Optimise for quick AD user searching
Avoids loading users groups when not needed
This commit is contained in:
Gary Sharp
@@ -245,6 +245,7 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
|
||||
#region User Account
|
||||
private static readonly string[] UserLoadProperties = { "name", "distinguishedName", "sAMAccountName", "objectSid", "displayName", "sn", "givenName", "memberOf", "primaryGroupID", "mail", "telephoneNumber" };
|
||||
private static readonly string[] UserQuickLoadProperties = { "name", "distinguishedName", "sAMAccountName", "objectSid", "displayName", "sn", "givenName", "mail", "telephoneNumber" };
|
||||
|
||||
public static ActiveDirectoryUserAccount RetrieveUserAccount(string Id, params string[] AdditionalProperties)
|
||||
{
|
||||
@@ -254,9 +255,13 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
? UserLoadProperties.Concat(AdditionalProperties).ToArray()
|
||||
: UserLoadProperties;
|
||||
|
||||
return SearchBySamAccountName(Id, ldapFilter, loadProperites).Select(result => result.AsUserAccount(AdditionalProperties)).FirstOrDefault();
|
||||
return SearchBySamAccountName(Id, ldapFilter, loadProperites).Select(result => result.AsUserAccount(false, AdditionalProperties)).FirstOrDefault();
|
||||
}
|
||||
public static IEnumerable<ActiveDirectoryUserAccount> SearchUserAccounts(string Term, params string[] AdditionalProperties)
|
||||
{
|
||||
return SearchUserAccounts(Term, false, AdditionalProperties);
|
||||
}
|
||||
public static IEnumerable<ActiveDirectoryUserAccount> SearchUserAccounts(string Term, bool Quick, params string[] AdditionalProperties)
|
||||
{
|
||||
const int resultLimit = 30; // Default Search Limit
|
||||
|
||||
@@ -272,26 +277,30 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
|
||||
string ldapFilter = string.Format("(&(objectCategory=Person)(objectClass=user)(|(sAMAccountName=*{0}*)(displayName=*{0}*)))", ADInterop.EscapeLdapQuery(Term));
|
||||
|
||||
string[] loadProperites = (AdditionalProperties != null && AdditionalProperties.Length > 0)
|
||||
? UserLoadProperties.Concat(AdditionalProperties).ToArray()
|
||||
string[] loadProperites = Quick
|
||||
? UserQuickLoadProperties
|
||||
: UserLoadProperties;
|
||||
|
||||
if (AdditionalProperties != null && AdditionalProperties.Length > 0)
|
||||
loadProperites.Concat(AdditionalProperties).ToArray();
|
||||
|
||||
IEnumerable<ActiveDirectorySearchResult> searchResults;
|
||||
if (searchDomain == null)
|
||||
searchResults = ADInterop.SearchScope(ldapFilter, resultLimit, loadProperites);
|
||||
else
|
||||
searchResults = ADInterop.SearchScope(searchDomain, ldapFilter, resultLimit, loadProperites);
|
||||
|
||||
return searchResults.Select(result => result.AsUserAccount(AdditionalProperties));
|
||||
return searchResults.Select(result => result.AsUserAccount(Quick, AdditionalProperties));
|
||||
}
|
||||
|
||||
private static ActiveDirectoryUserAccount AsUserAccount(this ActiveDirectorySearchResult item, string[] AdditionalProperties)
|
||||
private static ActiveDirectoryUserAccount AsUserAccount(this ActiveDirectorySearchResult item, bool Quick, string[] AdditionalProperties)
|
||||
{
|
||||
string name = item.Result.Properties["name"][0].ToString();
|
||||
string username = item.Result.Properties["sAMAccountName"][0].ToString();
|
||||
string distinguishedName = item.Result.Properties["distinguishedName"][0].ToString();
|
||||
byte[] objectSid = (byte[])item.Result.Properties["objectSid"][0];
|
||||
