public bool TryLoadLDAPUsers()
{
try
{
if (!Settings.EnableLdapAuthentication)
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var users = LdapHelper.GetUsers();
foreach (var user in users)
{
if (string.IsNullOrEmpty(user.Sid))
{
AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongSidAttribute);
continue;
}
if (!CheckLoginAttribute(user, Settings.LoginAttribute))
{
AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongLoginAttribute);
continue;
}
if (!Settings.GroupMembership)
{
AllDomainUsers.Add(user);
continue;
}
if (!Settings.UserAttribute.Equals(LdapConstants.RfcLDAPAttributes.DN,
StringComparison.InvariantCultureIgnoreCase) && !CheckUserAttribute(user, Settings.UserAttribute))
{
AllSkipedDomainUsers.Add(user, LdapSettingsStatus.WrongUserAttribute);
continue;
}
AllDomainUsers.Add(user);
}
if (AllDomainUsers.Any())
{
PrimaryGroupId = AllDomainUsers.First().GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
}
return(AllDomainUsers.Any() || !users.Any());
}
catch (ArgumentException)
{
_log.ErrorFormat("TryLoadLDAPUsers(): Incorrect filter. userFilter = {0}", Settings.UserFilter);
}
return(false);
}
public void Dispose()
{
if (LdapHelper != null)
{
LdapHelper.Dispose();
}
}
public bool TrySyncUserGroupMembership(Tuple <UserInfo, LdapObject> ldapUserInfo)
{
if (ldapUserInfo == null ||
!Settings.GroupMembership)
{
return(false);
}
var userInfo = ldapUserInfo.Item1;
var ldapUser = ldapUserInfo.Item2;
var portalUserLdapGroups =
CoreContext.UserManager.GetUserGroups(userInfo.ID, IncludeType.All)
.Where(g => !string.IsNullOrEmpty(g.Sid))
.ToList();
List <LdapObject> ldapUserGroupList = new List <LdapObject>();
ldapUserGroupList.AddRange(GetLdapUserGroups(ldapUser));
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var actualPortalLdapGroups = GetAndCheckCurrentGroups(ldapUser, portalUserLdapGroups).ToList();
foreach (var ldapUserGroup in ldapUserGroupList)
{
var groupInfo = CoreContext.UserManager.GetGroupInfoBySid(ldapUserGroup.Sid);
if (Equals(groupInfo, Constants.LostGroupInfo))
{
_log.DebugFormat("TrySyncUserGroupMembership(groupname: '{0}' sid: '{1}') no portal group found, creating", ldapUserGroup.DistinguishedName, ldapUserGroup.Sid);
groupInfo = CoreContext.UserManager.SaveGroupInfo(ldapUserGroup.ToGroupInfo(Settings, _log));
_log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') adding user to group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, groupInfo.Name, groupInfo.Sid);
CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID);
}
else if (!portalUserLdapGroups.Contains(groupInfo))
{
_log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') adding user to group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, groupInfo.Name, groupInfo.Sid);
CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID);
}
actualPortalLdapGroups.Add(groupInfo);
}
foreach (var portalUserLdapGroup in portalUserLdapGroups)
{
if (!actualPortalLdapGroups.Contains(portalUserLdapGroup))
{
_log.DebugFormat("TrySyncUserGroupMembership(username: '******' sid: '{1}') removing user from group (groupname: '{2}' sid: '{3}')", userInfo.UserName, ldapUser.Sid, portalUserLdapGroup.Name, portalUserLdapGroup.Sid);
CoreContext.UserManager.RemoveUserFromGroup(userInfo.ID, portalUserLdapGroup.ID);
}
}
return(actualPortalLdapGroups.Count != 0);
}
public Tuple <UserInfo, LdapObject> Login(string login, string password)
{
try
{
if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password))
{
return(null);
}
var ldapUsers = FindLdapUsers(login);
_log.DebugFormat("FindLdapUsers(login '{0}') found: {1} users", login, ldapUsers.Count);
foreach (var ldapUser in ldapUsers)
{
string currentLogin = null;
try
{
var ldapUserInfo = ldapUser.Item1;
var ldapUserObject = ldapUser.Item2;
if (ldapUserInfo.Equals(Constants.LostUser) ||
ldapUserObject == null)
{
continue;
}
else if (string.IsNullOrEmpty(ldapUserObject.DistinguishedName) ||
string.IsNullOrEmpty(ldapUserObject.Sid))
{
