2022-05-05 13:23:05 +00:00
|
|
|
|
// (c) Copyright Ascensio System SIA 2010-2022
|
|
|
|
|
|
//
|
|
|
|
|
|
// This program is a free software product.
|
|
|
|
|
|
// You can redistribute it and/or modify it under the terms
|
|
|
|
|
|
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
|
|
|
|
|
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
|
|
|
|
|
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
|
|
|
|
|
// any third-party rights.
|
|
|
|
|
|
//
|
|
|
|
|
|
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
|
|
|
|
|
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
|
|
|
|
|
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
|
|
|
|
|
//
|
|
|
|
|
|
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
|
|
|
|
|
//
|
|
|
|
|
|
// The interactive user interfaces in modified source and object code versions of the Program must
|
|
|
|
|
|
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
|
|
|
|
|
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
|
|
|
|
|
// trademark law for use of our trademarks.
|
|
|
|
|
|
//
|
|
|
|
|
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
|
|
|
|
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
|
|
|
|
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
using Constants = ASC.Core.Users.Constants;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
using Mapping = ASC.ActiveDirectory.Base.Settings.LdapSettings.MappingFields;
|
2022-03-17 19:44:34 +00:00
|
|
|
|
using SecurityContext = ASC.Core.SecurityContext;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
namespace ASC.ActiveDirectory;
|
|
|
|
|
|
[Scope]
|
|
|
|
|
|
public class LdapUserManager
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private readonly ILog _log;
|
|
|
|
|
|
private readonly UserManager _userManager;
|
|
|
|
|
|
private readonly TenantManager _tenantManager;
|
|
|
|
|
|
private readonly TenantUtil _tenantUtil;
|
|
|
|
|
|
private readonly SecurityContext _securityContext;
|
|
|
|
|
|
private readonly CommonLinkUtility _commonLinkUtility;
|
|
|
|
|
|
private readonly SettingsManager _settingsManager;
|
|
|
|
|
|
private readonly DisplayUserSettingsHelper _displayUserSettingsHelper;
|
|
|
|
|
|
private readonly UserFormatter _userFormatter;
|
|
|
|
|
|
private readonly IServiceProvider _serviceProvider;
|
|
|
|
|
|
private readonly NovellLdapUserImporter _novellLdapUserImporter;
|
|
|
|
|
|
private LdapLocalization _resource;
|
|
|
|
|
|
|
|
|
|
|
|
public LdapUserManager(
|
|
|
|
|
|
IOptionsMonitor<ILog> option,
|
|
|
|
|
|
IServiceProvider serviceProvider,
|
|
|
|
|
|
UserManager userManager,
|
|
|
|
|
|
TenantManager tenantManager,
|
|
|
|
|
|
TenantUtil tenantUtil,
|
|
|
|
|
|
SecurityContext securityContext,
|
|
|
|
|
|
CommonLinkUtility commonLinkUtility,
|
|
|
|
|
|
SettingsManager settingsManager,
|
|
|
|
|
|
DisplayUserSettingsHelper displayUserSettingsHelper,
|
|
|
|
|
|
UserFormatter userFormatter,
|
2022-05-05 13:23:05 +00:00
|
|
|
|
NovellLdapUserImporter novellLdapUserImporter,
|
|
|
|
|
|
WorkContext workContext)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log = option.Get("ASC");
|
|
|
|
|
|
_userManager = userManager;
|
|
|
|
|
|
_tenantManager = tenantManager;
|
|
|
|
|
|
_tenantUtil = tenantUtil;
|
|
|
|
|
|
_securityContext = securityContext;
|
|
|
|
|
|
_commonLinkUtility = commonLinkUtility;
|
|
|
|
|
|
_settingsManager = settingsManager;
|
|
|
|
|
|
_displayUserSettingsHelper = displayUserSettingsHelper;
|
|
|
|
|
|
_userFormatter = userFormatter;
|
|
|
|
|
|
_serviceProvider = serviceProvider;
|
|
|
|
|
|
_novellLdapUserImporter = novellLdapUserImporter;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
public void Init(LdapLocalization resource = null)
|
|
|
|
|
|
{
|
|
|
|
|
|
_resource = resource ?? new LdapLocalization();
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool TestUniqueUserName(string uniqueName)
|
|
|
|
|
|
{
|
|
|
|
|
|
return !string.IsNullOrEmpty(uniqueName) && Equals(_userManager.GetUserByUserName(uniqueName), Constants.LostUser);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private string MakeUniqueName(UserInfo userInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (string.IsNullOrEmpty(userInfo.Email))
