public static void PerformUpdate(RoleCatalogueStub roleCatalogueStub, ADStub adStub)
{
foreach (string map in systemMap)
{
string[] tokens = map.Split(';');
if (tokens.Length != 2)
{
log.Warn("Invalid entry in ItSystemGroup update: " + map);
continue;
}
string itSystemId = tokens[0];
string groupDn = tokens[1];
List <string> users = roleCatalogueStub.GetUsersInItSystem(itSystemId);
if (users == null)
{
log.Warn("Unable to get users from role catalogue: " + itSystemId);
continue;
}
List <string> members = adStub.GetGroupMembers(groupDn);
if (members == null)
{
log.Warn("Unable to get members from group: " + groupDn);
continue;
}
// to add
foreach (string user in users)
{
bool found = false;
foreach (string member in members)
{
if (string.Equals(user, member, System.StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
if (!found)
{
adStub.AddMember(groupDn, user);
}
}
// to remove
foreach (string member in members)
{
bool found = false;
foreach (string user in users)
{
if (string.Equals(user, member, System.StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
if (!found)
{
adStub.RemoveMember(groupDn, member);
}
}
}
}
public static void SynchronizeGroupMemberships(RoleCatalogueStub roleCatalogueStub, ADStub adStub)
{
// retrieve any changes from role catalogue
var syncData = roleCatalogueStub.GetSyncData();
// if we have changes, perform update
if (syncData.head > 0)
{
log.Info("Found potental AD group membership changes on " + syncData.assignments.Count + " group(s)");
foreach (var assignment in syncData.assignments)
{
try
{
int added = 0;
int removed = 0;
// all members are in lower-case, for easy comparison
var adGroupMembers = adStub.GetGroupMembers(assignment.groupName);
if (adGroupMembers == null)
{
log.Warn("Unable to get members for: " + assignment.groupName);
continue;
}
log.Info("Found " + adGroupMembers.Count + " existing members of " + assignment.groupName + " with expected end-result being " + assignment.samaccountNames.Count + " members");
foreach (var userId in assignment.samaccountNames)
{
if (!adGroupMembers.Contains(userId))
{
adStub.AddMember(assignment.groupName, userId);
added++;
}
}
foreach (var userId in adGroupMembers)
{
if (!assignment.samaccountNames.Contains(userId))
{
if (!ignoreUsersWithoutCpr || adStub.HasCpr(userId))
{
adStub.RemoveMember(assignment.groupName, userId);
removed++;
}
else
{
log.Info("Did not remove " + userId + " from " + assignment.groupName + " because it was a non-cpr user");
}
}
}
log.Info("Added " + added + " new group memberships, and removed " + removed + " group memberships from group: " + assignment.groupName);
}
catch (System.Exception ex)
{
log.Error("Failed to update group: " + assignment.groupName + ". Cause: " + ex.Message);
}
}
// inform rolecatalogue that we are done sync'ing
roleCatalogueStub.ResetHead(syncData.head);
}
}
public static void PerformUpdate(RoleCatalogueStub roleCatalogueStub, ADStub adStub)
{
foreach (string map in systemMap)
{
string[] tokens = map.Split(';');
if (tokens.Length != 2)
{
log.Warn("Invalid entry in ItSystemGroup update: " + map);
continue;
}
string itSystemId = tokens[0];
string ouDn = tokens[1];
var allGroups = adStub.GetAllGroups(ouDn);
ItSystemData itSystemData = roleCatalogueStub.GetItSystemData(itSystemId);
if (itSystemData == null)
{
log.Warn("Got no it-system from role catalogue: " + itSystemId);
continue;
}
// find to remove (or potentially update)
for (int i = itSystemData.systemRoles.Count - 1; i >= 0; i--)
{
bool found = false;
var systemRole = itSystemData.systemRoles[i];
systemRole.users = new List <string>();
