forked from UniStuttgart-VISUS/Visus.LdapAuthentication
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathILdapOptions.cs
178 lines (156 loc) · 6.68 KB
/
ILdapOptions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
// <copyright file="ILdapOptions.cs" company="Visualisierungsinstitut der Universität Stuttgart">
// Copyright © 2021 - 2024 Visualisierungsinstitut der Universität Stuttgart.
// Licensed under the MIT licence. See LICENCE file for details.
// </copyright>
// <author>Christoph Müller</author>
using System;
using System.Collections.Generic;
using System.DirectoryServices.Protocols;
namespace Visus.DirectoryAuthentication {
/// <summary>
/// The configuration options for the directory server.
/// </summary>
public interface ILdapOptions {
/// <summary>
/// The authentication type used to bind to the LDAP server.
/// </summary>
public AuthType AuthenticationType { get; set; }
/// <summary>
/// Gets the default domain appended to a user name.
/// </summary>
/// <remarks>
/// Certain LDAP servers (like AD) might require the UPN instead of the
/// account name to be used for binding. If this property is set, the
/// <see cref="ILdapAuthenticationService.Login(string, string)"/>
/// method will check for plain account names and append this domain
/// to the user name. This will allow users to logon with their short
/// account name.
/// </remarks>
string DefaultDomain { get; }
/// <summary>
/// Gets whether the certificate check is disabled for accessing the
/// LDAP server.
/// </summary>
/// <remarks>
/// <para>You should not do that for production code. This is only
/// intended for development setups where you are working with
/// self-signed certificates.</para>
/// </remarks>
bool IsNoCertificateCheck { get; }
/// <summary>
/// Gets whether group memberships should be looked up recursively.
/// </summary>
/// <remarks>
/// <para>If you can express your login policies using only the primary
/// group and any direct group memberships of the user accounts, you
/// can and should disable this flag. Enabling the flag causes the login
/// process to recursively accumulate all transitive group memberships,
/// which causes a significant increase in LDAP queries that need to be
/// performed for each login.</para>
/// </remarks>
bool IsRecursiveGroupMembership { get; }
/// <summary>
/// Get whether the LDAP connection uses SSL or not.
/// </summary>
bool IsSsl { get; }
/// <summary>
/// Gets the global LDAP mapping for the selected schema.
/// </summary>
/// <remarks>
/// <para>This property mostly specifies the behaviour of the group
/// whereas the attribute mapping of the user is specified via
/// <see cref="ILdapUser.RequiredAttributes"/></para>.
/// </remarks>
LdapMapping Mapping { get; }
/// <summary>
/// Gets the per-schema global LDAP mappings, which are used to retrieve
/// group memberships etc.
/// </summary>
/// <remarks>
/// <para>This property is mostly used to specify built-in mappings. If
/// you want to provide a custom mapping, it suffices overriding the
/// <see cref="Mapping"/> property</para>.
/// </remarks>
Dictionary<string, LdapMapping> Mappings { get; }
/// <summary>
/// Gets the maximum number of results the LDAP client should request.
/// </summary>
/// <remarks>
/// <para>This is currently not used.</para>
/// </remarks>
int PageSize { get; }
/// <summary>
/// Gets the password used to connect to the LDAP server.
/// </summary>
/// <remarks>
/// <para>This password is only used when performing additional
/// queries using <see cref="ILdapConnectionService"/>. All login
/// requests in <see cref="ILdapAuthenticationService"/> are performed
/// by binding the user that is trying to log in. The user therefore
/// must be able to read his/her own LDAP entry and the groups in
/// order to fill <see cref="ILdapUser"/>.</para>
/// </remarks>
string Password { get; }
/// <summary>
/// Gets the port of the LDAP server.
/// </summary>
int Port { get; }
/// <summary>
/// Gets the version of the LDAP protocol to request from the server.
/// </summary>
int ProtocolVersion { get; }
/// <summary>
/// Gets the name of the LDAP schema which is used by
/// <see cref="LdapUserBase"/> to automatically retrieve the required
/// properties.
/// </summary>
string Schema { get; }
/// <summary>
/// Gets the starting point(s) of any directory search.
/// </summary>
IDictionary<string, SearchScope> SearchBase { get; }
/// <summary>
/// Gets the host name or IP of the LDAP server.
/// </summary>
string Server { get; }
/// <summary>
/// Gets the acceptable issuer of the server certificate.
/// </summary>
/// <remarks>
/// <para>If this property is <c>null</c>, any issuer will be considered
/// acceptable.</para>
/// <para>This property is only relevant if <see cref="UseSsl"/> is
/// enabled.</para>
/// </remarks>
string ServerCertificateIssuer { get; }
/// <summary>
/// Gets the certificate thumbprints for the LDAP servers that are
/// accepted during certificate validation.
/// </summary>
/// <remarks>
/// <para>If this array is empty, any server certificate will be
/// accepted. Note that if <see cref="ServerCertificateIssuer"/> is set
/// as well, the server certificate must have been issued by the
/// specified issuer, too.</para>
/// <para>This property is only relevant if <see cref="UseSsl"/> is
/// enabled.</para>
/// </remarks>
string[] ServerThumbprint { get; }
/// <summary>
/// Gets the timeout for LDAP queries.
/// </summary>
/// <remarks>
/// <para>This is currently not used.</para>
/// <para>A value of <see cref="TimeSpan.Zero"/> indicates an infinite
/// timeout.</para></remarks>
TimeSpan Timeout { get; }
/// <summary>
/// Gets the LDAP user used to connect to the directory.
/// </summary>
/// <remarks>
/// This is only used by <see cref="ILdapConnectionService"/>. See
/// <see cref="Password"/> for more details.
/// </remarks>
string User { get; }
}
}