Conversation
Replaced the `ClientQueryAsync` method with `ClientQuery().ToListAsync()` in the `ResetAsync` implementation. The `ClientQueryAsync` method and its internal logic have been removed, streamlining the asynchronous query process and improving code readability and maintainability.
- Added `UserAccountControl` property in `LdapUser.cs` for managing user account control information. - Introduced `UserAccountControl` enum in `UserAccountControl.cs` to define various account control flags. - Updated `_attributes` array in `LdapProvider.cs` to include `userAccountControl` for LDAP queries. - Implemented parsing logic for `userAccountControl` in `LdapProvider.cs` to convert its value to the `UserAccountControl` enum. - Updated `Novell.Directory.Ldap.NETStandard` version in `Masa.Utils.Ldap.Novell.csproj` from `4.0.0-beta4` to `4.0.0` and added `System.Linq.Async` reference.
There was a problem hiding this comment.
Pull Request Overview
This PR updates the LDAP package to support user account control information and upgrades the LDAP library dependency to a stable version. The changes add the ability to query and manage user account control flags from LDAP, which is essential for determining user account status in Active Directory environments.
- Added support for
UserAccountControlproperty to track user account status flags - Upgraded Novell LDAP library from beta to stable version and added async LINQ support
- Removed unused async client query method in OpenIdConnect cache implementation
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Masa.Utils.Ldap.Novell.csproj | Updated package versions and added System.Linq.Async dependency |
| LdapProvider.cs | Added userAccountControl to LDAP query attributes and parsing logic |
| UserAccountControl.cs | New enum defining LDAP user account control flags |
| LdapUser.cs | Added UserAccountControl property to user model |
| SyncCache.cs | Simplified client query method and removed unused async implementation |
| "objectSid", "objectGUID", "objectCategory", "objectClass", "memberOf", "name", "cn", "distinguishedName", | ||
| "sAMAccountName", "userPrincipalName", "displayName", "givenName", "sn", "description", | ||
| "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c" | ||
| "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c","userAccountControl" |
There was a problem hiding this comment.
Missing space after comma before "userAccountControl". Should be "c", "userAccountControl" for consistency with other array elements.
Suggested change
| "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c","userAccountControl" | |
| "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c", "userAccountControl" |
Comment on lines
+5
to
+28
|
|
||
| public enum UserAccountControl | ||
| { | ||
| Script = 1, | ||
| AccountDisabled = 2, | ||
| HomeDirectoryRequired = 8, | ||
| AccountLockedOut_DEPRECATED = 16, | ||
| PasswordNotRequired = 32, | ||
| PasswordCannotChange_DEPRECATED = 64, | ||
| EncryptedTextPasswordAllowed = 128, | ||
| TempDuplicateAccount = 256, | ||
| NormalAccount = 512, | ||
| InterDomainTrustAccount = 2048, | ||
| WorkstationTrustAccount = 4096, | ||
| ServerTrustAccount = 8192, | ||
| PasswordDoesNotExpire = 65536, | ||
| MnsLogonAccount = 131072, | ||
| SmartCardRequired = 262144, | ||
| TrustedForDelegation = 524288, | ||
| AccountNotDelegated = 1048576, | ||
| UseDesKeyOnly = 2097152, | ||
| DontRequirePreauth = 4194304, | ||
| PasswordExpired_DEPRECATED = 8388608, | ||
| TrustedToAuthenticateForDelegation = 16777216, |
There was a problem hiding this comment.
The UserAccountControl enum lacks XML documentation comments explaining its purpose and the meaning of the flags, which would be helpful for API consumers working with LDAP user account control values.
