add surname and guid to users, filter users and groups

2019-11-08 14:52:15 +01:00
parent faa86ed0be
commit 68dfc365ee
5 changed files with 75 additions and 19 deletions
--- a/Modules.Interfaces/ActiveDirectoryInterface.vb
+++ b/Modules.Interfaces/ActiveDirectoryInterface.vb
@@ -1,5 +1,6 @@
 Imports System.DirectoryServices
 Imports System.DirectoryServices.AccountManagement
+Imports System.Text.RegularExpressions
 Imports DigitalData.Modules.Database
 Imports DigitalData.Modules.Logging

@@ -11,6 +12,7 @@ Public Class ActiveDirectoryInterface
    Private ReadOnly _mssql As MSSQLServer

    Private ReadOnly _rootPath As String
+
    Private _rootNode As DirectoryEntry

    Private Const SEARCH_LIMIT = 50000
@@ -23,31 +25,31 @@ Public Class ActiveDirectoryInterface
    Private Const NAME = "name"
    Private Const OBJECTCATEGORY = "objectCategory"

-    Public Sub New(LogConfig As LogConfig, Firebird As Firebird, MSSQL As MSSQLServer, Optional RootPath As String = Nothing)
+    Public Const DEFAULT_USER_FILTER = "(&(objectClass=user)(samAccountName=@SAMACCOUNTNAME)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
+    Public Const DEFAULT_GROUP_FILTER = "(&(objectClass=group) (samAccountName=*))"
+
+    Public Sub New(LogConfig As LogConfig, Optional RootPath As String = Nothing)
        _logConfig = LogConfig
        _logger = _logConfig.GetLogger()
-        _firebird = Firebird
-        _mssql = MSSQL

        If RootPath Is Nothing Then
            _rootPath = $"LDAP://{Environment.UserDomainName}"
        Else
            _rootPath = RootPath
        End If
-
        _logger.Info("Using RootPath {0}", _rootPath)
    End Sub

-    Public Function SyncUsersForGroup(GroupName As String) As List(Of ADUser)
+    Public Function SyncUsersForGroup(GroupName As String, Firebird As Firebird, MSSQL As MSSQLServer) As List(Of ADUser)
        Try
-            Return SyncUsersForGroup(GroupName, New List(Of AttributeMapping))
+            Return SyncUsersForGroup(GroupName, New List(Of AttributeMapping), Firebird, MSSQL)
        Catch ex As Exception
            _logger.Error(ex)
            Return Nothing
        End Try
    End Function

-    Public Function SyncUsersForGroup(GroupName As String, AttributeMappings As List(Of AttributeMapping)) As List(Of ADUser)
+    Public Function SyncUsersForGroup(GroupName As String, AttributeMappings As List(Of AttributeMapping), Firebird As Firebird, MSSQL As MSSQLServer, Optional Filter As String = DEFAULT_USER_FILTER) As List(Of ADUser)
        Dim oUsers As New List(Of ADUser)
        Dim oSyncedUsers As New List(Of ADUser)
        Dim oGroupId As Int64 = Nothing
@@ -58,7 +60,7 @@ Public Class ActiveDirectoryInterface

        Try
            _logger.Debug("Fetching users from ActiveDirectory")
-            oUsers = ListUsers(GroupName, AttributeMappings)
+            oUsers = ListUsers(GroupName, AttributeMappings, Filter)
            _logger.Debug("Found {0} users", oUsers.Count)
        Catch ex As Exception
            _logger.Error(ex)
@@ -116,10 +118,12 @@ Public Class ActiveDirectoryInterface
        End Try
    End Function

-    Public Function ListGroups(Optional Query As String = "(&(objectClass=group) (samAccountName=*))") As List(Of ADGroup)
+    Public Function ListGroups(Optional Query As String = DEFAULT_GROUP_FILTER) As List(Of ADGroup)
        Return ListGroups(_rootNode, Query)
    End Function
-    Public Function ListGroups(RootNode As DirectoryEntry, Optional Query As String = "(&(objectClass=group) (samAccountName=*))") As List(Of ADGroup)
+
+
+    Public Function ListGroups(RootNode As DirectoryEntry, Optional Query As String = DEFAULT_GROUP_FILTER) As List(Of ADGroup)
        Dim oGroups As New List(Of ADGroup)

