diff --git a/src/Core/Models/LdapConfiguration.cs b/src/Core/Models/LdapConfiguration.cs index 9f09fe75..108acccd 100644 --- a/src/Core/Models/LdapConfiguration.cs +++ b/src/Core/Models/LdapConfiguration.cs @@ -1,4 +1,5 @@ -using Newtonsoft.Json; +using Bit.Core.Services; +using Newtonsoft.Json; using System; using System.Collections.Generic; using System.DirectoryServices; @@ -15,20 +16,44 @@ namespace Bit.Core.Models public string Path { get; set; } public string Username { get; set; } public EncryptedData Password { get; set; } - [JsonIgnore] - public string ServerPath => $"LDAP://{Address}:{Port}/{Path}"; public Enums.DirectoryType Type { get; set; } = Enums.DirectoryType.ActiveDirectory; - public DirectoryEntry GetDirectoryEntry() + public DirectoryEntry GetUserDirectoryEntry() + { + return GetPathedDirectoryEntry(SettingsService.Instance.Sync.Ldap.UserPath); + } + + public DirectoryEntry GetGroupDirectoryEntry() + { + return GetPathedDirectoryEntry(SettingsService.Instance.Sync.Ldap.GroupPath); + } + + public DirectoryEntry GetPathedDirectoryEntry(string pathPrefix = null) + { + var path = Path; + if(!string.IsNullOrWhiteSpace(pathPrefix)) + { + path = string.Concat(pathPrefix, ",", path); + } + + return GetDirectoryEntry(path); + } + + public DirectoryEntry GetDirectoryEntry(string path = null) { if(Password == null && string.IsNullOrWhiteSpace(Username)) { - return new DirectoryEntry(ServerPath); + return new DirectoryEntry(ServerPath(path)); } else { - return new DirectoryEntry(ServerPath, Username, Password.DecryptToString(), AuthenticationTypes.None); + return new DirectoryEntry(ServerPath(path), Username, Password.DecryptToString(), AuthenticationTypes.None); } } + + private string ServerPath(string path) + { + return $"LDAP://{Address}:{Port}/{path}"; + } } } diff --git a/src/Core/Models/SyncConfiguration.cs b/src/Core/Models/SyncConfiguration.cs index 755e801a..390f98ac 100644 --- a/src/Core/Models/SyncConfiguration.cs +++ b/src/Core/Models/SyncConfiguration.cs @@ -15,14 +15,11 @@ namespace Bit.Core.Models public SyncConfiguration(DirectoryType type) { + Ldap = new LdapSyncConfiguration(type); + switch(type) { case DirectoryType.ActiveDirectory: - Ldap.CreationDateAttribute = "whenCreated"; - Ldap.RevisionDateAttribute = "whenChanged"; - Ldap.UserEmailPrefixAttribute = "sAMAccountName"; - Ldap.UserPath = "Users"; - Ldap.GroupPath = "Users"; break; case DirectoryType.AzureActiveDirectory: GroupFilter = null; @@ -45,6 +42,26 @@ namespace Bit.Core.Models public class LdapSyncConfiguration { + public LdapSyncConfiguration() { } + + public LdapSyncConfiguration(DirectoryType type) + { + switch(type) + { + case DirectoryType.ActiveDirectory: + CreationDateAttribute = "whenCreated"; + RevisionDateAttribute = "whenChanged"; + UserEmailPrefixAttribute = "sAMAccountName"; + UserPath = "Users"; + GroupPath = "Users"; + break; + case DirectoryType.Other: + break; + default: + break; + } + } + public string UserPath { get; set; } public string GroupPath { get; set; } public string UserObjectClass { get; set; } = "person"; diff --git a/src/Core/Services/LdapDirectoryService.cs b/src/Core/Services/LdapDirectoryService.cs index 3c4e604f..6daae046 100644 --- a/src/Core/Services/LdapDirectoryService.cs +++ b/src/Core/Services/LdapDirectoryService.cs @@ -83,7 +83,7 @@ namespace Bit.Core.Services throw new ApplicationException("Not authenticated."); } - var entry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry(); + var entry = SettingsService.Instance.Server.Ldap.GetGroupDirectoryEntry(); var originalFilter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.GroupObjectClass, SettingsService.Instance.Sync.GroupFilter); @@ -236,7 +236,7 @@ namespace Bit.Core.Services throw new ApplicationException("Not authenticated."); } - var entry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry(); + var entry = SettingsService.Instance.Server.Ldap.GetUserDirectoryEntry(); var filter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.UserObjectClass, SettingsService.Instance.Sync.UserFilter); filter = BuildRevisionFilter(filter, force, SettingsService.Instance.LastUserSyncDate); @@ -259,12 +259,14 @@ namespace Bit.Core.Services // Deleted users if(SettingsService.Instance.Server.Type == DirectoryType.ActiveDirectory) { - filter = string.Format("(&{0}(isDeleted=TRUE))", filter); + var deletedEntry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry(); + var deletedFilter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.UserObjectClass, "(isDeleted=TRUE)"); + deletedFilter = BuildRevisionFilter(deletedFilter, force, SettingsService.Instance.LastUserSyncDate); - searcher = new DirectorySearcher(entry, filter); - searcher.Tombstone = true; - result = searcher.FindAll(); - foreach(SearchResult item in result) + var deletedSearcher = new DirectorySearcher(deletedEntry, deletedFilter); + deletedSearcher.Tombstone = true; + var deletedResult = searcher.FindAll(); + foreach(SearchResult item in deletedResult) { var user = BuildUser(item, true); if(user == null)