// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
namespace ASC.ActiveDirectory.Base;
///
/// Constants of Active Directory
///
public sealed class LdapConstants
{
public const int STANDART_LDAP_PORT = 389;
public const int SSL_LDAP_PORT = 636;
public const int LDAP_ERROR_INVALID_CREDENTIALS = 0x31;
public const int LDAP_V3 = 3;
public const string OBJECT_FILTER = "(ObjectClass=*)";
///
/// User Account type
///
[Flags]
public enum AccountType : uint
{
// ReSharper disable InconsistentNaming
///
SAM_DOMAIN_OBJECT = 0x00000000,
///
SAM_GROUP_OBJECT = 0x10000000,
///
SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001,
///
SAM_ALIAS_OBJECT = 0x20000000,
///
SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001,
///
SAM_USER_OBJECT = 0x30000000,
//SAM_NORMAL_USER_ACCOUNT = 0x30000000,
///
SAM_MACHINE_ACCOUNT = 0x30000001,
///
SAM_TRUST_ACCOUNT = 0x30000002,
///
SAM_APP_BASIC_GROUP = 0x40000000,
///
SAM_APP_QUERY_GROUP = 0x40000001
// ReSharper restore InconsistentNaming
}
///
/// User Account Control
///
[Flags]
public enum UserAccountControl : uint
{
// ReSharper disable InconsistentNaming
/// Zero flag
EMPTY = 0x00000000,
/// The logon script is executed.
ADS_UF_SCRIPT = 0x00000001,
/// The user account is disabled.
ADS_UF_ACCOUNTDISABLE = 0x00000002,
/// The home directory is required.
ADS_UF_HOMEDIR_REQUIRED = 0x00000008,
/// The account is currently locked out.
ADS_UF_LOCKOUT = 0x00000010,
/// No password is required.
ADS_UF_PASSWD_NOTREQD = 0x00000020,
/// The user cannot change the password
ADS_UF_PASSWD_CANT_CHANGE = 0x00000040,
/// The user can send an encrypted password.
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080,
/// This is an account for users whose primary account is in another domain.
/// This account provides user access to this domain, but not to any domain that trusts
/// this domain. Also known as a local user account.
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100,
/// This is a default account type that represents a typical user.
ADS_UF_NORMAL_ACCOUNT = 0x00000200,
/// This is a computer account for a computer that is a member of this domain.
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000,
/// This is a computer account for a system backup domain controller
/// that is a member of this domain.
ADS_UF_SERVER_TRUST_ACCOUNT = 0x00002000,
/// The password for this account will never expire.
ADS_UF_DONT_EXPIRE_PASSWD = 0x00010000,
/// The user must log on using a smart card.
ADS_UF_SMARTCARD_REQUIRED = 0x00040000,
/// The service account (user or computer account), under which a service runs,
/// is trusted for Kerberos delegation. Any such service can impersonate a client
/// requesting the service.
ADS_UF_TRUSTED_FOR_DELEGATION = 0x00080000,
/// The security context of the user will not be delegated to a service even
/// if the service account is set as trusted for Kerberos delegation.
ADS_UF_NOT_DELEGATED = 0x00100000,
/// Restrict this principal to use only Data Encryption Standard
/// (DES) encryption types for keys.
ADS_UF_USE_DES_KEY_ONLY = 0x00200000,
/// This account does not require Kerberos pre-authentication for logon.
ADS_UF_DONT_REQUIRE_PREAUTH = 0x00400000,
/// The user password has expired. This flag is created by the system
/// using data from the Pwd-Last-Set attribute and the domain policy.
ADS_UF_PASSWORD_EXPIRED = 0x00800000,
/// The account is enabled for delegation. This is a security-sensitive
/// setting; accounts with this option enabled should be strictly controlled.
/// This setting enables a service running under the account to assume a client
/// identity and authenticate as that user to other remote servers on the network.
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000
// ReSharper restore InconsistentNaming
}
///
/// Type of Group
///
[Flags]
public enum GroupType : uint
{
// ReSharper disable InconsistentNaming
/// System group
SYSTEM = 0x00000001,
/// Global scope group
GLOBAL_SCOPE = 0x00000002,
/// Local domain scope group
LOCAL_DOMAIN_SCOPE = 0x00000004,
/// Universal scope group
UNIVERSAL_SCOPE = 0x00000008,
/// Specifies an APP_BASIC group for Windows Server Authorization Manager.
APP_BASIC = 0x000000010,
/// Specifies an APP_QUERY group for Windows Server Authorization Manager.
