using System; using System.Collections.Generic; using System.DirectoryServices.AccountManagement; using System.Linq; namespace HRD.LDAPService { public static class LdapManager { public static bool AD_AddUserloginToGroup(string userLogin, string group4User) { string groupName = GetFullGroupName(group4User); try { using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN)) { UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userLogin); if (userPrincipal == default) { throw new Exception($". Can't find the UserPrincipal by userId:{userLogin}"); } List userGroupList = userPrincipal.GetGroups().ToList(); // all groups of which the user is a direct member if (userGroupList == default) { throw new Exception($". Can't find the userGroupList; userId:{userLogin}"); } GroupPrincipal userGroup = userGroupList.Find(x => string.Equals(x.Name, groupName, StringComparison.OrdinalIgnoreCase)) as GroupPrincipal; if (userGroup != default) { return true; //is already here } else { GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, IdentityType.Name, groupName); if (group == default) //try to create a group { if (CreateAdGroup(groupName)) { group = GroupPrincipal.FindByIdentity(principalContext, IdentityType.Name, groupName); } } if (group == default) { throw new Exception($". Can't create the AD-group: \"{groupName}\""); } group.Members.Add(principalContext, IdentityType.SamAccountName, userLogin); group.Save(); } } return true; } catch (Exception ex) { throw; } } public static bool CheckAndCreateAdGroup(string adGroupName) { try { // set up domain context and binding to the OU=Web-Apps var adPath = AD_GroupPath(adGroupName); using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) { var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName); if (group != null) { return true; } // create a new group principal, give it a name GroupPrincipal newGroup = new GroupPrincipal(ctx, adGroupName); // save the group newGroup.Save(); return true; } } catch (Exception ex) { return false; //throw; } } public static List GetAdUserLoginList4AdGroups(List adGroupNames) { if (adGroupNames == null) { return default; } List result = new List(); foreach (var adGroupName in adGroupNames) { var list = GetAdUserLoginList4AdGroup(adGroupName); result.AddRange(list); } return result; } public static List GetAdUserLoginList4AdGroup(string adGroupName) { try { List result = new List(); // set up domain context and binding to the OU=Web-Apps var adPath = AD_GroupPath(adGroupName); using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) { var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName); if (group == null) { throw new Exception($". Can't find the AD-group: \"{adGroupName}\""); } result = group.Members.Select(x => x.SamAccountName).ToList(); return result; } } catch (Exception ex) { //_logger.LogException(ex, $"An error occurred while getting user for the AD-group {adGroupName}"); return default; //throw; } } public static bool CheckAndCreateAdGroups(List adGroupNames) { if (adGroupNames == null) { return false; } foreach (var adGroupName in adGroupNames) { if (!CheckAndCreateAdGroup(adGroupName)) { return false; } } return true; } public static bool CreateAdGroup(string adGroupName) { try { // set up domain context and binding to the OU=TechWriters organizational unit in your company var adPath = AD_GroupPath(adGroupName); using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) { // create a new group principal, give it a name using (GroupPrincipal group = new GroupPrincipal(ctx, adGroupName)) { // optionally set additional properties on the newly created group here.... // save the group group.Save(); } return true; } } catch (Exception) { return false; //throw; } } public static bool IsWindreamADGroup(string adGroupName) { return adGroupName.StartsWith(LdapGlobals.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase); } public static bool IsWindreamSuffixGroup(string suffixGroupName) { return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase); } public static bool IsWindreamAdminGroup(string suffixGroupName) { return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase); } public static bool IsWindreamUserGroup(string suffixGroupName) { return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase); } public static string AD_GroupPath(string adGroupName) { if (IsWindreamADGroup(adGroupName)) { return LdapGlobals.LDAP_PATH_EDM; } else { return LdapGlobals.LDAP_PATH_WEBAPPS; } } public static string GetFullGroupName(string groupNameSuffix) { //Mapping Windream_User => GG_EDMUser_Group_Live or GG_EDM__Test_User_Group //Mapping Windream_Admin => GG_EDMAdmin_Group or GG_EDM__Test_Admin_Group //Mapping Windream_Technik => GG_EDM_Technik or GG_EDM__Test_Technik var testPrefix = !LdapGlobals.LDAP_WebAppGroup_Is_Live ? LdapGlobals.LDAP_Prefix_Test : ""; if (IsWindreamAdminGroup(groupNameSuffix)) { return LdapGlobals.LDAP_EDMAdmin_Prefix + testPrefix; } else if (IsWindreamUserGroup(groupNameSuffix)) { return LdapGlobals.LDAP_EDMUser_Prefix + testPrefix; } else { return (IsWindreamSuffixGroup(groupNameSuffix) ? LdapGlobals.LDAP_EDM_Prefix : LdapGlobals.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(LdapGlobals.LDAP_WINDREAM, ""); } } public static bool AD_RemoveUserFromGroup(string userId, string group4User) { string groupName = GetFullGroupName(group4User); // secure that no windream user or admin can be deleted if (groupName.Equals(LdapGlobals.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase) || groupName.Equals(LdapGlobals.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase)) { return true; } try { using var principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN); UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userId); if (userPrincipal == default) { throw new Exception($". Can't find the UserPrincipal by userId: {userId}"); } List userGroupList = userPrincipal.GetGroups().ToList(); // all groups of which the user is a direct member if (userGroupList == default) { throw new Exception($". Can't find the userGroupList; userId: {userId}"); } GroupPrincipal group = userGroupList.Find(x => x.Name == groupName) as GroupPrincipal; if (group == default) { return true; //the user is not in the group - nothing to do more //throw new Exception($". Can't find the AD-group: \"{groupName}\""); } group.Members.Remove(principalContext, IdentityType.SamAccountName, userId); group.Save(); return true; } catch (Exception ex) { throw; } } } }