feat:update ldap package (#753)

MayueCif · web-flow · commit 3970cefe6341 · 2025-08-06T15:37:16.000+08:00
* refactor(SyncCache): simplify ResetAsync method

Replaced the `ClientQueryAsync` method with `ClientQuery().ToListAsync()` in the `ResetAsync` implementation. The `ClientQueryAsync` method and its internal logic have been removed, streamlining the asynchronous query process and improving code readability and maintainability.

* feat(Ldap): add UserAccountControl support

- Added `UserAccountControl` property in `LdapUser.cs` for managing user account control information.
- Introduced `UserAccountControl` enum in `UserAccountControl.cs` to define various account control flags.
- Updated `_attributes` array in `LdapProvider.cs` to include `userAccountControl` for LDAP queries.
- Implemented parsing logic for `userAccountControl` in `LdapProvider.cs` to convert its value to the `UserAccountControl` enum.
- Updated `Novell.Directory.Ldap.NETStandard` version in `Masa.Utils.Ldap.Novell.csproj` from `4.0.0-beta4` to `4.0.0` and added `System.Linq.Async` reference.

* chore: remove System.Linq.Async package reference

Removed the reference to the `System.Linq.Async` package
from the `Masa.Utils.Ldap.Novell.csproj` project file,
while keeping other package references intact.

* docs(UserAccountControl): add detailed documentation

Added comprehensive documentation for the `UserAccountControl` enum in `UserAccountControl.cs`, explaining the purpose and usage of each flag, including deprecated flags.

Removed unnecessary `using System.Collections.Generic;` statement in `LdapProvider.cs` and eliminated duplicate `userAccountControl` entry in the `_attributes` array to ensure uniqueness.
diff --git a/src/Utils/Ldap/Masa.Utils.Ldap.Novell/Entries/LdapUser.cs b/src/Utils/Ldap/Masa.Utils.Ldap.Novell/Entries/LdapUser.cs
@@ -56,4 +56,6 @@ public class LdapUser
     public string Department { get; set; } = string.Empty;
 