        Try
@@ -139,11 +143,11 @@ Public Class ActiveDirectoryInterface
        End Try
    End Function

-    Public Function ListUsers(GroupName As String) As List(Of ADUser)
-        Return ListUsers(GroupName, New List(Of AttributeMapping))
+    Public Function ListUsers(GroupName As String, Optional Filter As String = DEFAULT_USER_FILTER) As List(Of ADUser)
+        Return ListUsers(GroupName, New List(Of AttributeMapping), Filter)
    End Function

-    Public Function ListUsers(GroupName As String, AttributeMappings As List(Of AttributeMapping)) As List(Of ADUser)
+    Public Function ListUsers(GroupName As String, AttributeMappings As List(Of AttributeMapping), Optional Filter As String = DEFAULT_USER_FILTER) As List(Of ADUser)
        Dim oUsers As New List(Of ADUser)

        Try
@@ -161,9 +165,14 @@ Public Class ActiveDirectoryInterface
                            Try
                                If TypeOf oMember Is UserPrincipal Then
                                    Dim oUser As UserPrincipal = DirectCast(oMember, UserPrincipal)
-                                    Dim oUserEx As UserPrincipalEx = UserPrincipalEx.FindByIdentity(oContext, oUser.SamAccountName)
+                                    Dim oUserEx As UserPrincipalEx = UserPrincipalEx.FindByIdentity(oContext, IdentityType.SamAccountName, oUser.SamAccountName)
                                    Dim oCustomAttributes As New List(Of ADUser.CustomAttribute)

+                                    If FindUserWithFilter(oUserEx, Filter) = False Then
+                                        _logger.Debug("User '{0}' was skipped out due to user filter.", oUserEx.SamAccountName)
+                                        Continue For
+                                    End If
+
                                    ' TODO: Figure out why oUserEx can be nothing for certain users
                                    If oUserEx IsNot Nothing Then
                                        For Each oMap As AttributeMapping In AttributeMappings
@@ -191,6 +200,8 @@ Public Class ActiveDirectoryInterface
                                        .samAccountName = oUser.SamAccountName,
                                        .Middlename = oUser.MiddleName,
                                        .GivenName = oUser.GivenName,
+                                        .Surname = oUser.Surname,
+                                        .GUID = oUser.Guid,
                                        .Email = oUser.EmailAddress,
                                        .CustomAttributes = oCustomAttributes
                                    }
@@ -213,6 +224,36 @@ Public Class ActiveDirectoryInterface
        End Try
    End Function

+    Public Function FindUserWithFilter(User As UserPrincipalEx, Filter As String) As Boolean
+        Dim oRootPath = String.Join(","c, User.DistinguishedName.Split(","c).Skip(1))
+        Dim oPlaceholder = "@SAMACCOUNTNAME"
+        Dim oEntry As New DirectoryEntry("LDAP://" & oRootPath) With {
+            .Username = Nothing,
+            .Password = Nothing,
+            .AuthenticationType = AuthenticationTypes.Secure
+        }
+
+        If Filter = String.Empty Then
+            _logger.Warn("FindUserWithFilter: Filter was empty, returning True for User {0}", User.SamAccountName)
+            Return True
+        End If
+
+        If Filter.Contains(oPlaceholder) Then
+            Filter = Filter.Replace(oPlaceholder, User.SamAccountName)
+        Else
+            _logger.Warn("FindUserWithFilter: Placeholder '{0}' was not found in filter. Results may not be correct.")
+        End If
+
+        Dim oSearcher As New DirectorySearcher(oEntry, Filter)
+        Dim oResult = oSearcher.FindOne()
+
+        If oResult Is Nothing Then
+            Return False
+        Else
+            Return True
+        End If
+    End Function
+
    Private Function GetRootNode() As DirectoryEntry
        Dim oEntry As New DirectoryEntry(_rootPath) With {
            .AuthenticationType = AuthenticationTypes.Secure,