ADSync API

From Sense/Net Wiki
Jump to: navigation, search
  •  
  •  
  •  
  •  
  • 100%
  • 6.0.5
  • Enterprise
  • Community
  • Planned

Overview

This page contains information for developers about the Application Programming Interface (API) of the Active Directory Synchronization.

The API is accessible from a server side code (like a portlet) or any tool that is built on the Content Repository (for example an import/export tool).

Portal -> AD synchronization

In order to execute portal->AD synchronization from code, you have to do the following:

  • reference DirectoryServices.dll
  • create an instance of the SyncAD2Portal class
  • use public method calls on the created instance to execute sync tasks.

Full syncing

The following is the code from SyncAD2Portal\Program.cs. It is the console tool that executes a full synchronization. The SyncFromAD() public method takes care of everything: parses configuration, caches portal users, queries Active Directory users, synchronizes objects and logs the whole operation to the log and to console:

        static void Main(string[] args)
        {
            var startSettings = new RepositoryStartSettings
            {
                Console = Console.Out,
                StartLuceneManager = true
            };
            using (var repo = Repository.Start(startSettings))
            {
                using (var traceOperation = Logger.TraceOperation("SyncAD2Portal", string.Empty, AdLog.AdSyncLogCategory))
                {
                    SyncAD2Portal directoryServices = new SyncAD2Portal();
                    directoryServices.SyncFromAD();
 
                    traceOperation.IsSuccessful = true;
                }
            }
        }

Syncing a single object

The following simple function synchronizes an object given by its LDAP path from AD, and returns with the log as a string. Note that the actual syncing is extended with the following actions:

  • current thread is impersonated to the currently logged in user, so that ad sync does not run on behalf of the app pool user, instead the current user account is used for authentication against the AD,
  • the caller subscribes to the AD log, so that it can retrieve information about the execution immediately. This subscription is thread-dependent, so the current thread will recieve AD log entries only about sync operations executed by itself.
        public string SyncOneObject(string ldapPath)
        {
            string log = null;
            try
            {
                var syncAD2Portal = new SyncAD2Portal();
 
                // impersonate to currently logged on windows user, to use its credentials to connect to AD
                var windowsIdentity = ((User)User.Current).WindowsIdentity;
                if (windowsIdentity == null)
                    return null;
 
                var impersonationContext = windowsIdentity.Impersonate();
 
                int? logid = null;
                try
                {
                    logid = AdLog.SubscribeToLog();
                    syncAD2Portal.SyncObjectFromAD(_tbLdapPath.Text);
                }
                catch (Exception ex)
                {
                    Logger.WriteException(ex);
                }
                if (impersonationContext != null)
                    impersonationContext.Undo();
 
                if (logid.HasValue)
                    log = AdLog.GetLogAndRemoveSubscription(logid.Value);
            }
            catch (Exception ex)
            {
                Logger.WriteException(ex);
            }
            return log;
        }

Checking target portal path

The following code retrieves synctree and target portal path information of an Active Directory object given by its path. The method call does not connect to AD, it simply parses the configuration, finds the first matching configured synctree, calculates target portal path and checks if node already exists at that location in the Content Repository:

      var syncAD2Portal = new SyncAD2Portal();
      var syncInfo = syncAD2Portal.GetSyncInfo("CN=MyGroup,OU=MyOrg,DC=Nativ,DC=local");

The retrieved syncInfo object has the following properties:

  • bool SyncTreeFound: true if there is a matching configured synctree in Active Directory configuration
  • string SyncTreeADPath: AD root path of the matching synctree
  • string SyncTreePortalPath: portal root path of the matching synctree
  • string SyncTreeADIPAddress: LDAP server address of the matching synctree
  • string TargetPortalPath: calculated portal target path
  • bool PortalNodeExists: true if portal node exists at target portal path in Content Repository
  • bool PortalParentExists: true if parent of target portal path exists in Content Repository

Related links