nordes / identityserver4.ldapextension Goto Github PK

I am try to use IdentityServer4.LdapExtension with the IdentityServer4 v.2.2.0. I was told that I must use IdentityServer4.LdapExtension v.2.0.0. Where can I download the source code for V 2.0.0? Is there way to make IdentityServer4.LdapExtension V.2.1.7 work with IdentityServer4 V2.2.0?

I would like to build a "standard" docker image for IdentityServer4.LdapExtension.

This would ease the entry barrier to participate in development. Potential develop doesn't have to configure there own docker image.

any thoughts?

If user has not roles, exception throw here

How can I get user roles from AD?

The current release does not support SSL, even though there is a configuration option for this. Is this planned for the next release? Is somebody already working on this?

Hello,

This library use Windows only libraries or it support Linux?

Nice extension which i don't really understand why IdentityServer don't bake this into it's core. But since IDSvr is now changing to Duende, will you release a Duende extension?

The type 'IIdentityServerBuilder' exists in both 'Duende.IdentityServer, Version=5.0.5.0, Culture=neutral, PublicKeyToken=null' and 'IdentityServer4, Version=4.1.2.0, Culture=neutral, PublicKeyToken=f294d0afe402bb2b'

Hi,

Would like to know if there is a reset password feature for this library?

same as title, just curious what the intention is of that

Hi,
Is it possible to use this extension to turn my IdentityServer into an ActiveDirectory ? By using the AspNetCore.Identity library in .NET Core my website users will be stored in SQL server.
I want to be able to store the users and their roles and permissions in an ActiveDirectory. Is it possible with this extension ?

ActiveDirectoryLdapAttributes and OpenLdapAttributes one LdapAttributes.cs merge ?

Hello, is your project time to test with Active Directory Ldap? This matter is important to me, I want to use your refusal. Thank you from now.

Hello!
I tried to update your example to IdentityServer version 4.1.2 and it didn’t work for me, are you planning to update your IdentityServer.LdapExtension?

How to use your nuget with sso?

Hi,

I'm using the LdapExtension with the AD flavour.
Are groups/roles supported yet?

I can't get it working. The authentication process is working well.

Is there anything I've to configure in advanced?

Hi,

have you any plans to upgrade this extension in the near future?

kind regards
Christan

I keep on trying to login with a user that is already in our active directory, but it seems it can't find it? I don't know if the connection is the problem or what because there are no errors stating error with the connection. I am using ActiveDirectoryAppUser instead of the OpenLDAP one. I know this is kind of broad but, the problem seems to not lead me to anything specific. I don't know if I am missing something. When I debug it gets to the part of validatingCredentials in the "inMemoryUserStore.cs" file (I downloaded the source code and added it to my solution in order to debug). It gets the correct credentials that are passed by thru postman. Once it trys to use the "_authenticationService.login(username, password)" method I don't know what happens but the user is unauthorized.

this is the validateCredentials method that is included in the ldapExtension project

public IAppUser ValidateCredentials(string username, string password)
{
try
{
var user = _authenticationService.Login(username, password);
if (user != null)
{
return user;
}
}
catch (LoginFailedException)
{
return default(TUser);
}

        return default(TUser);
    }

this is my login controller that is getting the data from postman

[HttpPost("SignIn")]
public async Task SignIn([FromBody]LdapUser model)
{
// validate username/password against Ldap
var user = userStore.ValidateCredentials(model.Username, model.Password);

        if (user != default(IAppUser))
        {
            // Response with authentication cookie
            await HttpContext.SignInAsync(user.SubjectId, user.Username);

            var token = await tools.IssueClientJwtAsync(
               clientId: "MyBackend",
               lifetime: 3600,
               audiences: new[] { "MyBackend1", "MyBackend2" });

            // Get the Access token
            //var accessToken = await this.tools.IssueClientJwtAsync(lifetime: 3600, claims: new Claim[] { new Claim(JwtClaimTypes.Audience, model.ApiResource) });

            // Write the Access token to response
            await HttpContext.Response.WriteAsync(token);

            return Ok();
        }
        else
        {
            return Unauthorized();
        }
    }

this is my startup file

public Startup(IConfiguration configuration)
{
this.Configuration = configuration;
}
public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<IISOptions>(iis =>
        {
            iis.AuthenticationDisplayName = "Windows";
            iis.AutomaticAuthentication = false;
        });

        String sHostname = System.Net.Dns.GetHostName();

        services.AddMvc();

        services.AddIdentityServer()
            .AddDeveloperSigningCredential(persistKey: false)
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetAllApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddTestUsers(Config.GetUser())
            .AddLdapUsers<ActiveDirectoryAppUser>(this.Configuration.GetSection("LdapServer"), UserStore.InMemory);
        ;
    }

I am also following this guide

Thank you for your time!

Hello Do you know how to use the package with a video. For beginners like me, we can learn more easily and more easily.

If UID attribute is not present in active directory, below line throws an error as it doesn't find username.

I have a fix on a local branch, can i have access to create a branch?

How to get data info from AD profiles like emails, name, etc from scopes?

I've implemented IS on my AD ad it work with login page. I'm tring the ResourceOwnerPassword but I always get invalid_grant and in log I see "User has been disabled".

The problem is in then LdapUserProfileService.IsActiveAsync that don't find the user and set context.IsActive to false.

At runtime the Users collection is empty. Anyone has this issue?