foreach (var group in allGroups)
{
// update scenario
if (group.Uuid.Equals(systemRole.identifier))
{
found = true;
List <string> members = adStub.GetGroupMembers(group.Name);
if (members != null)
{
foreach (var member in members)
{
systemRole.users.Add(member);
}
}
systemRole.name = group.Name;
break;
}
}
// delete scenario
if (!found)
{
log.Info("Removing " + itSystemData.systemRoles[i].name + " from " + itSystemData.name);
itSystemData.systemRoles.RemoveAt(i);
}
}
// find to create
foreach (var group in allGroups)
{
bool found = false;
foreach (var role in itSystemData.systemRoles)
{
if (group.Uuid.Equals(role.identifier))
{
found = true;
break;
}
}
if (!found)
{
SystemRole systemRole = new SystemRole();
systemRole.description = "";
systemRole.identifier = group.Uuid;
systemRole.name = group.Name;
systemRole.users = new List <string>();
List <string> members = adStub.GetGroupMembers(group.Name);
if (members != null)
{
foreach (var member in members)
{
systemRole.users.Add(member);
}
}
itSystemData.systemRoles.Add(systemRole);
log.Info("Adding " + group.Name + " to " + itSystemData.name);
}
}
log.Info("Updating " + itSystemData.name);
itSystemData.@readonly = true;
itSystemData.convertRolesEnabled = true;
roleCatalogueStub.SetItSystemData(itSystemId, itSystemData);
}
}
public static void SyncGroupsToRoleCatalogue(RoleCatalogueStub roleCatalogueStub, ADStub adStub)
{
foreach (string ou in ous)
{
string[] tokens = ou.Split(';');
if (tokens.Length != 2)
{
log.Warn("Invalid OU in backsync: " + ou);
continue;
}
string itSystemId = tokens[0];
string ouDn = tokens[1];
var groups = adStub.GetAllGroups(ouDn);
if (groups == null)
{
log.Warn("Got 0 groups from OU: " + ouDn);
continue;
}
ItSystemData itSystemData = roleCatalogueStub.GetItSystemData(itSystemId);
if (itSystemData == null)
{
log.Warn("Got no it-system from role catalogue: " + itSystemId);
continue;
}
bool changes = false;
// find to remove (or maybe update name)
for (int i = itSystemData.systemRoles.Count - 1; i >= 0; i--)
{
bool found = false;
foreach (var group in groups)
{
if (group.Uuid.Equals(itSystemData.systemRoles[i].identifier))
{
if (!group.Name.Equals(itSystemData.systemRoles[i].name))
{
log.Info("Updating name on group to " + group.Name);
itSystemData.systemRoles[i].name = group.Name;
changes = true;
}
if (!group.Description.Equals(itSystemData.systemRoles[i].description))
{
log.Info("Updating description on group " + group.Name);
itSystemData.systemRoles[i].description = group.Description;
changes = true;
}
found = true;
break;
}
}
if (!found)
{
log.Info("Removing " + itSystemData.systemRoles[i].name + " from " + itSystemData.name);
itSystemData.systemRoles.RemoveAt(i);
changes = true;
}
}
// find to create
foreach (var group in groups)
{
bool found = false;
foreach (var role in itSystemData.systemRoles)
{
if (group.Uuid.Equals(role.identifier))
{
found = true;
break;
}
}
if (!found)
{
SystemRole systemRole = new SystemRole();
systemRole.description = group.Description;
systemRole.identifier = group.Uuid;
systemRole.name = group.Name;
systemRole.users = new List <string>();
itSystemData.systemRoles.Add(systemRole);
// only add members on CREATE scenario
List <string> members = adStub.GetGroupMembers(group.Uuid);
if (members != null)
{
foreach (var member in members)
{
systemRole.users.Add(member);
}
}
log.Info("Adding " + group.Name + " to " + itSystemData.name);
changes = true;
}
}
if (changes)
{
log.Info("Updating " + itSystemData.name);
itSystemData.convertRolesEnabled = convertToUserRoles;
roleCatalogueStub.SetItSystemData(itSystemId, itSystemData);
}
}
}