|
|
|
|
|
|
throw new ArgumentException(_resource.ErrorEmailEmpty, "userInfo");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var uniqueName = new MailAddress(userInfo.Email).User;
|
|
|
|
|
|
var startUniqueName = uniqueName;
|
|
|
|
|
|
var i = 0;
|
|
|
|
|
|
while (!TestUniqueUserName(uniqueName))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
uniqueName = string.Format("{0}{1}", startUniqueName, (++i).ToString(CultureInfo.InvariantCulture));
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return uniqueName;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool CheckUniqueEmail(Guid userId, string email)
|
|
|
|
|
|
{
|
|
|
|
|
|
var foundUser = _userManager.GetUserByEmail(email);
|
2022-05-05 13:23:05 +00:00
|
|
|
|
return Equals(foundUser, Constants.LostUser) || foundUser.Id == userId;
|
2022-03-17 19:44:34 +00:00
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
public bool TryAddLDAPUser(UserInfo ldapUserInfo, bool onlyGetChanges, out UserInfo portalUserInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
portalUserInfo = Constants.LostUser;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
if (ldapUserInfo == null)
|
|
|
|
|
|
throw new ArgumentNullException("ldapUserInfo");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("TryAddLDAPUser(SID: {0}): Email '{1}' UserName: {2}", ldapUserInfo.Sid,
|
|
|
|
|
|
ldapUserInfo.Email, ldapUserInfo.UserName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-05-05 13:23:05 +00:00
|
|
|
|
if (!CheckUniqueEmail(ldapUserInfo.Id, ldapUserInfo.Email))
|
2022-03-17 19:44:34 +00:00
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("TryAddLDAPUser(SID: {0}): Email '{1}' already exists.",
|
|
|
|
|
|
ldapUserInfo.Sid, ldapUserInfo.Email);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!TryChangeExistingUserName(ldapUserInfo.UserName, onlyGetChanges))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("TryAddLDAPUser(SID: {0}): Username '{1}' already exists.",
|
|
|
|
|
|
ldapUserInfo.Sid, ldapUserInfo.UserName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-05-05 13:23:05 +00:00
|
|
|
|
var q = _tenantManager.GetTenantQuota(_tenantManager.GetCurrentTenant().Id);
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (q.ActiveUsers <= _userManager.GetUsersByGroup(Constants.GroupUser.ID).Length)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("TryAddLDAPUser(SID: {0}): Username '{1}' adding this user would exceed quota.",
|
|
|
|
|
|
ldapUserInfo.Sid, ldapUserInfo.UserName);
|
|
|
|
|
|
throw new TenantQuotaException(string.Format("Exceeds the maximum active users ({0})", q.ActiveUsers));
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!ldapUserInfo.WorkFromDate.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
ldapUserInfo.WorkFromDate = _tenantUtil.DateTimeNow();
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
{
|
|
|
|
|
|
portalUserInfo = ldapUserInfo;
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("CoreContext.UserManager.SaveUserInfo({0})", ldapUserInfo.GetUserInfoString());
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
portalUserInfo = _userManager.SaveUserInfo(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var passwordHash = LdapUtils.GeneratePassword();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-05-05 13:23:05 +00:00
|
|
|
|
_log.DebugFormat("SecurityContext.SetUserPassword(ID:{0})", portalUserInfo.Id);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-05-05 13:23:05 +00:00
|
|
|
|
_securityContext.SetUserPasswordHash(portalUserInfo.Id, passwordHash);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
catch (TenantQuotaException ex)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
// rethrow if quota
|
|
|
|
|
|
throw ex;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (ldapUserInfo != null)
|
|
|
|
|
|
_log.ErrorFormat("TryAddLDAPUser(UserName='{0}' Sid='{1}') failed: Error: {2}", ldapUserInfo.UserName,
|
|
|
|
|
|
ldapUserInfo.Sid, ex);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool TryChangeExistingUserName(string ldapUserName, bool onlyGetChanges)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
if (string.IsNullOrEmpty(ldapUserName))
