From 3e75fd1b04099436f43ac23ea42be3625105dc53 Mon Sep 17 00:00:00 2001 From: Oleg Brezhnev Date: Tue, 25 Jun 2024 16:50:31 +0300 Subject: [PATCH 1/4] freeipa memberof --- src/Services/LdapService.cs | 53 +++++++++++++++++++++++++++++-------- tests/NameResolverTest.cs | 16 ++++++----- 2 files changed, 52 insertions(+), 17 deletions(-) diff --git a/src/Services/LdapService.cs b/src/Services/LdapService.cs index 56af0d1..c1e6e25 100644 --- a/src/Services/LdapService.cs +++ b/src/Services/LdapService.cs @@ -1,4 +1,4 @@ -//Copyright(c) 2022 MultiFactor +//Copyright(c) 2022 MultiFactor //Please see licence at //https://github.com/MultifactorLab/multifactor-ldap-adapter/blob/main/LICENSE.md @@ -112,7 +112,38 @@ private LdapPacket BuildLoadProfileRequest(string userName, string baseDn) return packet; } - private LdapPacket BuildMemberOfRequest(string userName) + private LdapAttribute[] GetADMemberOfFilter(string userName) + { + return new[] + { + new LdapAttribute((byte)LdapFilterChoice.extensibleMatch) + { + ChildAttributes = + { + new LdapAttribute(1, "1.2.840.113556.1.4.1941"), + new LdapAttribute(2, "member"), + new LdapAttribute(3, userName), + new LdapAttribute(4, (byte)0) + } + } + }; + } + + private LdapAttribute[] GetFreeIpaMemberOfFilter(string userName) + { + return new[] { + new LdapAttribute((byte)LdapFilterChoice.equalityMatch) + { + ChildAttributes = + { + new LdapAttribute(UniversalDataType.OctetString, "member"), + new LdapAttribute(UniversalDataType.OctetString, userName) + } + } + }; + } + + private LdapPacket BuildMemberOfRequest(string userName, LdapAttribute[] memberFilter) { var packet = new LdapPacket(_messageId++); @@ -126,14 +157,10 @@ private LdapPacket BuildMemberOfRequest(string userName) searchRequest.ChildAttributes.Add(new LdapAttribute(UniversalDataType.Integer, (byte)60)); //time limit: 60 searchRequest.ChildAttributes.Add(new LdapAttribute(UniversalDataType.Boolean, true)); //typesOnly: true - var filter = new LdapAttribute(9); - - filter.ChildAttributes.Add(new LdapAttribute(1, "1.2.840.113556.1.4.1941")); //AD filter - filter.ChildAttributes.Add(new LdapAttribute(2, "member")); - filter.ChildAttributes.Add(new LdapAttribute(3, userName)); - filter.ChildAttributes.Add(new LdapAttribute(4, (byte)0)); - - searchRequest.ChildAttributes.Add(filter); + foreach (var attribute in memberFilter) + { + searchRequest.ChildAttributes.Add(attribute); + } packet.ChildAttributes.Add(searchRequest); @@ -349,7 +376,11 @@ public async Task> GetAllGroups(Stream ldapConnectedStream, LdapPro return profile.MemberOf; } - var request = BuildMemberOfRequest(profile.Dn); + var memberOfFilter = string.IsNullOrEmpty(clientConfiguration.LdapBaseDn) + ? GetADMemberOfFilter(profile.Dn) + : GetFreeIpaMemberOfFilter(profile.Dn); + + var request = BuildMemberOfRequest(profile.Dn, memberOfFilter); var requestData = request.GetBytes(); await ldapConnectedStream.WriteAsync(requestData, 0, requestData.Length); diff --git a/tests/NameResolverTest.cs b/tests/NameResolverTest.cs index 30c545d..9823204 100644 --- a/tests/NameResolverTest.cs +++ b/tests/NameResolverTest.cs @@ -20,12 +20,16 @@ public void ShouldResolveName(string from, string to) } ); var resolver = host.Services.GetRequiredService(); - var context = new NameResolverContext(new[] { - new NetbiosDomainName { - Domain = "domain.test", - NetbiosName = "DOMAIN" - } - }, null); + var context = new NameResolverContext + { + Domains = new[] { + new NetbiosDomainName { + Domain = "domain.test", + NetbiosName = "DOMAIN" + } + }, + Profile = null + }; var result = resolver.Resolve(context, from, LdapIdentityFormat.Upn); Assert.Equal(result, to); } From fd190241a528652d2ded4c6791d2dac134038989 Mon Sep 17 00:00:00 2001 From: Oleg Brezhnev Date: Tue, 25 Jun 2024 16:54:00 +0300 Subject: [PATCH 2/4] indent fix --- src/Services/LdapService.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Services/LdapService.cs b/src/Services/LdapService.cs index c1e6e25..c8694f7 100644 --- a/src/Services/LdapService.cs +++ b/src/Services/LdapService.cs @@ -131,7 +131,8 @@ private LdapAttribute[] GetADMemberOfFilter(string userName) private LdapAttribute[] GetFreeIpaMemberOfFilter(string userName) { - return new[] { + return new[] + { new LdapAttribute((byte)LdapFilterChoice.equalityMatch) { ChildAttributes = From 339993067953c8ae8ffc3d76e71d88a6dec316b1 Mon Sep 17 00:00:00 2001 From: Oleg Brezhnev Date: Tue, 25 Jun 2024 16:56:09 +0300 Subject: [PATCH 3/4] test fix --- tests/NameResolverTest.cs | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/tests/NameResolverTest.cs b/tests/NameResolverTest.cs index 9823204..30c545d 100644 --- a/tests/NameResolverTest.cs +++ b/tests/NameResolverTest.cs @@ -20,16 +20,12 @@ public void ShouldResolveName(string from, string to) } ); var resolver = host.Services.GetRequiredService(); - var context = new NameResolverContext - { - Domains = new[] { - new NetbiosDomainName { - Domain = "domain.test", - NetbiosName = "DOMAIN" - } - }, - Profile = null - }; + var context = new NameResolverContext(new[] { + new NetbiosDomainName { + Domain = "domain.test", + NetbiosName = "DOMAIN" + } + }, null); var result = resolver.Resolve(context, from, LdapIdentityFormat.Upn); Assert.Equal(result, to); } From 849ba04b0155cf1505e0d5ec092bfb42152d0f27 Mon Sep 17 00:00:00 2001 From: Oleg Brezhnev Date: Tue, 25 Jun 2024 16:56:26 +0300 Subject: [PATCH 4/4] test fix --- tests/NameResolverTest.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/NameResolverTest.cs b/tests/NameResolverTest.cs index 30c545d..cba1458 100644 --- a/tests/NameResolverTest.cs +++ b/tests/NameResolverTest.cs @@ -21,7 +21,8 @@ public void ShouldResolveName(string from, string to) ); var resolver = host.Services.GetRequiredService(); var context = new NameResolverContext(new[] { - new NetbiosDomainName { + new NetbiosDomainName + { Domain = "domain.test", NetbiosName = "DOMAIN" }