string objectSidSDDL = ADInterop.ConvertBytesToSDDLString(objectSid);
|
||||
List<string> groups = null;
|
||||
|
||||
ResultPropertyValueCollection displayNameProp = item.Result.Properties["displayName"];
|
||||
string displayName = username;
|
||||
@@ -314,15 +323,19 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
if (phoneProp.Count > 0)
|
||||
phone = phoneProp[0].ToString();
|
||||
|
||||
int primaryGroupID = (int)item.Result.Properties["primaryGroupID"][0];
|
||||
string primaryGroupSid = ADInterop.ConvertBytesToSDDLString(ADInterop.BuildPrimaryGroupSid(objectSid, primaryGroupID));
|
||||
var groupDistinguishedNames = item.Result.Properties["memberOf"].Cast<string>().ToList();
|
||||
groupDistinguishedNames.Add(ADGroupCache.GetGroupsDistinguishedNameForSecurityIdentifier(primaryGroupSid));
|
||||
List<string> groups = ADGroupCache.GetGroups(groupDistinguishedNames).ToList();
|
||||
// Don't load Groups when doing a quick search
|
||||
if (!Quick)
|
||||
{
|
||||
int primaryGroupID = (int)item.Result.Properties["primaryGroupID"][0];
|
||||
string primaryGroupSid = ADInterop.ConvertBytesToSDDLString(ADInterop.BuildPrimaryGroupSid(objectSid, primaryGroupID));
|
||||
var groupDistinguishedNames = item.Result.Properties["memberOf"].Cast<string>().ToList();
|
||||
groupDistinguishedNames.Add(ADGroupCache.GetGroupsDistinguishedNameForSecurityIdentifier(primaryGroupSid));
|
||||
groups = ADGroupCache.GetGroups(groupDistinguishedNames).ToList();
|
||||
}
|
||||
|
||||
// Additional Properties
|
||||
Dictionary<string, object[]> additionalProperties = new Dictionary<string, object[]>();
|
||||
if (AdditionalProperties != null)
|
||||
if (AdditionalProperties != null && AdditionalProperties.Length > 0)
|
||||
foreach (string propertyName in AdditionalProperties)
|
||||
{
|
||||
var property = item.Result.Properties[propertyName];
|
||||
@@ -457,7 +470,7 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
private static readonly string[] ObjectLoadProperties = { "objectCategory" };
|
||||
private static readonly string[] ObjectLoadPropertiesAll = ObjectLoadProperties.Concat(UserLoadProperties).Concat(MachineLoadProperties).Concat(GroupLoadProperties).Distinct().ToArray();
|
||||
|
||||
public static IActiveDirectoryObject RetrieveObject(string Id)
|
||||
public static IActiveDirectoryObject RetrieveObject(string Id, bool Quick)
|
||||
{
|
||||
const string ldapFilter = "(&(|(objectCategory=Person)(objectCategory=Computer)(objectCategory=Group))(sAMAccountName={0}))";
|
||||
|
||||
@@ -469,7 +482,7 @@ namespace Disco.Services.Interop.ActiveDirectory
|
||||
switch (objectCategory)
|
||||
{
|
||||
case "cn=person":
|
||||
return result.AsUserAccount(null);
|
||||
return result.AsUserAccount(Quick, null);
|
||||
case "cn=computer":
|
||||
return result.AsMachineAccount(null);
|
||||
case "cn=group":
|
||||
|
||||
@@ -171,7 +171,7 @@ namespace Disco.Services.Searching
|
||||
|
||||
public static List<User> SearchUsersUpstream(string Term, int? LimitCount = null)
|
||||
{
|
||||
IEnumerable<ActiveDirectoryUserAccount> matches = ActiveDirectory.SearchUserAccounts(Term);
|
||||
IEnumerable<ActiveDirectoryUserAccount> matches = ActiveDirectory.SearchUserAccounts(Term, Quick: true);
|
||||
|
||||
if (LimitCount.HasValue)
|
||||
matches = matches.Take(LimitCount.Value);
|
||||
|
||||
@@ -208,7 +208,7 @@ namespace Disco.Services.Users
|
||||
|
||||
internal static IEnumerable<ActiveDirectoryUserAccount> SearchUsers(DiscoDataContext Database, string Term)
