mirror of
https://github.com/bitwarden/directory-connector
synced 2025-12-18 09:13:28 +00:00
refactoring entry and path usage
This commit is contained in:
Kyle Spearrin
@@ -1,4 +1,5 @@
|
|||||||
using Newtonsoft.Json;
|
using Bit.Core.Services;
|
||||||
|
using Newtonsoft.Json;
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.DirectoryServices;
|
using System.DirectoryServices;
|
||||||
@@ -15,20 +16,44 @@ namespace Bit.Core.Models
|
|||||||
public string Path { get; set; }
|
public string Path { get; set; }
|
||||||
public string Username { get; set; }
|
public string Username { get; set; }
|
||||||
public EncryptedData Password { get; set; }
|
public EncryptedData Password { get; set; }
|
||||||
[JsonIgnore]
|
|
||||||
public string ServerPath => $"LDAP://{Address}:{Port}/{Path}";
|
|
||||||
public Enums.DirectoryType Type { get; set; } = Enums.DirectoryType.ActiveDirectory;
|
public Enums.DirectoryType Type { get; set; } = Enums.DirectoryType.ActiveDirectory;
|
||||||
|
|
||||||
public DirectoryEntry GetDirectoryEntry()
|
public DirectoryEntry GetUserDirectoryEntry()
|
||||||
|
{
|
||||||
|
return GetPathedDirectoryEntry(SettingsService.Instance.Sync.Ldap.UserPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
public DirectoryEntry GetGroupDirectoryEntry()
|
||||||
|
{
|
||||||
|
return GetPathedDirectoryEntry(SettingsService.Instance.Sync.Ldap.GroupPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
public DirectoryEntry GetPathedDirectoryEntry(string pathPrefix = null)
|
||||||
|
{
|
||||||
|
var path = Path;
|
||||||
|
if(!string.IsNullOrWhiteSpace(pathPrefix))
|
||||||
|
{
|
||||||
|
path = string.Concat(pathPrefix, ",", path);
|
||||||
|
}
|
||||||
|
|
||||||
|
return GetDirectoryEntry(path);
|
||||||
|
}
|
||||||
|
|
||||||
|
public DirectoryEntry GetDirectoryEntry(string path = null)
|
||||||
{
|
{
|
||||||
if(Password == null && string.IsNullOrWhiteSpace(Username))
|
if(Password == null && string.IsNullOrWhiteSpace(Username))
|
||||||
{
|
{
|
||||||
return new DirectoryEntry(ServerPath);
|
return new DirectoryEntry(ServerPath(path));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return new DirectoryEntry(ServerPath, Username, Password.DecryptToString(), AuthenticationTypes.None);
|
return new DirectoryEntry(ServerPath(path), Username, Password.DecryptToString(), AuthenticationTypes.None);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private string ServerPath(string path)
|
||||||
|
{
|
||||||
|
return $"LDAP://{Address}:{Port}/{path}";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,14 +15,11 @@ namespace Bit.Core.Models
|
|||||||
|
|
||||||
public SyncConfiguration(DirectoryType type)
|
public SyncConfiguration(DirectoryType type)
|
||||||
{
|
{
|
||||||
|
Ldap = new LdapSyncConfiguration(type);
|
||||||
|
|
||||||
switch(type)
|
switch(type)
|
||||||
{
|
{
|
||||||
case DirectoryType.ActiveDirectory:
|
case DirectoryType.ActiveDirectory:
|
||||||
Ldap.CreationDateAttribute = "whenCreated";
|
|
||||||
Ldap.RevisionDateAttribute = "whenChanged";
|
|
||||||
Ldap.UserEmailPrefixAttribute = "sAMAccountName";
|
|
||||||
Ldap.UserPath = "Users";
|
|
||||||
Ldap.GroupPath = "Users";
|
|
||||||
break;
|
break;
|
||||||
case DirectoryType.AzureActiveDirectory:
|
case DirectoryType.AzureActiveDirectory:
|
||||||
GroupFilter = null;
|
GroupFilter = null;
|
||||||
@@ -45,6 +42,26 @@ namespace Bit.Core.Models
|
|||||||
|
|
||||||
public class LdapSyncConfiguration
|
public class LdapSyncConfiguration
|
||||||
{
|
{
|
||||||
|
public LdapSyncConfiguration() { }