|
|
|
|
|
|
return false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var otherUser = _userManager.GetUserByUserName(ldapUserName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (Equals(otherUser, Constants.LostUser))
|
|
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (otherUser.IsLDAP())
|
|
|
|
|
|
return false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
otherUser.UserName = MakeUniqueName(otherUser);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.Debug("TryChangeExistingUserName()");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("CoreContext.UserManager.SaveUserInfo({0})", otherUser.GetUserInfoString());
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_userManager.SaveUserInfo(otherUser);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
catch (Exception ex)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.ErrorFormat("TryChangeOtherUserName({0}) failed. Error: {1}", ldapUserName, ex);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
public UserInfo GetLDAPSyncUserChange(UserInfo ldapUserInfo, List<UserInfo> ldapUsers, out LdapChangeCollection changes)
|
|
|
|
|
|
{
|
|
|
|
|
|
return SyncLDAPUser(ldapUserInfo, ldapUsers, out changes, true);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
public UserInfo SyncLDAPUser(UserInfo ldapUserInfo, List<UserInfo> ldapUsers = null)
|
|
|
|
|
|
{
|
|
|
|
|
|
LdapChangeCollection changes;
|
|
|
|
|
|
return SyncLDAPUser(ldapUserInfo, ldapUsers, out changes);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private UserInfo SyncLDAPUser(UserInfo ldapUserInfo, List<UserInfo> ldapUsers, out LdapChangeCollection changes, bool onlyGetChanges = false)
|
|
|
|
|
|
{
|
|
|
|
|
|
UserInfo result;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
changes = new LdapChangeCollection(_userFormatter);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
UserInfo userToUpdate;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var userBySid = _userManager.GetUserBySid(ldapUserInfo.Sid);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (Equals(userBySid, Constants.LostUser))
|
|
|
|
|
|
{
|
|
|
|
|
|
var userByEmail = _userManager.GetUserByEmail(ldapUserInfo.Email);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (Equals(userByEmail, Constants.LostUser))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (ldapUserInfo.Status != EmployeeStatus.Active)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetSkipUserChange(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("SyncUserLDAP(SID: {0}, Username: '{1}') ADD failed: Status is {2}",
|
|
|
|
|
|
ldapUserInfo.Sid, ldapUserInfo.UserName,
|
|
|
|
|
|
Enum.GetName(typeof(EmployeeStatus), ldapUserInfo.Status));
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return Constants.LostUser;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!TryAddLDAPUser(ldapUserInfo, onlyGetChanges, out result))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetSkipUserChange(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return Constants.LostUser;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetAddUserChange(result, _log);
|
|
|
|
|
|
|
|
|
|
|
|
if (!onlyGetChanges && _settingsManager.Load<LdapSettings>().SendWelcomeEmail &&
|
|
|
|
|
|
(ldapUserInfo.ActivationStatus != EmployeeActivationStatus.AutoGenerated))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-29 12:23:16 +00:00
|
|
|
|
using var scope = _serviceProvider.CreateScope();
|
2022-05-18 10:36:35 +00:00
|
|
|
|
var tenantManager = scope.ServiceProvider.GetRequiredService<TenantManager>();
|
|
|
|
|
|
var ldapNotifyHelper = scope.ServiceProvider.GetRequiredService<LdapNotifyHelper>();
|
|
|
|
|
|
var source = scope.ServiceProvider.GetRequiredService<LdapNotifySource>();
|
|
|
|
|
|
source.Init(tenantManager.GetCurrentTenant());
|
|
|
|
|
|
var workContext = scope.ServiceProvider.GetRequiredService<WorkContext>();
|
|
|
|
|
|
var notifuEngineQueue = scope.ServiceProvider.GetRequiredService<NotifyEngineQueue>();
|
2022-05-05 13:23:05 +00:00
|
|
|
|
