Module For LDAP

[akinix]

Source Volo.Abp.Ldap
UnitTest Volo.Abp.Ldap.Tests
Because the unit test requires environment for AD.
I have skipped all the tests when I submitted the code.
I have passed all the tests in the local.

Volo.Abp.Ldap

Only Authenticate(not read/write AD)

Configure

add section in appsettings.json

use SSL

"LDAP": {
    "ServerHost": "192.168.101.54", 
    "ServerPort": 636,
    "UseSSL": true
}

not use SSL

"LDAP": {
    "ServerHost": "192.168.101.54", 
    "ServerPort": 389,
    "UseSSL": false
}

Authenticate

Injecting ILdapManager into a class. For example:

public class TaxAppService : ApplicationService
{
    private readonly ILdapManager _ldapManager;

    public TaxAppService(ILdapManager ldapManager)
    {
        _ldapManager = ldapManager;
    }

    public void Authenticate(string userName, string password)
    { 
        var result = _ldapManager.Authenticate(userName, password);
    }
}

• userName must be full domain name. E.g [email protected]

Read/Write AD

Configure

use SSL

"LDAP": {
    "ServerHost": "192.168.101.54",
    "ServerPort": 636,
    "UseSSL": true,
    "Credentials": {
        "DomainUserName": "[email protected]",
        "Password": "yH.20190528"
    },
    "SearchBase": "DC=yourdomain,DC=com,DC=cn",
    "DomainName": "yourdomain.com.cn",
    "DomainDistinguishedName": "DC=yourdomain,DC=com,DC=cn"
}

not use SSL

"LDAP": {
    "ServerHost": "192.168.101.54",
    "ServerPort": 389,
    "UseSSL": false,
    "Credentials": {
        "DomainUserName": "[email protected]",
        "Password": "yH.20190528"
    },
    "SearchBase": "DC=yourdomain,DC=com,DC=cn",
    "DomainName": "yourdomain.com.cn",
    "DomainDistinguishedName": "DC=yourdomain,DC=com,DC=cn"
}

• Credentials:DomainUserName a administrator of AD.

• Credentials:Password the password for the administrator.

• SearchBase: where search from AD.

• DomainName: name of you domain. no need www.

• DomainDistinguishedName: distinguished name of root domain.

Query Organizations

// query all organizations
// filter: (&(objectClass=organizationalUnit)) 
_ldapManager.GetOrganizations();

// query organizations by name
// filter: (&(name=abc)(objectClass=organizationalUnit))
_ldapManager.GetOrganizations("abc");

Query Organization

// query organization by distinguished name
// filter: (&(distinguishedName=abc)(objectClass=organizationalUnit))
_ldapManager.GetOrganization("abc");

Add Organization

// use LdapOrganization
_ldapManager.AddSubOrganization("nameA", parentOrganization);

// or use OrganizationDistinguishedName
_ldapManager.AddSubOrganization("nameA", "OU=Domain Controllers,DC=yourdomain,DC=com,DC=cn");

Query Users

// query all users
// filter: (&(objectCategory=person)(objectClass=user))
_ldapManager.GetUsers();

// query organizations by name
// filter: (&(name=abc)(objectCategory=person)(objectClass=user))
_ldapManager.GetUsers(name : "abc");

// query organizations by displayName
// filter: (&(displayName=abc)(objectCategory=person)(objectClass=user))
_ldapManager.GetUsers(displayName : "abc");

// query organization by commonName
// filter: (&(cn=abc)(objectCategory=person)(objectClass=user))
_ldapManager.GetUsers(commonName : "abc");

Query User

// query a user by distinguished name
// filter: (&(distinguishedName=abc)(objectCategory=person)(objectClass=user))
_ldapManager.GetUser("abc");

Add User

// use LdapOrganization
_ldapManager.AddUserToOrganization("nameA", "passwordA", parentOrganization);

// or use OrganizationDistinguishedName
_ldapManager.AddUserToOrganization("nameA", "passwordA", "OU=Domain Controllers,DC=yourdomain,DC=com,DC=cn");

[akinix]

<PackageReference Include="Novell.Directory.Ldap.NETStandard" Version="2.3.8" />

used Novell.Directory.Ldap.NETStandard for NETStandard

Source Novell.Directory.Ldap.NETStandard

[akinix]

how to test?

• prepare LDAP environment. run a openldap in docker.

dockerhub : osixia/openldap
source https://github.com/osixia/docker-openldap

• pull image

docker pull osixia/openldap

• run ldap

docker run --name ldap -d --env LDAP_ORGANISATION="abp" --env LDAP_DOMAIN="abp.com" --env LDAP_ADMIN_PASSWORD="123456" -p 389:389 -p 636:639 --detach osixia/openldap

• configure

"LDAP": {
    "ServerHost": "127.0.0.1",
    "ServerPort": 636,
    "UseSSL": true,
    "Credentials": {
        "DomainUserName": "[email protected]", // or cn=admin,dc=abp,dc=com
        "Password": "123456"
    },
    "SearchBase": "DC=abp,DC=com",
    "DomainName": "abp.com",
    "DomainDistinguishedName": "DC=abp,DC=com"
}

[hikalkan]

Great! Would you like to send a PR? I can copy it, but I like that you have a contribution in the contributors list.

[leonkosak]

Does LDAP authentication in abp.io work in multitenant environment (for instance in ANZ you have to disable multitenancy if you want using LDAP)?

[maliming]

hi @leonkosak We will make it support multi-tenancy. : ) #4983

[leonkosak]

@maliming I have scenario to authenticate via local Active Directory (AD). I am confused how to properly implement this external login.
Probably, when one user login to application for the first time, should we create new external user (AbpUsers table) and then when we have a record for new user in AbpUsers table add permissions and roles to this user?
User would always manually make login with his/her AD user.

Could you please describe steps how to properly implement this integration (robust and secure)?
Thank you.

[maliming]

hi @leonkosak

Please create a new issue.