     public LdapAddress Address { get; set; } = new();
+
+    public UserAccountControl UserAccountControl { get; set; }
 }
diff --git a/src/Utils/Ldap/Masa.Utils.Ldap.Novell/Entries/UserAccountControl.cs b/src/Utils/Ldap/Masa.Utils.Ldap.Novell/Entries/UserAccountControl.cs
@@ -0,0 +1,122 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the MIT License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Utils.Ldap.Novell.Entries;
+
+/// <summary>
+/// Flags that control the behavior of user accounts in Active Directory (LDAP).
+/// These values correspond to the userAccountControl attribute and are used as bitwise flags.
+/// Some flags are deprecated and should not be used in new code.
+/// </summary>
+public enum UserAccountControl
+{
+    /// <summary>
+    /// The logon script will be run.
+    /// </summary>
+    Script = 1,
+
+    /// <summary>
+    /// The user account is disabled.
+    /// </summary>
+    AccountDisabled = 2,
+
+    /// <summary>
+    /// The home directory is required.
+    /// </summary>
+    HomeDirectoryRequired = 8,
+
+    /// <summary>
+    /// The account is locked out. Deprecated: Use lockoutTime attribute instead.
+    /// </summary>
+    AccountLockedOut_DEPRECATED = 16,
+
+    /// <summary>
+    /// No password is required.
+    /// </summary>
+    PasswordNotRequired = 32,
+
+    /// <summary>
+    /// The user cannot change the password. Deprecated: Use ntSecurityDescriptor instead.
+    /// </summary>
+    PasswordCannotChange_DEPRECATED = 64,
+
+    /// <summary>
+    /// The user can use reversible encryption for the password.
+    /// </summary>
+    EncryptedTextPasswordAllowed = 128,
+
+    /// <summary>
+    /// This is a temporary duplicate account.
+    /// </summary>
+    TempDuplicateAccount = 256,
+
+    /// <summary>
+    /// This is a normal user account.
+    /// </summary>
+    NormalAccount = 512,
+
+    /// <summary>
+    /// This is a trust account for a domain.
+    /// </summary>
+    InterDomainTrustAccount = 2048,
+
+    /// <summary>
+    /// This is a computer account for a workstation.
+    /// </summary>
+    WorkstationTrustAccount = 4096,
+
+    /// <summary>
+    /// This is a computer account for a server.
+    /// </summary>
+    ServerTrustAccount = 8192,
+
+    /// <summary>
+    /// The password does not expire.
+    /// </summary>
+    PasswordDoesNotExpire = 65536,
+
+    /// <summary>
+    /// This is an MNS logon account.
+    /// </summary>
+    MnsLogonAccount = 131072,
+
+    /// <summary>
+    /// Smart card is required for logon.
+    /// </summary>
+    SmartCardRequired = 262144,
+
+    /// <summary>
+    /// The account is trusted for Kerberos delegation.
+    /// </summary>
+    TrustedForDelegation = 524288,
+
+    /// <summary>
+    /// The account is not trusted for delegation.
+    /// </summary>
+    AccountNotDelegated = 1048576,
+
+    /// <summary>
+    /// Use only DES encryption types for this account.
+    /// </summary>
+    UseDesKeyOnly = 2097152,
+
+    /// <summary>
+    /// Do not require Kerberos preauthentication.
+    /// </summary>
+    DontRequirePreauth = 4194304,
+
+    /// <summary>
+    /// The user's password has expired. Deprecated: Use pwdLastSet attribute instead.
+    /// </summary>
+    PasswordExpired_DEPRECATED = 8388608,
+
+    /// <summary>
+    /// The account is trusted to authenticate for delegation.
+    /// </summary>
+    TrustedToAuthenticateForDelegation = 16777216,
+
+    /// <summary>
+    /// This is a read-only domain controller account.
+    /// </summary>
+    PartialSecretsAccount = 67108864
+}
diff --git a/src/Utils/Ldap/Masa.Utils.Ldap.Novell/LdapProvider.cs b/src/Utils/Ldap/Masa.Utils.Ldap.Novell/LdapProvider.cs
@@ -1,8 +1,6 @@
 // Copyright (c) MASA Stack All rights reserved.
 // Licensed under the MIT License. See LICENSE.txt in the project root for license information.
 
-using System.Collections.Generic;
-
 namespace Masa.Utils.Ldap.Novell;
 
 public class LdapProvider : ILdapProvider, IDisposable
@@ -14,7 +12,7 @@ public class LdapProvider : ILdapProvider, IDisposable
     {
         "objectSid", "objectGUID", "objectCategory", "objectClass", "memberOf", "name", "cn", "distinguishedName",
         "sAMAccountName", "userPrincipalName", "displayName", "givenName", "sn", "description",
-        "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c"
+        "telephoneNumber", "mail", "streetAddress", "postalCode", "l", "st", "co", "c", "userAccountControl"
     };
 
     internal LdapProvider(LdapOptions options)
@@ -233,6 +231,15 @@ private LdapUser CreateUser(string distinguishedName, LdapAttributeSet attribute
         ldapUser.Company = attributeSet.GetString("company");
         ldapUser.Department = attributeSet.GetString("department");
         ldapUser.Title = attributeSet.GetString("title");
+
+        if (attributeSet.TryGetValue("userAccountControl", out var userAccountControlAttribute))
+        {
+            if (int.TryParse(userAccountControlAttribute.StringValue, out var userAccountControlValue))
+            {
+                ldapUser.UserAccountControl = (UserAccountControl)userAccountControlValue;
+            }
+        }
+
         ldapUser.Address = new LdapAddress
         {
             Street = attributeSet.GetString("streetAddress"),

Original file line number	Diff line number	Diff line change
`@@ -56,4 +56,6 @@ public class LdapUser`
`56`	`56`	`public string Department { get; set; } = string.Empty;`
`57`	`57`
`58`	`58`	`public LdapAddress Address { get; set; } = new();`
	`59`	`+`
	`60`	`+ public UserAccountControl UserAccountControl { get; set; }`
`59`	`61`	`}`