_log.DebugFormat("LdapUserImporter->Login(login: '******', dn: '{1}') failed. Error: missing DN or SID", login, ldapUserObject.Sid);
continue;
}
currentLogin = ldapUserObject.DistinguishedName;
_log.DebugFormat("LdapUserImporter.Login('{0}')", currentLogin);
LdapHelper.CheckCredentials(currentLogin, password, Settings.Server,
Settings.PortNumber, Settings.StartTls, Settings.Ssl, Settings.AcceptCertificate,
Settings.AcceptCertificateHash);
return(new Tuple <UserInfo, LdapObject>(ldapUserInfo, ldapUserObject));
}
catch (Exception ex)
{
_log.ErrorFormat("LdapUserImporter->Login(login: '******') failed. Error: {1}", currentLogin ?? login, ex);
}
}
}
catch (Exception ex)
{
_log.ErrorFormat("LdapUserImporter->Login({0}) failed {1}", login, ex);
}
return(null);
}
private string LoadLDAPDomain()
{
try
{
if (!Settings.EnableLdapAuthentication)
{
return(null);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
string ldapDomain;
if (AllDomainUsers.Any())
{
ldapDomain = AllDomainUsers.First().GetDomainFromDn();
if (!string.IsNullOrEmpty(ldapDomain))
{
return(ldapDomain);
}
}
ldapDomain = LdapHelper.SearchDomain();
if (!string.IsNullOrEmpty(ldapDomain))
{
return(ldapDomain);
}
ldapDomain = LdapUtils.DistinguishedNameToDomain(Settings.UserDN);
if (!string.IsNullOrEmpty(ldapDomain))
{
return(ldapDomain);
}
ldapDomain = LdapUtils.DistinguishedNameToDomain(Settings.GroupDN);
if (!string.IsNullOrEmpty(ldapDomain))
{
return(ldapDomain);
}
}
catch (Exception ex)
{
_log.ErrorFormat("LoadLDAPDomain(): Error: {0}", ex);
}
return(null);
}
public LdapUserImporter(LdapHelper ldapHelper, LdapLocalization resource)
{
LdapHelper = ldapHelper;
AllDomainUsers = new List <LdapObject>();
AllDomainGroups = new List <LdapObject>();
AllSkipedDomainUsers = new Dictionary <LdapObject, LdapSettingsStatus>();
AllSkipedDomainGroups = new Dictionary <LdapObject, LdapSettingsStatus>();
Resource = resource;
_log = LogManager.GetLogger(typeof(LdapUserImporter));
}
public bool TryLoadLDAPGroups()
{
try
{
if (!Settings.EnableLdapAuthentication || !Settings.GroupMembership)
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var groups = LdapHelper.GetGroups();
foreach (var group in groups)
{
if (string.IsNullOrEmpty(group.Sid))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongSidAttribute);
continue;
}
if (!CheckGroupAttribute(group, Settings.GroupAttribute))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupAttribute);
continue;
}
if (!CheckGroupNameAttribute(group, Settings.GroupNameAttribute))
{
AllSkipedDomainGroups.Add(group, LdapSettingsStatus.WrongGroupNameAttribute);
continue;
}
AllDomainGroups.Add(group);
}
return(AllDomainGroups.Any() || !groups.Any());
}
catch (ArgumentException)
{
_log.ErrorFormat("TryLoadLDAPGroups(): Incorrect group filter. groupFilter = {0}", Settings.GroupFilter);
}
return(false);
}
public IEnumerable <GroupInfo> GetAndCheckCurrentGroups(LdapObject ldapUser, IEnumerable <GroupInfo> portalGroups)
{
var result = new List <GroupInfo>();
try
{
var searchExpressions = new List <Expression>();
if (portalGroups != null && portalGroups.Any())
{
searchExpressions.AddRange(portalGroups.Select(g => Expression.Equal(LdapConstants.ADSchemaAttributes.OBJECT_SID, g.Sid)));
}
else
{
return(result);
}
var criteria = Criteria.Any(searchExpressions.ToArray());
var foundList = LdapHelper.GetGroups(criteria);
if (foundList.Any())
{
var stillExistingGroups = portalGroups.Where(g => foundList.Any(fg => fg.Sid == g.Sid));
foreach (var group in stillExistingGroups)
{
if (GetGroupUsers(group).Any(u => u.Sid == ldapUser.Sid))
{
result.Add(group);
}
}
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("GetAndCheckCurrentGroups(login: '******' sid: '{1}') error {2}",
ldapUser.DistinguishedName, ldapUser.Sid, ex);
}
}
return(result);
}
public List <Tuple <UserInfo, LdapObject> > FindLdapUsers(string login)
{
var listResults = new List <Tuple <UserInfo, LdapObject> >();
var ldapLogin = LdapLogin.ParseLogin(login);
if (ldapLogin == null)
{
return(listResults);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var exps = new List <Expression> {