var client = workContext.NotifyContext.RegisterClient(notifuEngineQueue, source);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var confirmLink = _commonLinkUtility.GetConfirmationUrl(ldapUserInfo.Email, ConfirmType.EmailActivation);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
client.SendNoticeToAsync(
|
|
|
|
|
|
NotifyConstants.ActionLdapActivation,
|
|
|
|
|
|
null,
|
|
|
|
|
|
new[] { new DirectRecipient(ldapUserInfo.Email, null, new[] { ldapUserInfo.Email }, false) },
|
|
|
|
|
|
new[] { ASC.Core.Configuration.Constants.NotifyEMailSenderSysName },
|
|
|
|
|
|
null,
|
|
|
|
|
|
new TagValue(NotifyConstants.TagUserName, ldapUserInfo.DisplayUserName(_displayUserSettingsHelper)),
|
|
|
|
|
|
new TagValue(NotifyConstants.TagUserEmail, ldapUserInfo.Email),
|
|
|
|
|
|
new TagValue(NotifyConstants.TagMyStaffLink, _commonLinkUtility.GetFullAbsolutePath(_commonLinkUtility.GetMyStaff())),
|
|
|
|
|
|
NotifyConstants.TagGreenButton(_resource.NotifyButtonJoin, confirmLink),
|
|
|
|
|
|
new TagValue(NotifyCommonTags.WithoutUnsubscribe, true));
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return result;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (userByEmail.IsLDAP())
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (ldapUsers == null || ldapUsers.Any(u => u.Sid.Equals(userByEmail.Sid)))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetSkipUserChange(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat(
|
|
|
|
|
|
"SyncUserLDAP(SID: {0}, Username: '{1}') ADD failed: Another ldap user with email '{2}' already exists",
|
|
|
|
|
|
ldapUserInfo.Sid, ldapUserInfo.UserName, ldapUserInfo.Email);
|
|
|
|
|
|
|
|
|
|
|
|
return Constants.LostUser;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userToUpdate = userByEmail;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
userToUpdate = userBySid;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
UpdateLdapUserContacts(ldapUserInfo, userToUpdate.ContactsList);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!NeedUpdateUser(userToUpdate, ldapUserInfo))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("SyncUserLDAP(SID: {0}, Username: '{1}') No need to update, skipping", ldapUserInfo.Sid, ldapUserInfo.UserName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
if (onlyGetChanges)
|
2022-03-17 19:44:34 +00:00
|
|
|
|
changes.SetNoneUserChange(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return userBySid;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("SyncUserLDAP(SID: {0}, Username: '{1}') Userinfo is outdated, updating", ldapUserInfo.Sid, ldapUserInfo.UserName);
|
|
|
|
|
|
if (!TryUpdateUserWithLDAPInfo(userToUpdate, ldapUserInfo, onlyGetChanges, out result))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetSkipUserChange(ldapUserInfo);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return Constants.LostUser;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (onlyGetChanges)
|
|
|
|
|
|
changes.SetUpdateUserChange(ldapUserInfo, result, _log);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return result;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private const string EXT_MOB_PHONE = "extmobphone";
|
|
|
|
|
|
private const string EXT_MAIL = "extmail";
|
|
|
|
|
|
private const string EXT_PHONE = "extphone";
|
|
|
|
|
|
private const string EXT_SKYPE = "extskype";
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private static void UpdateLdapUserContacts(UserInfo ldapUser, List<string> portalUserContacts)
|
|
|
|
|
|
{
|
2022-05-13 09:20:28 +00:00
|
|
|
|
if (portalUserContacts == null || !portalUserContacts.Any())
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var ldapUserContacts = ldapUser.Contacts;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var newContacts = new List<string>(ldapUser.ContactsList);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
for (int i = 0; i < portalUserContacts.Count; i += 2)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (portalUserContacts[i] == EXT_MOB_PHONE || portalUserContacts[i] == EXT_MAIL
|
|
|
|
|
|
|| portalUserContacts[i] == EXT_PHONE || portalUserContacts[i] == EXT_SKYPE)
|
|
|
|
|
|
continue;
|
|
|
|
|
|
if (i + 1 >= portalUserContacts.Count)
|
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
|
|
newContacts.Add(portalUserContacts[i]);
|
|
|
|
|