|
||||||
|
|
||||||
|
public LdapSyncConfiguration(DirectoryType type)
|
||||||
|
{
|
||||||
|
switch(type)
|
||||||
|
{
|
||||||
|
case DirectoryType.ActiveDirectory:
|
||||||
|
CreationDateAttribute = "whenCreated";
|
||||||
|
RevisionDateAttribute = "whenChanged";
|
||||||
|
UserEmailPrefixAttribute = "sAMAccountName";
|
||||||
|
UserPath = "Users";
|
||||||
|
GroupPath = "Users";
|
||||||
|
break;
|
||||||
|
case DirectoryType.Other:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public string UserPath { get; set; }
|
public string UserPath { get; set; }
|
||||||
public string GroupPath { get; set; }
|
public string GroupPath { get; set; }
|
||||||
public string UserObjectClass { get; set; } = "person";
|
public string UserObjectClass { get; set; } = "person";
|
||||||
|
|||||||
@@ -83,7 +83,7 @@ namespace Bit.Core.Services
|
|||||||
throw new ApplicationException("Not authenticated.");
|
throw new ApplicationException("Not authenticated.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var entry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry();
|
var entry = SettingsService.Instance.Server.Ldap.GetGroupDirectoryEntry();
|
||||||
|
|
||||||
var originalFilter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.GroupObjectClass,
|
var originalFilter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.GroupObjectClass,
|
||||||
SettingsService.Instance.Sync.GroupFilter);
|
SettingsService.Instance.Sync.GroupFilter);
|
||||||
@@ -236,7 +236,7 @@ namespace Bit.Core.Services
|
|||||||
throw new ApplicationException("Not authenticated.");
|
throw new ApplicationException("Not authenticated.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var entry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry();
|
var entry = SettingsService.Instance.Server.Ldap.GetUserDirectoryEntry();
|
||||||
var filter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.UserObjectClass,
|
var filter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.UserObjectClass,
|
||||||
SettingsService.Instance.Sync.UserFilter);
|
SettingsService.Instance.Sync.UserFilter);
|
||||||
filter = BuildRevisionFilter(filter, force, SettingsService.Instance.LastUserSyncDate);
|
filter = BuildRevisionFilter(filter, force, SettingsService.Instance.LastUserSyncDate);
|
||||||
@@ -259,12 +259,14 @@ namespace Bit.Core.Services
|
|||||||
// Deleted users
|
// Deleted users
|
||||||
if(SettingsService.Instance.Server.Type == DirectoryType.ActiveDirectory)
|
if(SettingsService.Instance.Server.Type == DirectoryType.ActiveDirectory)
|
||||||
{
|
{
|
||||||
filter = string.Format("(&{0}(isDeleted=TRUE))", filter);
|
var deletedEntry = SettingsService.Instance.Server.Ldap.GetDirectoryEntry();
|
||||||
|
var deletedFilter = BuildBaseFilter(SettingsService.Instance.Sync.Ldap.UserObjectClass, "(isDeleted=TRUE)");
|
||||||
|
deletedFilter = BuildRevisionFilter(deletedFilter, force, SettingsService.Instance.LastUserSyncDate);
|
||||||
|
|
||||||
searcher = new DirectorySearcher(entry, filter);
|
var deletedSearcher = new DirectorySearcher(deletedEntry, deletedFilter);
|
||||||
searcher.Tombstone = true;
|
deletedSearcher.Tombstone = true;
|
||||||
result = searcher.FindAll();
|
var deletedResult = searcher.FindAll();
|
||||||
foreach(SearchResult item in result)
|
foreach(SearchResult item in deletedResult)
|
||||||
{
|
{
|
||||||
var user = BuildUser(item, true);
|
var user = BuildUser(item, true);
|
||||||
if(user == null)
|
if(user == null)
|
||||||
|
|||||||
Reference in New Issue
Block a user