|
||||
{
|
||||
var adImportedUsers = ActiveDirectory.SearchUserAccounts(Term);
|
||||
var adImportedUsers = ActiveDirectory.SearchUserAccounts(Term, Quick: true);
|
||||
foreach (var adU in adImportedUsers.Select(adU => adU.ToRepositoryUser()))
|
||||
{
|
||||
var existingUser = Database.Users.Find(adU.UserId);
|
||||
|
||||
@@ -108,7 +108,11 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
// Validate Subjects
|
||||
if (Subjects != null && Subjects.Length > 0)
|
||||
{
|
||||
var subjects = Subjects.Where(s => !string.IsNullOrWhiteSpace(s)).Select(s => s.Trim()).Select(s => new Tuple<string, IActiveDirectoryObject>(s, ActiveDirectory.RetrieveObject(s))).ToList();
|
||||
var subjects = Subjects
|
||||
.Where(s => !string.IsNullOrWhiteSpace(s))
|
||||
.Select(s => s.Trim())
|
||||
.Select(s => Tuple.Create(s, ActiveDirectory.RetrieveObject(s, Quick: true)))
|
||||
.ToList();
|
||||
var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList();
|
||||
|
||||
if (invalidSubjects.Count > 0)
|
||||
@@ -242,7 +246,11 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
if (Subjects == null || Subjects.Length == 0)
|
||||
throw new ArgumentNullException("Subjects", "At least one Id must be supplied");
|
||||
|
||||
var subjects = Subjects.Where(s => !string.IsNullOrWhiteSpace(s)).Select(s => s.Trim()).Select(s => new Tuple<string, IActiveDirectoryObject>(s, ActiveDirectory.RetrieveObject(s))).ToList();
|
||||
var subjects = Subjects
|
||||
.Where(s => !string.IsNullOrWhiteSpace(s))
|
||||
.Select(s => s.Trim())
|
||||
.Select(s => Tuple.Create(s, ActiveDirectory.RetrieveObject(s, Quick: true)))
|
||||
.ToList();
|
||||
var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList();
|
||||
|
||||
if (invalidSubjects.Count > 0)
|
||||
@@ -286,7 +294,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
else if (!Id.Contains(@"\"))
|
||||
Id = string.Format(@"{0}\{1}", ActiveDirectory.PrimaryDomain.NetBiosName, Id);
|
||||
|
||||
var subject = ActiveDirectory.RetrieveObject(Id);
|
||||
var subject = ActiveDirectory.RetrieveObject(Id, Quick: true);
|
||||
|
||||
if (subject == null || !(subject is ActiveDirectoryUserAccount || subject is ActiveDirectoryGroup))
|
||||
return Json(null, JsonRequestBehavior.AllowGet);
|
||||
|
||||
@@ -288,7 +288,11 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
// Validate Subjects
|
||||
if (Subjects != null && Subjects.Length > 0)
|
||||
{
|
||||
var subjects = Subjects.Where(s => !string.IsNullOrWhiteSpace(s)).Select(s => s.Trim()).Select(s => new Tuple<string, IActiveDirectoryObject>(s, ActiveDirectory.RetrieveObject(s))).ToList();
|
||||
var subjects = Subjects
|
||||
.Where(s => !string.IsNullOrWhiteSpace(s))
|
||||
.Select(s => s.Trim())
|
||||
.Select(s => Tuple.Create(s, ActiveDirectory.RetrieveObject(s, Quick: true)))
|
||||
.ToList();
|
||||
var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList();
|
||||
|
||||
if (invalidSubjects.Count > 0)
|
||||
@@ -382,7 +386,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
[DiscoAuthorize(Claims.Config.JobQueue.Configure)]
|
||||
public virtual ActionResult Subject(string Id)
|
||||
{
|
||||
var subject = ActiveDirectory.RetrieveObject(Id);
|
||||
var subject = ActiveDirectory.RetrieveObject(Id, Quick: true);
|
||||
|
||||
if (subject == null || !(subject is ActiveDirectoryUserAccount || subject is ActiveDirectoryGroup))
|
||||
return Json(null, JsonRequestBehavior.AllowGet);
|
||||
|
||||