|
newContacts.Add(portalUserContacts[i + 1]);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
ldapUser.ContactsList = newContacts;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool NeedUpdateUser(UserInfo portalUser, UserInfo ldapUser)
|
|
|
|
|
|
{
|
|
|
|
|
|
var needUpdate = false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var settings = _settingsManager.Load<LdapSettings>();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
Func<string, string, bool> notEqual =
|
|
|
|
|
|
(f1, f2) =>
|
|
|
|
|
|
f1 == null && f2 != null ||
|
|
|
|
|
|
f1 != null && !f1.Equals(f2, StringComparison.InvariantCultureIgnoreCase);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (notEqual(portalUser.FirstName, ldapUser.FirstName))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by FirstName -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.FirstName ?? "NULL",
|
|
|
|
|
|
ldapUser.FirstName ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (notEqual(portalUser.LastName, ldapUser.LastName))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by LastName -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.LastName ?? "NULL",
|
|
|
|
|
|
ldapUser.LastName ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (notEqual(portalUser.UserName, ldapUser.UserName))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by UserName -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.UserName ?? "NULL",
|
|
|
|
|
|
ldapUser.UserName ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (notEqual(portalUser.Email, ldapUser.Email) &&
|
|
|
|
|
|
(ldapUser.ActivationStatus != EmployeeActivationStatus.AutoGenerated
|
|
|
|
|
|
|| ldapUser.ActivationStatus == EmployeeActivationStatus.AutoGenerated && portalUser.ActivationStatus == EmployeeActivationStatus.AutoGenerated))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Email -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Email ?? "NULL",
|
|
|
|
|
|
ldapUser.Email ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (notEqual(portalUser.Sid, ldapUser.Sid))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Sid -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Sid ?? "NULL",
|
|
|
|
|
|
ldapUser.Sid ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.TitleAttribute) && notEqual(portalUser.Title, ldapUser.Title))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Title -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Title ?? "NULL",
|
|
|
|
|
|
ldapUser.Title ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.LocationAttribute) && notEqual(portalUser.Location, ldapUser.Location))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Location -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Location ?? "NULL",
|
|
|
|
|
|
ldapUser.Location ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (portalUser.ActivationStatus != ldapUser.ActivationStatus &&
|
|
|
|
|
|
(!portalUser.ActivationStatus.HasFlag(EmployeeActivationStatus.Activated) || portalUser.Email != ldapUser.Email) &&
|
|
|
|
|
|
ldapUser.ActivationStatus != EmployeeActivationStatus.AutoGenerated)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by ActivationStatus -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.ActivationStatus,
|
|
|
|
|
|
ldapUser.ActivationStatus);
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (portalUser.Status != ldapUser.Status)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Status -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Status,
|
|
|
|
|
|
ldapUser.Status);
|
|
|
|
|
|
needUpdate = true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
|
2022-05-13 09:20:28 +00:00
|
|
|
|
if (portalUser.ContactsList == null && ldapUser.ContactsList.Count != 0 || portalUser.ContactsList != null && (ldapUser.ContactsList.Count != portalUser.ContactsList.Count ||
|
|
|
|
|
|
!ldapUser.Contacts.All(portalUser.Contacts.Contains)))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Contacts -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
string.Join("|", portalUser.Contacts),
|
|
|
|
|
|
string.Join("|", ldapUser.Contacts));
|
|
|
|
|
|
