// (c) Copyright Ascensio System SIA 2010-2022 // // This program is a free software product. // You can redistribute it and/or modify it under the terms // of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software // Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended // to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of // any third-party rights. // // This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see // the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html // // You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021. // // The interactive user interfaces in modified source and object code versions of the Program must // display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3. // // Pursuant to Section 7(b) of the License you must retain the original Product logo when // distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under // trademark law for use of our trademarks. // // All the Product's GUI elements, including illustrations and icon sets, as well as technical writing // content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 // International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode namespace ASC.ActiveDirectory.Base; ///

/// Constants of Active Directory ///

public sealed class LdapConstants { public const int STANDART_LDAP_PORT = 389; public const int SSL_LDAP_PORT = 636; public const int LDAP_ERROR_INVALID_CREDENTIALS = 0x31; public const int LDAP_V3 = 3; public const string OBJECT_FILTER = "(ObjectClass=*)"; ///

/// User Account type ///

[Flags] public enum AccountType : uint { // ReSharper disable InconsistentNaming ///

SAM_DOMAIN_OBJECT = 0x00000000, ///

SAM_GROUP_OBJECT = 0x10000000, ///

SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001, ///

SAM_ALIAS_OBJECT = 0x20000000, ///

SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001, ///

SAM_USER_OBJECT = 0x30000000, //SAM_NORMAL_USER_ACCOUNT = 0x30000000, ///

SAM_MACHINE_ACCOUNT = 0x30000001, ///

SAM_TRUST_ACCOUNT = 0x30000002, ///

SAM_APP_BASIC_GROUP = 0x40000000, ///

SAM_APP_QUERY_GROUP = 0x40000001 // ReSharper restore InconsistentNaming } ///

/// User Account Control ///

[Flags] public enum UserAccountControl : uint { // ReSharper disable InconsistentNaming ///

Zero flag

EMPTY = 0x00000000, ///

The logon script is executed.

ADS_UF_SCRIPT = 0x00000001, ///

The user account is disabled.

ADS_UF_ACCOUNTDISABLE = 0x00000002, ///

The home directory is required.

ADS_UF_HOMEDIR_REQUIRED = 0x00000008, ///

The account is currently locked out.

ADS_UF_LOCKOUT = 0x00000010, ///

No password is required.

ADS_UF_PASSWD_NOTREQD = 0x00000020, ///

The user cannot change the password

ADS_UF_PASSWD_CANT_CHANGE = 0x00000040, ///

The user can send an encrypted password.

ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080, ///

This is an account for users whose primary account is in another domain. /// This account provides user access to this domain, but not to any domain that trusts /// this domain. Also known as a local user account.

ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100, ///

This is a default account type that represents a typical user.

ADS_UF_NORMAL_ACCOUNT = 0x00000200, ///

This is a computer account for a computer that is a member of this domain.

ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000, ///

This is a computer account for a system backup domain controller /// that is a member of this domain.

ADS_UF_SERVER_TRUST_ACCOUNT = 0x00002000, ///

The password for this account will never expire.

ADS_UF_DONT_EXPIRE_PASSWD = 0x00010000, ///

The user must log on using a smart card.

ADS_UF_SMARTCARD_REQUIRED = 0x00040000, ///

The service account (user or computer account), under which a service runs, /// is trusted for Kerberos delegation. Any such service can impersonate a client /// requesting the service.

ADS_UF_TRUSTED_FOR_DELEGATION = 0x00080000, ///

The security context of the user will not be delegated to a service even /// if the service account is set as trusted for Kerberos delegation.

ADS_UF_NOT_DELEGATED = 0x00100000, ///

Restrict this principal to use only Data Encryption Standard /// (DES) encryption types for keys.

ADS_UF_USE_DES_KEY_ONLY = 0x00200000, ///

This account does not require Kerberos pre-authentication for logon.

ADS_UF_DONT_REQUIRE_PREAUTH = 0x00400000, ///

The user password has expired. This flag is created by the system /// using data from the Pwd-Last-Set attribute and the domain policy.

ADS_UF_PASSWORD_EXPIRED = 0x00800000, ///

The account is enabled for delegation. This is a security-sensitive /// setting; accounts with this option enabled should be strictly controlled. /// This setting enables a service running under the account to assume a client /// identity and authenticate as that user to other remote servers on the network.

ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000 // ReSharper restore InconsistentNaming } ///

/// Type of Group ///

[Flags] public enum GroupType : uint { // ReSharper disable InconsistentNaming ///

System group

SYSTEM = 0x00000001, ///

Global scope group

GLOBAL_SCOPE = 0x00000002, ///

Local domain scope group

LOCAL_DOMAIN_SCOPE = 0x00000004, ///

Universal scope group

UNIVERSAL_SCOPE = 0x00000008, ///

Specifies an APP_BASIC group for Windows Server Authorization Manager.

APP_BASIC = 0x000000010, ///

Specifies an APP_QUERY group for Windows Server Authorization Manager.

