefaultLdapConfig() { LdapSettings ldapSettings = ConfigurationHandler.GetConfigurationSection <LdapSettings>(); // Lookup for live OCES certificates ldapSettings.Host = "dir.certifikat.dk"; ldapSettings.Host = "crtdir.certifikat.dk"; ldapSettings.MaxResults = 1; ldapSettings.Port = 389; ldapSettings.ConnectionTimeoutMsec = 5000; ldapSettings.SearchClientTimeoutMsec = 5000; ldapSettings.SearchServerTimeoutMsec = 5000; }