needUpdate = true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.MobilePhoneAttribute) && notEqual(portalUser.MobilePhone, ldapUser.MobilePhone))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by PrimaryPhone -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.MobilePhone ?? "NULL",
|
|
|
|
|
|
ldapUser.MobilePhone ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.BirthDayAttribute) && portalUser.BirthDate == null && ldapUser.BirthDate != null || portalUser.BirthDate != null && !portalUser.BirthDate.Equals(ldapUser.BirthDate))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser by BirthDate -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.BirthDate.ToString() ?? "NULL",
|
|
|
|
|
|
ldapUser.BirthDate.ToString() ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.GenderAttribute) && portalUser.Sex == null && ldapUser.Sex != null || portalUser.Sex != null && !portalUser.Sex.Equals(ldapUser.Sex))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("NeedUpdateUser by Sex -> portal: '{0}', ldap: '{1}'",
|
|
|
|
|
|
portalUser.Sex.ToString() ?? "NULL",
|
|
|
|
|
|
ldapUser.Sex.ToString() ?? "NULL");
|
|
|
|
|
|
needUpdate = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NeedUpdateUser failed: error: {0}", ex);
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return needUpdate;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool TryUpdateUserWithLDAPInfo(UserInfo userToUpdate, UserInfo updateInfo, bool onlyGetChanges, out UserInfo portlaUserInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
portlaUserInfo = Constants.LostUser;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.Debug("TryUpdateUserWithLDAPInfo()");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var settings = _settingsManager.Load<LdapSettings>();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!userToUpdate.UserName.Equals(updateInfo.UserName, StringComparison.InvariantCultureIgnoreCase)
|
|
|
|
|
|
&& !TryChangeExistingUserName(updateInfo.UserName, onlyGetChanges))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat(
|
|
|
|
|
|
"UpdateUserWithLDAPInfo(ID: {0}): New username already exists. (Old: '{1})' New: '{2}'",
|
2022-05-05 13:23:05 +00:00
|
|
|
|
userToUpdate.Id, userToUpdate.UserName, updateInfo.UserName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!userToUpdate.Email.Equals(updateInfo.Email, StringComparison.InvariantCultureIgnoreCase)
|
2022-05-05 13:23:05 +00:00
|
|
|
|
&& !CheckUniqueEmail(userToUpdate.Id, updateInfo.Email))
|
2022-03-17 19:44:34 +00:00
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat(
|
|
|
|
|
|
"UpdateUserWithLDAPInfo(ID: {0}): New email already exists. (Old: '{1})' New: '{2}'",
|
2022-05-05 13:23:05 +00:00
|
|
|
|
userToUpdate.Id, userToUpdate.Email, updateInfo.Email);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (userToUpdate.Email != updateInfo.Email && !(updateInfo.ActivationStatus == EmployeeActivationStatus.AutoGenerated &&
|
|
|
|
|
|
userToUpdate.ActivationStatus == (EmployeeActivationStatus.AutoGenerated | EmployeeActivationStatus.Activated)))
|
|
|
|
|
|
{
|
|
|
|
|
|
userToUpdate.ActivationStatus = updateInfo.ActivationStatus;
|
|
|
|
|
|
userToUpdate.Email = updateInfo.Email;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userToUpdate.UserName = updateInfo.UserName;
|
|
|
|
|
|
userToUpdate.FirstName = updateInfo.FirstName;
|
|
|
|
|
|
userToUpdate.LastName = updateInfo.LastName;
|
|
|
|
|
|
userToUpdate.Sid = updateInfo.Sid;
|
|
|
|
|
|
userToUpdate.Contacts = updateInfo.Contacts;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.TitleAttribute)) userToUpdate.Title = updateInfo.Title;
|
|
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.LocationAttribute)) userToUpdate.Location = updateInfo.Location;
|
|
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.GenderAttribute)) userToUpdate.Sex = updateInfo.Sex;
|
|
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.BirthDayAttribute)) userToUpdate.BirthDate = updateInfo.BirthDate;
|
|
|
|
|
|
if (settings.LdapMapping.ContainsKey(Mapping.MobilePhoneAttribute)) userToUpdate.MobilePhone = updateInfo.MobilePhone;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!userToUpdate.IsOwner(_tenantManager.GetCurrentTenant())) // Owner must never be terminated by LDAP!