Expression.Equal(Settings.LoginAttribute, ldapLogin.Username)
};
if (!ldapLogin.Username.Equals(login) && ldapLogin.ToString().Equals(login))
{
exps.Add(Expression.Equal(Settings.LoginAttribute, login));
}
string email = null;
if (!string.IsNullOrEmpty(Settings.MailAttribute) && !string.IsNullOrEmpty(ldapLogin.Domain) && login.Contains("@"))
{
email = ldapLogin.ToString();
exps.Add(Expression.Equal(Settings.MailAttribute, email));
}
var searchTerm = exps.Count > 1 ? Criteria.Any(exps.ToArray()).ToString() : exps.First().ToString();
var users = LdapHelper.GetUsers(searchTerm, !string.IsNullOrEmpty(email) ? -1 : 1)
.Where(user => user != null)
.ToLookup(lu =>
{
var ui = Constants.LostUser;
try
{
if (string.IsNullOrEmpty(_ldapDomain))
{
_ldapDomain = LdapUtils.DistinguishedNameToDomain(lu.DistinguishedName);
}
ui = lu.ToUserInfo(this, _log);
}
catch (Exception ex)
{
_log.ErrorFormat("FindLdapUser->ToUserInfo() failed. Error: {0}", ex.ToString());
}
return(Tuple.Create(ui, lu));
});
if (!users.Any())
{
return(listResults);
}
foreach (var user in users)
{
var ui = user.Key.Item1;
if (ui.Equals(Constants.LostUser))
{
continue;
}
var ul = user.Key.Item2;
var ldapLoginAttribute = ul.GetValue(Settings.LoginAttribute) as string;
if (string.IsNullOrEmpty(ldapLoginAttribute))
{
_log.WarnFormat("LDAP: DN: '{0}' Login Attribute '{1}' is empty", ul.DistinguishedName, Settings.LoginAttribute);
continue;
}
if (ldapLoginAttribute.Equals(login))
{
listResults.Add(user.Key);
continue;
}
if (!string.IsNullOrEmpty(email))
{
if (ui.Email.Equals(email, StringComparison.InvariantCultureIgnoreCase))
{
listResults.Add(user.Key);
continue;
}
}
if (LdapUtils.IsLoginAccepted(ldapLogin, ui, LDAPDomain))
{
listResults.Add(user.Key);
}
}
return(listResults);
}
private bool TryGetLdapUserGroups(LdapObject ldapUser, out List <LdapObject> ldapUserGroups)
{
ldapUserGroups = new List <LdapObject>();
try
{
if (!Settings.GroupMembership)
{
return(false);
}
if (ldapUser == null ||
string.IsNullOrEmpty(ldapUser.Sid))
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var userGroups = ldapUser.GetAttributes(LdapConstants.ADSchemaAttributes.MEMBER_OF, _log)
.Select(s => s.Replace("\\", string.Empty))
.ToList();
if (!userGroups.Any())
{
userGroups = ldapUser.GetAttributes(GROUP_MEMBERSHIP, _log);
}
var searchExpressions = new List <Expression>();
PrimaryGroupId = PrimaryGroupId ??
ldapUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;
if (!string.IsNullOrEmpty(PrimaryGroupId))
{
var userSid = ldapUser.Sid;
var index = userSid.LastIndexOf("-", StringComparison.InvariantCultureIgnoreCase);
if (index > -1)
{
var primaryGroupSid = userSid.Substring(0, index + 1) + PrimaryGroupId;
searchExpressions.Add(Expression.Equal(ldapUser.SidAttribute, primaryGroupSid));
}
}
if (userGroups.Any())
{
searchExpressions.AddRange(userGroups
.Select(g => g.Substring(0, g.IndexOf(",", StringComparison.InvariantCultureIgnoreCase)))
.Where(s => !string.IsNullOrEmpty(s))
.Select(Expression.Parse)
.Where(e => e != null));
var criteria = Criteria.Any(searchExpressions.ToArray());
var foundList = LdapHelper.GetGroups(criteria);
if (foundList.Any())
{
ldapUserGroups.AddRange(foundList);
return(true);
}
}
else
{
var ldapGroups = LdapHelper.GetGroups();
ldapUserGroups.AddRange(
ldapGroups.Where(
ldapGroup =>
LdapHelper.UserExistsInGroup(ldapGroup, ldapUser, Settings)));
return(ldapUserGroups.Any());
}
}
catch (Exception ex)
{
if (ldapUser != null)
{
_log.ErrorFormat("IsUserExistInGroups(login: '******' sid: '{1}') error {2}",
ldapUser.DistinguishedName, ldapUser.Sid, ex);
}
}
return(false);
}
private List <UserInfo> GetGroupUsers(GroupInfo groupInfo, bool clearCache)
{
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
_log.DebugFormat("LdapUserImporter.GetGroupUsers(Group name: {0})", groupInfo.Name);
var users = new List <UserInfo>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(users);
}
var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid));
if (domainGroup == null)
{