@@ -28,7 +28,7 @@ namespace Disco.Web.Areas.Config.Controllers
|
||||
|
||||
var token = RoleToken.FromAuthorizationRole(ar);
|
||||
var subjects = token.SubjectIds == null ? new List<Models.AuthorizationRole.SubjectDescriptorModel>() :
|
||||
token.SubjectIds.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId))
|
||||
token.SubjectIds.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId, Quick: true))
|
||||
.Where(item => item != null)
|
||||
.Select(item => Models.AuthorizationRole.SubjectDescriptorModel.FromActiveDirectoryObject(item))
|
||||
.OrderBy(item => item.Name).ToList();
|
||||
@@ -53,7 +53,7 @@ namespace Disco.Web.Areas.Config.Controllers
|
||||
.Select(ar => RoleToken.FromAuthorizationRole(ar)).Cast<IRoleToken>().ToList();
|
||||
|
||||
var administratorSubjects = UserService.AdministratorSubjectIds
|
||||
.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId))
|
||||
.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId, Quick: true))
|
||||
.Where(item => item != null)
|
||||
.Select(item => Models.AuthorizationRole.SubjectDescriptorModel.FromActiveDirectoryObject(item))
|
||||
.OrderBy(item => item.Name).ToList();
|
||||
|
||||
@@ -29,7 +29,7 @@ namespace Disco.Web.Areas.Config.Controllers
|
||||
|
||||
var token = JobQueueToken.FromJobQueue(jq);
|
||||
var subjects = token.SubjectIds == null ? new List<Models.JobQueue.ShowModel.SubjectDescriptor>() :
|
||||
token.SubjectIds.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId))
|
||||
token.SubjectIds.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId, Quick: true))
|
||||
.Where(item => item != null)
|
||||
.Select(item => Models.JobQueue.ShowModel.SubjectDescriptor.FromActiveDirectoryObject(item))
|
||||
.OrderBy(item => item.Name).ToList();
|
||||
|
||||
@@ -255,7 +255,7 @@ namespace Disco.Web.Controllers
|
||||
public virtual ActionResult Administrators()
|
||||
{
|
||||
var administratorSubjects = UserService.AdministratorSubjectIds
|
||||
.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId))
|
||||
.Select(subjectId => ActiveDirectory.RetrieveObject(subjectId, Quick: true))
|
||||
.Where(item => item != null)
|
||||
.Select(item => Disco.Web.Areas.Config.Models.AuthorizationRole.SubjectDescriptorModel.FromActiveDirectoryObject(item))
|
||||
.OrderBy(item => item.Name).ToList();
|
||||
@@ -284,7 +284,7 @@ namespace Disco.Web.Controllers
|
||||
else if (!Id.Contains(@"\"))
|
||||
Id = string.Format(@"{0}\{1}", ActiveDirectory.PrimaryDomain.NetBiosName, Id);
|
||||
|
||||
var subject = ActiveDirectory.RetrieveObject(Id);
|
||||
var subject = ActiveDirectory.RetrieveObject(Id, Quick: true);
|
||||
|
||||
if (subject == null || !(subject is ActiveDirectoryUserAccount || subject is ActiveDirectoryGroup))
|
||||
return Json(null, JsonRequestBehavior.AllowGet);
|
||||
@@ -302,7 +302,11 @@ namespace Disco.Web.Controllers
|
||||
if (Subjects != null || Subjects.Length > 0)
|
||||
{
|
||||
|
||||
var subjects = Subjects.Where(s => !string.IsNullOrWhiteSpace(s)).Select(s => s.Trim()).Select(s => new Tuple<string, IActiveDirectoryObject>(s, ActiveDirectory.RetrieveObject(s))).ToList();
|
||||
var subjects = Subjects
|
||||
.Where(s => !string.IsNullOrWhiteSpace(s))
|
||||
.Select(s => s.Trim())
|
||||
.Select(s => Tuple.Create(s, ActiveDirectory.RetrieveObject(s, Quick: true)))
|
||||
.ToList();
|
||||
var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList();
|
||||
|
||||
if (invalidSubjects.Count > 0)
|
||||
|
||||
Reference in New Issue
Block a user