|
|
|
|
|
|
{
|
|
|
|
|
|
userToUpdate.Status = updateInfo.Status;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
|
|
|
|
|
|
if (!onlyGetChanges)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("CoreContext.UserManager.SaveUserInfo({0})", userToUpdate.GetUserInfoString());
|
|
|
|
|
|
|
|
|
|
|
|
portlaUserInfo = _userManager.SaveUserInfo(userToUpdate);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
catch (Exception ex)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.ErrorFormat("UpdateUserWithLDAPInfo(Id='{0}' UserName='{1}' Sid='{2}') failed: Error: {3}",
|
2022-05-05 13:23:05 +00:00
|
|
|
|
userToUpdate.Id, userToUpdate.UserName,
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userToUpdate.Sid, ex);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
public bool TryGetAndSyncLdapUserInfo(string login, string password, out UserInfo userInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
userInfo = Constants.LostUser;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var settings = _settingsManager.Load<LdapSettings>();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!settings.EnableLdapAuthentication)
|
|
|
|
|
|
return false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\")", login);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_novellLdapUserImporter.Init(settings, _resource);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var ldapUserInfo = _novellLdapUserImporter.Login(login, password);
|
|
|
|
|
|
|
|
|
|
|
|
if (ldapUserInfo == null || ldapUserInfo.Item1.Equals(Constants.LostUser))
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("NovellLdapUserImporter.Login('{0}') failed.", login);
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var portalUser = _userManager.GetUserBySid(ldapUserInfo.Item1.Sid);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (portalUser.Status == EmployeeStatus.Terminated || portalUser.Equals(Constants.LostUser))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!ldapUserInfo.Item2.IsDisabled)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.DebugFormat("TryCheckAndSyncToLdapUser(Username: '{0}', Email: {1}, DN: {2})",
|
|
|
|
|
|
ldapUserInfo.Item1.UserName, ldapUserInfo.Item1.Email, ldapUserInfo.Item2.DistinguishedName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!TryCheckAndSyncToLdapUser(ldapUserInfo, _novellLdapUserImporter, out userInfo))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.Debug("TryCheckAndSyncToLdapUser() failed");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("TryCheckAndSyncToLdapUser(Username: '{0}', Email: {1}, DN: {2})",
|
|
|
|
|
|
ldapUserInfo.Item1.UserName, ldapUserInfo.Item1.Email, ldapUserInfo.Item2.DistinguishedName);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var tenant = _tenantManager.GetCurrentTenant();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
new Task(() =>
|
|
|
|
|
|
{
|
|
|
|
|
|
using var scope = _serviceProvider.CreateScope();
|
2022-03-25 07:38:09 +00:00
|
|
|
|
var tenantManager = scope.ServiceProvider.GetRequiredService<TenantManager>();
|
|
|
|
|
|
var securityContext = scope.ServiceProvider.GetRequiredService<SecurityContext>();
|
|
|
|
|
|
var novellLdapUserImporter = scope.ServiceProvider.GetRequiredService<NovellLdapUserImporter>();
|
|
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager>();
|
|
|
|
|
|
var cookiesManager = scope.ServiceProvider.GetRequiredService<CookiesManager>();
|
|
|
|
|
|
var log = scope.ServiceProvider.GetRequiredService<IOptionsMonitor<ILog>>().Get("ASC");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