Suggested change
| public enum UserAccountControl | |
| { | |
| Script = 1, | |
| AccountDisabled = 2, | |
| HomeDirectoryRequired = 8, | |
| AccountLockedOut_DEPRECATED = 16, | |
| PasswordNotRequired = 32, | |
| PasswordCannotChange_DEPRECATED = 64, | |
| EncryptedTextPasswordAllowed = 128, | |
| TempDuplicateAccount = 256, | |
| NormalAccount = 512, | |
| InterDomainTrustAccount = 2048, | |
| WorkstationTrustAccount = 4096, | |
| ServerTrustAccount = 8192, | |
| PasswordDoesNotExpire = 65536, | |
| MnsLogonAccount = 131072, | |
| SmartCardRequired = 262144, | |
| TrustedForDelegation = 524288, | |
| AccountNotDelegated = 1048576, | |
| UseDesKeyOnly = 2097152, | |
| DontRequirePreauth = 4194304, | |
| PasswordExpired_DEPRECATED = 8388608, | |
| TrustedToAuthenticateForDelegation = 16777216, | |
| /// <summary> | |
| /// Flags that control the behavior of user accounts in Active Directory (LDAP). | |
| /// These values correspond to the userAccountControl attribute and are used as bitwise flags. | |
| /// Some flags are deprecated and should not be used in new code. | |
| /// </summary> | |
| public enum UserAccountControl | |
| { | |
| /// <summary> | |
| /// The logon script will be run. | |
| /// </summary> | |
| Script = 1, | |
| /// <summary> | |
| /// The user account is disabled. | |
| /// </summary> | |
| AccountDisabled = 2, | |
| /// <summary> | |
| /// The home directory is required. | |
| /// </summary> | |
| HomeDirectoryRequired = 8, | |
| /// <summary> | |
| /// The account is locked out. Deprecated: Use lockoutTime attribute instead. | |
| /// </summary> | |
| AccountLockedOut_DEPRECATED = 16, | |
| /// <summary> | |
| /// No password is required. | |
| /// </summary> | |
| PasswordNotRequired = 32, | |
| /// <summary> | |
| /// The user cannot change the password. Deprecated: Use ntSecurityDescriptor instead. | |
| /// </summary> | |
| PasswordCannotChange_DEPRECATED = 64, | |
| /// <summary> | |
| /// The user can use reversible encryption for the password. | |
| /// </summary> | |
| EncryptedTextPasswordAllowed = 128, | |
| /// <summary> | |
| /// This is a temporary duplicate account. | |
| /// </summary> | |
| TempDuplicateAccount = 256, | |
| /// <summary> | |
| /// This is a normal user account. | |
| /// </summary> | |
| NormalAccount = 512, | |
| /// <summary> | |
| /// This is a trust account for a domain. | |
| /// </summary> | |
| InterDomainTrustAccount = 2048, | |
| /// <summary> | |
| /// This is a computer account for a workstation. | |
| /// </summary> | |
| WorkstationTrustAccount = 4096, | |
| /// <summary> | |
| /// This is a computer account for a server. | |
| /// </summary> | |
| ServerTrustAccount = 8192, | |
| /// <summary> | |
| /// The password does not expire. | |
| /// </summary> | |
| PasswordDoesNotExpire = 65536, | |
| /// <summary> | |
| /// This is an MNS logon account. | |
| /// </summary> | |
| MnsLogonAccount = 131072, | |
| /// <summary> | |
| /// Smart card is required for logon. | |
| /// </summary> | |
| SmartCardRequired = 262144, | |
| /// <summary> | |
| /// The account is trusted for Kerberos delegation. | |
| /// </summary> | |
| TrustedForDelegation = 524288, | |
| /// <summary> | |
| /// The account is not trusted for delegation. | |
| /// </summary> | |
| AccountNotDelegated = 1048576, | |
| /// <summary> | |
| /// Use only DES encryption types for this account. | |
| /// </summary> | |
| UseDesKeyOnly = 2097152, | |
| /// <summary> | |
| /// Do not require Kerberos preauthentication. | |
| /// </summary> | |
| DontRequirePreauth = 4194304, | |
| /// <summary> | |
| /// The user's password has expired. Deprecated: Use pwdLastSet attribute instead. | |
| /// </summary> | |
| PasswordExpired_DEPRECATED = 8388608, | |
| /// <summary> | |
| /// The account is trusted to authenticate for delegation. | |
| /// </summary> | |
| TrustedToAuthenticateForDelegation = 16777216, | |
| /// <summary> | |
| /// This is a read-only domain controller account. | |
| /// </summary> |
| // Licensed under the MIT License. See LICENSE.txt in the project root for license information. | ||
|
|
||
| namespace Masa.Utils.Ldap.Novell.Entries; | ||
|
|
There was a problem hiding this comment.
Consider adding the [Flags] attribute to this enum since UserAccountControl values are typically combined using bitwise operations in LDAP/Active Directory scenarios.
Suggested change
| [Flags] |
Removed the reference to the `System.Linq.Async` package from the `Masa.Utils.Ldap.Novell.csproj` project file, while keeping other package references intact.
Added comprehensive documentation for the `UserAccountControl` enum in `UserAccountControl.cs`, explaining the purpose and usage of each flag, including deprecated flags. Removed unnecessary `using System.Collections.Generic;` statement in `LdapProvider.cs` and eliminated duplicate `userAccountControl` entry in the `_attributes` array to ensure uniqueness.
wzh425
approved these changes
Aug 6, 2025
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
UserAccountControlproperty inLdapUser.csfor managing user account control information.UserAccountControlenum inUserAccountControl.csto define various account control flags._attributesarray inLdapProvider.csto includeuserAccountControlfor LDAP queries.userAccountControlinLdapProvider.csto convert its value to theUserAccountControlenum.Novell.Directory.Ldap.NETStandardversion inMasa.Utils.Ldap.Novell.csprojfrom4.0.0-beta4to4.0.0and addedSystem.Linq.Asyncreference.