APP_QUERY = 0x000000020, ///

Security group

SECURITY_GROUP = 0x80000000 // ReSharper restore InconsistentNaming } ///

/// Schema attributes of Active Directory ///

// ReSharper disable once InconsistentNaming public static class ADSchemaAttributes { ///

Relative Distinguished Name

public const string NAME = "name"; ///

Common-Name

public const string COMMON_NAME = "cn"; ///

Display-Name

public const string DISPLAY_NAME = "displayName"; ///

The list of classes from which this class is derived.

public const string OBJECT_CLASS = "objectClass"; ///

DN category

public const string OBJECT_CATEGORY = "objectCategory"; ///

The unique identifier for an object.

public const string OBJECT_GUID = "objectGUID"; ///

Show-In-Advanced-View-Only

public const string SHOW_IN_ADVANCED_VIEW_ONLY = "showInAdvancedViewOnly"; ///

Obj-Dist-Name

public const string DISTINGUISHED_NAME = "distinguishedName"; ///

Is-Critical-System-Object

public const string IS_CRITICAL_SYSTEM_OBJECT = "isCriticalSystemObject"; ///

NT-Security-Descriptor in format SDDL

public const string NT_SECURITY_DESCRIPTOR = "nTSecurityDescriptor"; ///

Is-Member-Of-DL

public const string MEMBER_OF = "memberOf"; ///

Users which are members of this object

public const string MEMBER = "member"; ///

Organizational-Unit-Name

public const string ORGANIZATIONAL_UNIT_NAME = "ou"; ///

Organization-Name

public const string ORGANIZATION_NAME = "o"; ///

SAM-Account-Name

public const string ACCOUNT_NAME = "sAMAccountName"; ///

SAM-Account-Type

public const string ACCOUNT_TYPE = "sAMAccountType"; ///

A binary value that specifies the security identifier (SID) of the user. /// The SID is a unique value used to identify the user as a security principal.

public const string OBJECT_SID = "objectSid"; //Object-Sid ///

Flags that control the behavior of the user account.

public const string USER_ACCOUNT_CONTROL = "userAccountControl"; ///

This attribute contains the UPN that is an Internet-style login name /// for a user based on the Internet standard RFC 822. The UPN is shorter than /// the distinguished name and easier to remember. By convention, this should map /// to the user e-mail name. The value set for this attribute is equal to the length /// of the user's ID and the domain name. For more information about this attribute, /// see the Naming Properties topic in the Active Directory guide.

public const string USER_PRINCIPAL_NAME = "userPrincipalName"; ///

Contains the given name (first name) of the user.

public const string FIRST_NAME = "givenName"; ///

This attribute contains the family or last name for a user.

public const string SURNAME = "sn"; ///

Primary-Group-ID

public const string PRIMARY_GROUP_ID = "primaryGroupID"; ///

Name of computer as registered in DNS

public const string DNS_HOST_NAME = "dNSHostName"; ///

The Operating System Version string

public const string OPERATING_SYSTEM_VERSION = "operatingSystemVersion"; ///

The Operating System Service Pack ID String

public const string OPERATING_SYSTEM_SERVICE_PACK = "operatingSystemServicePack"; ///

The hotfix level of the operating system.

public const string OPERATING_SYSTEM_HOTFIX = "operatingSystemHotfix"; ///

The Operating System name .

public const string OPERATING_SYSTEM = "operatingSystem"; ///

The TCP/IP address for a network segment. Also called the subnet address.

public const string NETWORK_ADDRESS = "networkAddress"; ///

Mobile phone

public const string MOBILE = "mobile"; ///

Email address

public const string MAIL = "mail"; ///

Telephone number

public const string TELEPHONE_NUMBER = "telephoneNumber"; ///

Title

public const string TITLE = "title"; ///

Street Address

public const string STREET = "street"; ///

Postal code

public const string POSTAL_CODE = "postalCode"; ///

Home phone

public const string HOME_PHONE = "homePhone"; ///

Initials

public const string INITIALS = "initials"; ///

Department

public const string DIVISION = "division"; ///

Company

public const string COMPANY = "company"; } public static class RfcLDAPAttributes { public const string ENTRY_DN = "entryDN"; public const string GUID = "GUID"; public const string ENTRY_UUID = "entryUUID"; public const string NS_UNIQUE_ID = "nsuniqueid"; public const string UID = "uid"; public const string MEMBER_UID = "memberUid"; public const string DN = "dn"; } ///

/// Standart attributes of ObjectClass ///

public static class ObjectClassKnowedValues { ///

/// top value ///

public const string TOP = "top"; ///

/// Domain name ///

public const string DOMAIN = "domain"; ///

/// Domain DNS ///

public const string DOMAIN_DNS = "domainDNS"; ///

/// Group name ///

public const string GROUP = "group"; ///

/// posix-group ///

public const string POSIX_GROUP = "posixGroup"; ///

/// Person ///

public const string PERSON = "person"; ///

/// Container ///

public const string CONTAINER = "container"; ///

/// Org unit ///

public const string ORGANIZATIONAL_UNIT = "organizationalUnit"; ///

/// Org name ///

public const string ORGANIZATION = "organization"; ///

/// posix-account ///

public const string POSIX_ACCOUNT = "posixAccount"; ///

/// Org person ///

public const string ORGANIZATIONAL_PERSON = "organizationalPerson"; ///

/// User ///

public const string USER = "user"; ///

/// Computer ///

public const string COMPUTER = "computer"; ///

/// RPC container ///

public const string RPC_CONTAINER = "rpcContainer"; ///

/// Built in domain flag ///

public const string BUILD_IN_DOMAIN = "builtinDomain"; } }