tenantManager.SetCurrentTenant(tenant);
|
|
|
|
|
|
securityContext.AuthenticateMe(Core.Configuration.Constants.CoreSystem);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var uInfo = SyncLDAPUser(ldapUserInfo.Item1);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var newLdapUserInfo = new Tuple<UserInfo, LdapObject>(uInfo, ldapUserInfo.Item2);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (novellLdapUserImporter.Settings.GroupMembership)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!novellLdapUserImporter.TrySyncUserGroupMembership(newLdapUserInfo))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\") disabling user {1} due to not being included in any ldap group", login, uInfo);
|
|
|
|
|
|
uInfo.Status = EmployeeStatus.Terminated;
|
|
|
|
|
|
uInfo.Sid = null;
|
|
|
|
|
|
userManager.SaveUserInfo(uInfo);
|
2022-05-05 13:23:05 +00:00
|
|
|
|
cookiesManager.ResetUserCookie(uInfo.Id);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
}
|
|
|
|
|
|
}).Start();
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (ldapUserInfo.Item2.IsDisabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\") failed, user is disabled in ldap", login);
|
|
|
|
|
|
return false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
else
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userInfo = portalUser;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
_log.ErrorFormat("TryGetLdapUserInfo(login: '{0}') failed. Error: {1}", login, ex);
|
|
|
|
|
|
userInfo = Constants.LostUser;
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
private bool TryCheckAndSyncToLdapUser(Tuple<UserInfo, LdapObject> ldapUserInfo, LdapUserImporter importer,
|
|
|
|
|
|
out UserInfo userInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
_securityContext.AuthenticateMe(Core.Configuration.Constants.CoreSystem);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userInfo = SyncLDAPUser(ldapUserInfo.Item1);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (userInfo == null || userInfo.Equals(Constants.LostUser))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new Exception("The user did not pass the configuration check by ldap user settings");
|
|
|
|
|
|
}
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
var newLdapUserInfo = new Tuple<UserInfo, LdapObject>(userInfo, ldapUserInfo.Item2);
|
2022-03-08 05:37:20 +00:00
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
if (!importer.Settings.GroupMembership)
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
|
|
|
|
|
|
if (!importer.TrySyncUserGroupMembership(newLdapUserInfo))
|
2022-03-08 05:37:20 +00:00
|
|
|
|
{
|
2022-03-17 19:44:34 +00:00
|
|
|
|
userInfo.Sid = null;
|
|
|
|
|
|
userInfo.Status = EmployeeStatus.Terminated;
|
|
|
|
|
|
_userManager.SaveUserInfo(userInfo);
|
|
|
|
|
|
throw new Exception("The user did not pass the configuration check by ldap group settings");
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-17 19:44:34 +00:00
|
|
|
|
return true;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
2022-03-17 19:44:34 +00:00
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
_log.ErrorFormat("TrySyncLdapUser(SID: '{0}', Email: {1}) failed. Error: {2}", ldapUserInfo.Item1.Sid,
|
|
|
|
|
|
ldapUserInfo.Item1.Email, ex);
|
|
|
|
|
|
}
|
|
|
|
|
|
finally
|
|
|
|
|
|
{
|
|
|
|
|
|
_securityContext.Logout();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
userInfo = Constants.LostUser;
|
|
|
|
|
|
return false;
|
2022-03-08 05:37:20 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
