Make strict AD group names optional

LiamNtfs/C4IT.LIAM.Ntfs.cs

@@ -564,7 +564,7 @@ namespace C4IT.LIAM
                 groupTraverseTag = GetRequiredCustomTag("Filesystem_GroupTraverseTag"),
                 groupDLTag = requiresDomainLocalTag ? GetRequiredCustomTag("Filesystem_GroupDomainLocalTag") : string.Empty,
                 groupGTag = GetRequiredCustomTag("Filesystem_GroupGlobalTag"),
-                allowExistingGroupWildcardMatch = IsAdditionalConfigurationEnabled("EnsureNtfsPermissionGroupsAllowRegexMatch")
+                forceStrictAdGroupNames = IsAdditionalConfigurationEnabled("ForceStrictAdGroupNames")
             };
 
             foreach (var template in BuildSecurityGroupTemplates())

LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs

@@ -51,7 +51,7 @@ namespace C4IT_IAM_SET
         public ICollection<string> ownerUserSids;
         public ICollection<string> readerUserSids;
         public ICollection<string> writerUserSids;
-        public bool allowExistingGroupWildcardMatch;
+        public bool forceStrictAdGroupNames;
 
         public int ReadACLPermission = 0x200A9;
         public int WriteACLPermission = 0x301BF;
@@ -145,7 +145,7 @@ namespace C4IT_IAM_SET
                     newSecurityGroups.username = username;
                     newSecurityGroups.domainName = domainName;
                     newSecurityGroups.password = password;
-                    newSecurityGroups.AllowExistingGroupWildcardMatch = allowExistingGroupWildcardMatch;
+                    newSecurityGroups.ForceStrictAdGroupNames = forceStrictAdGroupNames;
                     try
                     {
                         // ImpersonationHelper.Impersonate(domainName, username, new NetworkCredential("", password).Password, delegate
@@ -277,7 +277,7 @@ namespace C4IT_IAM_SET
                 username = username,
                 domainName = domainName,
                 password = password,
-                AllowExistingGroupWildcardMatch = allowExistingGroupWildcardMatch
+                ForceStrictAdGroupNames = forceStrictAdGroupNames
             };
         }
 
@@ -913,10 +913,10 @@ namespace C4IT_IAM_SET
                         users = null;
 
                     newSecurityGroups.EnsureADGroup(groupOUPath, newSecurityGroups.IAM_SecurityGroups[i], users);
-                    if (newSecurityGroups.IAM_SecurityGroups[i].ReusedExistingEntry)
-                        resultToken.reusedGroups.Add(newSecurityGroups.IAM_SecurityGroups[i].Name);
-                    else
+                    if (newSecurityGroups.IAM_SecurityGroups[i].CreatedNewEntry)
                         resultToken.createdGroups.Add(newSecurityGroups.IAM_SecurityGroups[i].Name);
+                    else
+                        resultToken.reusedGroups.Add(newSecurityGroups.IAM_SecurityGroups[i].Name);
                 }
             }
             catch (Exception E)

LiamNtfs/C4IT_IAM_SET/SecurityGroup.cs

@@ -23,7 +23,7 @@ namespace C4IT_IAM_Engine
         public string domainName;
         public string username;
         public SecureString password;
-        public bool AllowExistingGroupWildcardMatch;
+        public bool ForceStrictAdGroupNames;
 
         public List<IAM_SecurityGroup> IAM_SecurityGroups;
         public string rootUID;
@@ -482,7 +482,7 @@ namespace C4IT_IAM_Engine
 
         private void ApplyExistingGroup(IAM_SecurityGroup secGroup, DirectoryEntry existingGroup)
         {
-            secGroup.ReusedExistingEntry = true;
+            secGroup.CreatedNewEntry = false;
             secGroup.UID = getSID(existingGroup);
 
             if (existingGroup.Properties.Contains("sAMAccountName") && existingGroup.Properties["sAMAccountName"].Count > 0)
@@ -544,9 +544,9 @@ namespace C4IT_IAM_Engine
             LogMethodBegin(MethodBase.GetCurrentMethod());
             try
             {
-                secGroup.ReusedExistingEntry = false;
+                secGroup.CreatedNewEntry = false;
                 var existingGroup = FindGroupEntry(secGroup.Name);
-                if (existingGroup == null && AllowExistingGroupWildcardMatch)
+                if (existingGroup == null && !ForceStrictAdGroupNames)
                     existingGroup = FindGroupEntryByWildcard(ouPath, secGroup.WildcardPattern);
 
                 if (existingGroup == null)
@@ -572,7 +572,7 @@ namespace C4IT_IAM_Engine
             LogMethodBegin(MethodBase.GetCurrentMethod());
             try
             {
-                secGroup.ReusedExistingEntry = false;
+                secGroup.CreatedNewEntry = false;
                 if (!GroupAllreadyExisting(secGroup.Name.ToUpper()))
                 {
 
@@ -609,6 +609,7 @@ namespace C4IT_IAM_Engine
                     var objectid = SecurityGroups.getSID(ent);
                     DefaultLogger.LogEntry(LogLevels.Debug, $"Security group created in ad: {secGroup.technicalName}");
                     secGroup.UID = objectid;
+                    secGroup.CreatedNewEntry = true;
                     return ent;
                 }
                 else
@@ -686,7 +687,7 @@ namespace C4IT_IAM_Engine
         public string Parent = "";
         public string description;
         public string WildcardPattern;
-        public bool ReusedExistingEntry;
+        public bool CreatedNewEntry;
         public List<IAM_SecurityGroup> memberGroups;
         public string Name;
         public string technicalName;