Select adobject by the same parameters as searched

Seji64 · Oct 6, 2023 · 248aa26 · 248aa26
1 parent 39b2a15
commit 248aa26
Showing 1 changed file with 22 additions and 11 deletions.
diff --git a/src/Services/LDAPService.cs b/src/Services/LDAPService.cs
@@ -93,7 +93,7 @@ public async Task<bool> TestCredentialsAsync(LdapCredential ldapCredential)
 
                 string? defaultNamingContext = _ldapOptions.Value.SearchBase;
 
-                var ldapSearchResult = (await ldapConnection.SearchByCnAsync(defaultNamingContext, name, Native.LdapSearchScope.LDAP_SCOPE_SUB)).FirstOrDefault();
+                var ldapSearchResult = (await ldapConnection.SearchAsync(defaultNamingContext, $"(&(objectCategory=computer)(name={name}))",null, Native.LdapSearchScope.LDAP_SCOPE_SUB)).SingleOrDefault();
 
                 if (ldapSearchResult != null)
                 {
@@ -211,26 +211,37 @@ public async Task<bool> TestCredentialsAsync(LdapCredential ldapCredential)
 
         private static async Task<string> DecryptLAPSPayload(byte[] value, LdapCredential ldapCredential)
         {
+
             StringBuilder pythonScriptResult = new();
             string pythonDecryptScriptPath = Path.Combine(Path.GetDirectoryName(AppContext.BaseDirectory)!, "scripts", "DecryptEncryptedLAPSPassword.py");
 
             string pythonBin = RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? "python" : "python3";
 
-            var pythonCmd = Cli.Wrap(pythonBin)
-                            .WithArguments($"\"{pythonDecryptScriptPath}\" --user \"{ldapCredential.UserName}\" --password \"{ldapCredential.Password}\" --data \"{Convert.ToBase64String(value)}\"")
-                            .WithStandardOutputPipe(PipeTarget.ToStringBuilder(pythonScriptResult));
+            try
+            {
+
+                var pythonCmd = Cli.Wrap(pythonBin)
+                                .WithArguments($"\"{pythonDecryptScriptPath}\" --user \"{ldapCredential.UserName}\" --password \"{ldapCredential.Password}\" --data \"{Convert.ToBase64String(value)}\"")
+                                .WithStandardOutputPipe(PipeTarget.ToStringBuilder(pythonScriptResult));
 
-            await pythonCmd.ExecuteAsync();
+                await pythonCmd.ExecuteAsync();
 
-            if (pythonDecryptScriptPath is null || pythonDecryptScriptPath.Length == 0)
+                if (pythonDecryptScriptPath is null || pythonDecryptScriptPath.Length == 0)
+                {
+                    throw new Exception("Failed to decrypt laps password!");
+                }
+
+                string ldapValue = pythonScriptResult.ToString().Trim();
+                ldapValue = ldapValue.Remove(ldapValue.LastIndexOf("}") + 1);
+
+                return ldapValue;
+            }
+            catch (Exception ex)
             {
-                throw new Exception("Failed to decrypt laps password!");
+                Log.Error("Decrypt LAPS Password failed => {ErrorMessage}", ex.Message);
+                throw new ArgumentException("Failed to decrypt LAPSv2 Password");
             }
 
-            string ldapValue = pythonScriptResult.ToString().Trim();
-            ldapValue = ldapValue.Remove(ldapValue.LastIndexOf("}") + 1);
-
-            return ldapValue;
         }
 
         public async Task<List<ADComputer>> SearchADComputersAsync(LdapCredential ldapCredential, string query)