Grazie

Hello,

I have down loaded your code and got it compiled. When I try to run the "MvcClient" with the "QuickstartIdentityServer", it wouldn't redirect me back to the "MvcClient" after I login. I traced it, it looks like the function "FindBySubjectId" always return me null. Any ideas?

Best Regards,
D. L.

Is there a way to configure multiple Ldap servers?

I'm thinking that the Startup could look something like below.
.AddLdapUsers<ActiveDirectoryAppUser>(Configuration.GetSection("activeDirectory1"), UserStore.InMemory).AddLdapUsers<ActiveDirectoryAppUser>(Configuration.GetSection("activeDirectory2"), UserStore.InMemory);

I'm not sure how to configure and specify which Active Directory server to connect, currently when I add multiple user stores it only searches the second addition.

Hi,

I trying to connect to LDAP with these connection properties but can't find their equivalent of appsettings (GSS-API in particular).

Could you help me please?

I started with the sample and I cannot log into the ldap of a test server: ldap.forumsys.com
https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server

Here is my configuration: does it seem correct to you?

"IdentityServerLdap": {
    // Example: If you use a redis instead of in-memory (See Startup.cs)
    //"redis": "localhost:32771,ssl=false",
    //"RefreshClaimsInSeconds": 3600,
    "Connections": [
      {
        "FriendlyName": "forumsys",
        "Url": "ldap.forumsys.com",
        "Port": 389,
        "Ssl": false,
        "BindDn": "cn=read-only-admin,dc=example,dc=com",
        "BindCredentials": "password",
        "SearchBase": "dc=example,dc=com  ",
        "SearchFilter": "(&(objectClass=user)(uid={0}))"
        //"PreFilterRegex": "^(?![a|A]).*$" // not mandatory and will take everything not starting with A
      }
    ]
  }

Thank you in advance.

Sign in

<li class="nav-item">
    <a href="/login"><icon icon="sign-in-alt" class="mr-2" /><span>Sign-In</span></a>
</li>

Sign out:

<li class="nav-item" v-if="isAuthenticated">
    <a href="/logout"><icon icon="sign-in-alt" flip="horizontal" class="mr-2" /><span>Sign-Out</span></a>
</li>

Basically update all the projects/fix new version implementation for font-awesome (fortawesome).

Also fix the build/exec with the test project.

Hi, i am found bug dsbenghe/Novell.Directory.Ldap.NETStandard#216
Possible you have background solution for this issue?

I get below error when I get more traffic
An attempt was made to access a socket in a way forbidden by its access permissions aaa.bbb.ccc.ddd.
An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full
Only one usage of each socket address (protocol/network address/port) is normally permitted

.AddLdapUsers(Configuration.GetSection("ldapActiveDirectory"),
UserStore.InMemory);
//.AddLdapUsers(Configuration.GetSection("ldapOpenLdap"), UserStore.InMemory)

How to use
identity server 4 entity framework core web admin interface
dynamic client management
example

Resource etc..

Hi,

I want suggest an approach for going ahead for the next upgrade to an actual version of IdentityServer4.
IdentityServer4 version greater than 3.0.0 aren't supporting .NETStandard 2.0 any more.
You have to use TFM netcoreapp3.0 or netcoreapp3.1

What is your thought about branching the cuurent master into a maintenance branch for versions 2.1.x
Afterwards master we coud do the neccesseary changes for going ahead with new supported TFM like netcoreapp3.1.

any thoughts?

In local environment, tokens are generated sucessfully for existing AD users. When token is requerested for unexisting user or wrong password entered, server logs invalid_username_or_password, which is correct.

After publishing server in a docker container and requesting a token through connect/token endpoint, any value entered in username and password fields generates a token.

Any idea what I could be doing wrong?

Package used are the following:

"IdentityServer.LdapExtension" Version="2.1.49"
"IdentityServer4" Version="2.4.0"

Local environment:

Docker container

"ldapActiveDirectory": {
// Active directory
"url": "LDAP://79.123.184.30",
"port": 389,
"ssl": false,
"bindDn": "DC=hitit,DC=edu,DC=tr",
"bindCredentials": "******",
"searchBase": "CN=Users,DC=hitit,DC=edu,DC=tr",
// "searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"searchFilter": "(&(objectClass=user)(SAMAccountName={0}))",
// Example: If you use a redis instead of in-memory
//"redis": "localhost:32771,ssl=false"
}

hi, i´m trying to setup Azure AD as external provider in a deployment i have with LdapExtension, but the callback allways ends up calling the Search method and obviusly the user(Azure AD) does not exist in any ldap and the login fail, can we set up the ldap extension and also external oidc ??

Is there a way to extend the properties in the above classes ?

Since LDAP calls are I/O bound, async calls could add a performance benefit under high-load.

I have identityserver4 setup and was able to get your library to support authenticating against ActiveDirectory. This works when using InMemory UserStore but what I am looking to do is authenticate against ActiveDirectory and then store the user in a database specific to my application. My ultimate objective is to get this working with AspNet.Identity.MongoDbCore but I'm not sure how to even get this working with AspNetCore's built-in EF provider. I am looking for guidance on how to use your library for authentication only but not as the userstore?

Hi!

When I try to get info about user I get LdapReferralException.

I found solution here https://stackoverflow.com/questions/46052873/a-list-of-all-users-ldap-referral-error-ldapreferralexception.

I think this property has to be configurationable.