APP_QUERY = 0x000000020,
/// Security group
SECURITY_GROUP = 0x80000000
// ReSharper restore InconsistentNaming
}
///
/// Schema attributes of Active Directory
///
// ReSharper disable once InconsistentNaming
public static class ADSchemaAttributes
{
/// Relative Distinguished Name
public const string NAME = "name";
/// Common-Name
public const string COMMON_NAME = "cn";
/// Display-Name
public const string DISPLAY_NAME = "displayName";
/// The list of classes from which this class is derived.
public const string OBJECT_CLASS = "objectClass";
/// DN category
public const string OBJECT_CATEGORY = "objectCategory";
/// The unique identifier for an object.
public const string OBJECT_GUID = "objectGUID";
/// Show-In-Advanced-View-Only
public const string SHOW_IN_ADVANCED_VIEW_ONLY = "showInAdvancedViewOnly";
/// Obj-Dist-Name
public const string DISTINGUISHED_NAME = "distinguishedName";
/// Is-Critical-System-Object
public const string IS_CRITICAL_SYSTEM_OBJECT = "isCriticalSystemObject";
/// NT-Security-Descriptor in format SDDL
public const string NT_SECURITY_DESCRIPTOR = "nTSecurityDescriptor";
/// Is-Member-Of-DL
public const string MEMBER_OF = "memberOf";
/// Users which are members of this object
public const string MEMBER = "member";
/// Organizational-Unit-Name
public const string ORGANIZATIONAL_UNIT_NAME = "ou";
/// Organization-Name
public const string ORGANIZATION_NAME = "o";
/// SAM-Account-Name
public const string ACCOUNT_NAME = "sAMAccountName";
/// SAM-Account-Type
public const string ACCOUNT_TYPE = "sAMAccountType";
/// A binary value that specifies the security identifier (SID) of the user.
/// The SID is a unique value used to identify the user as a security principal.
public const string OBJECT_SID = "objectSid"; //Object-Sid
/// Flags that control the behavior of the user account.
public const string USER_ACCOUNT_CONTROL = "userAccountControl";
/// This attribute contains the UPN that is an Internet-style login name
/// for a user based on the Internet standard RFC 822. The UPN is shorter than
/// the distinguished name and easier to remember. By convention, this should map
/// to the user e-mail name. The value set for this attribute is equal to the length
/// of the user's ID and the domain name. For more information about this attribute,
/// see the Naming Properties topic in the Active Directory guide.
public const string USER_PRINCIPAL_NAME = "userPrincipalName";
/// Contains the given name (first name) of the user.
public const string FIRST_NAME = "givenName";
/// This attribute contains the family or last name for a user.
public const string SURNAME = "sn";
/// Primary-Group-ID
public const string PRIMARY_GROUP_ID = "primaryGroupID";
/// Name of computer as registered in DNS
public const string DNS_HOST_NAME = "dNSHostName";
/// The Operating System Version string
public const string OPERATING_SYSTEM_VERSION = "operatingSystemVersion";
/// The Operating System Service Pack ID String
public const string OPERATING_SYSTEM_SERVICE_PACK = "operatingSystemServicePack";
/// The hotfix level of the operating system.
public const string OPERATING_SYSTEM_HOTFIX = "operatingSystemHotfix";
/// The Operating System name .
public const string OPERATING_SYSTEM = "operatingSystem";
/// The TCP/IP address for a network segment. Also called the subnet address.
public const string NETWORK_ADDRESS = "networkAddress";
/// Mobile phone
public const string MOBILE = "mobile";
/// Email address
public const string MAIL = "mail";
/// Telephone number
public const string TELEPHONE_NUMBER = "telephoneNumber";
/// Title
public const string TITLE = "title";
/// Street Address
public const string STREET = "street";
/// Postal code
public const string POSTAL_CODE = "postalCode";
/// Home phone
public const string HOME_PHONE = "homePhone";
/// Initials
public const string INITIALS = "initials";
/// Department
public const string DIVISION = "division";
/// Company
public const string COMPANY = "company";
}
public static class RfcLDAPAttributes
{
public const string ENTRY_DN = "entryDN";
public const string GUID = "GUID";
public const string ENTRY_UUID = "entryUUID";
public const string NS_UNIQUE_ID = "nsuniqueid";
public const string UID = "uid";
public const string MEMBER_UID = "memberUid";
public const string DN = "dn";
}
///
/// Standart attributes of ObjectClass
///
public static class ObjectClassKnowedValues
{
///
/// top value
///
public const string TOP = "top";
///
/// Domain name
///
public const string DOMAIN = "domain";
///
/// Domain DNS
///
public const string DOMAIN_DNS = "domainDNS";
///
/// Group name
///
public const string GROUP = "group";
///
/// posix-group
///
public const string POSIX_GROUP = "posixGroup";
///
/// Person
///
public const string PERSON = "person";
///
/// Container
///
public const string CONTAINER = "container";
///
/// Org unit
///
public const string ORGANIZATIONAL_UNIT = "organizationalUnit";
///
/// Org name
///
public const string ORGANIZATION = "organization";
///
/// posix-account
///
public const string POSIX_ACCOUNT = "posixAccount";
///
/// Org person
///
public const string ORGANIZATIONAL_PERSON = "organizationalPerson";
///
/// User
///
public const string USER = "user";
///
/// Computer
///
public const string COMPUTER = "computer";
///
/// RPC container
///
public const string RPC_CONTAINER = "rpcContainer";
///
/// Built in domain flag
///
public const string BUILD_IN_DOMAIN = "builtinDomain";
}
}