return(users);
}
if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId))
{
// Domain Users found
var ldapUsers = FindUsersByPrimaryGroup();
if (!ldapUsers.Any())
{
return(users);
}
foreach (var ldapUser in ldapUsers)
{
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
else
{
var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log);
if (!members.Any())
{
return(users);
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser == null)
{
var nestedLdapGroup = FindGroupByMember(member);
if (nestedLdapGroup != null)
{
_log.DebugFormat("Found nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName);
if (clearCache)
{
_watchedNestedGroups = new List <string>();
}
if (_watchedNestedGroups.Contains(nestedLdapGroup.DistinguishedName))
{
_log.DebugFormat("Skip already watched nested LDAP Group: {0}", nestedLdapGroup.DistinguishedName);
continue;
}
_watchedNestedGroups.Add(nestedLdapGroup.DistinguishedName);
var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log);
var nestedGroupUsers = GetGroupUsers(nestedGroupInfo, false);
foreach (var groupUser in nestedGroupUsers)
{
if (!users.Exists(u => u.Sid == groupUser.Sid))
{
users.Add(groupUser);
}
}
}
continue;
}
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
return(users);
}
public bool TrySyncUserGroupMembership(Tuple <UserInfo, LdapObject> ldapUserInfo)
{
if (ldapUserInfo == null ||
!Settings.GroupMembership)
{
return(false);
}
var userInfo = ldapUserInfo.Item1;
var ldapUser = ldapUserInfo.Item2;
List <LdapObject> ldapUserGroupList;
if (!TryGetLdapUserGroups(ldapUser, out ldapUserGroupList))
{
return(false);
}
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var portalUserLdapGroups =
CoreContext.UserManager.GetUserGroups(userInfo.ID, IncludeType.All)
.Where(g => !string.IsNullOrEmpty(g.Sid))
.ToList();
var actualPortalLdapGroups = new List <GroupInfo>();
foreach (var ldapUserGroup in ldapUserGroupList)
{
var groupInfo = CoreContext.UserManager.GetGroupInfoBySid(ldapUserGroup.Sid);
if (Equals(groupInfo, Constants.LostGroupInfo))
{
groupInfo = CoreContext.UserManager.SaveGroupInfo(ldapUserGroup.ToGroupInfo(Settings, _log));
CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID);
actualPortalLdapGroups.Add(groupInfo);
}
else if (!portalUserLdapGroups.Contains(groupInfo))
{
CoreContext.UserManager.AddUserIntoGroup(userInfo.ID, groupInfo.ID);
actualPortalLdapGroups.Add(groupInfo);
}
}
if (!actualPortalLdapGroups.Any())
{
return(true);
}
foreach (var portalUserLdapGroup in portalUserLdapGroups)
{
if (!actualPortalLdapGroups.Contains(portalUserLdapGroup))
{
CoreContext.UserManager.RemoveUserFromGroup(userInfo.ID, portalUserLdapGroup.ID);
}
}
return(true);
}
public List <UserInfo> GetGroupUsers(GroupInfo groupInfo)
{
if (!LdapHelper.IsConnected)
{
LdapHelper.Connect();
}
var users = new List <UserInfo>();
if (!AllDomainGroups.Any() && !TryLoadLDAPGroups())
{
return(users);
}
var domainGroup = AllDomainGroups.FirstOrDefault(lg => lg.Sid.Equals(groupInfo.Sid));
if (domainGroup == null)
{
return(users);
}
if (!string.IsNullOrEmpty(PrimaryGroupId) && domainGroup.Sid.EndsWith("-" + PrimaryGroupId))
{
// Domain Users found
var ldapUsers = FindUsersByPrimaryGroup();
if (!ldapUsers.Any())
{
return(users);
}
foreach (var ldapUser in ldapUsers)
{
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
else
{
var members = domainGroup.GetAttributes(Settings.GroupAttribute, _log);
if (!members.Any())
{
return(users);
}
foreach (var member in members)
{
var ldapUser = FindUserByMember(member);
if (ldapUser == null)
{
var nestedLdapGroup = FindGroupByMember(member);
if (nestedLdapGroup != null)
{
var nestedGroupInfo = nestedLdapGroup.ToGroupInfo(Settings, _log);
var nestedGroupUsers = GetGroupUsers(nestedGroupInfo);
foreach (var groupUser in nestedGroupUsers)
{
if (!users.Exists(u => u.Sid == groupUser.Sid))
{
users.Add(groupUser);
}
}
}
continue;
}
var userInfo = ldapUser.ToUserInfo(this, _log);
if (!users.Exists(u => u.Sid == userInfo.Sid))
{
users.Add(userInfo);
}
}
}
return(users);
}
