def test_bind_noMatchingServicesFound_fallback_success(self): server = self.createServer( services=['svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse(resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived(str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc1)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc2)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc3)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='s3krit')) self.assertEquals(server.transport.value(), str(pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=ldaperrors.Success.resultCode), id=4)))
def test_unbind_clientUnbinds(self): """ The server disconnects from the client gracefully when the client signals its intent to unbind. """ server = self.createServer( [pureldap.LDAPBindResponse(resultCode=0)], [], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.reactor.advance(1) client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPUnbindRequest(), id=3))) server.connectionLost(error.ConnectionDone) server.reactor.advance(1) client.assertSent(pureldap.LDAPBindRequest(), pureldap.LDAPUnbindRequest()) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_unbind_clientEOF(self): """ The server disconects correctly when the client terminates the connection without sending an unbind request. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)]) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.reactor.advance(1) client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.connectionLost(error.ConnectionDone) server.reactor.advance(1) client.assertSent(pureldap.LDAPBindRequest(), 'fake-unbind-by-LDAPClientTestDriver') self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_unbind_clientEOF(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) reactor.iterate() #TODO client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.connectionLost(error.ConnectionDone) reactor.iterate() #TODO client.assertSent(pureldap.LDAPBindRequest(), 'fake-unbind-by-LDAPClientTestDriver') self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_unbind_clientUnbinds(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) reactor.iterate() # TODO client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire(), ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPUnbindRequest(), id=3).toWire()) server.connectionLost(error.ConnectionDone) reactor.iterate() # TODO client.assertSent(pureldap.LDAPBindRequest(), pureldap.LDAPUnbindRequest()) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire(), )
def perform_bind_ntlm( client, username, password, domain, workstation, ntlm_version, peercert: X509 = None, ): """ Perform bind using custom NTLM mechanism. Will return different value based on ntlm_version. NTLMv2 using session key for future sign and seal. We do not support NTLMv1 with sign and seal on purpose. :returns NTLMv1 : None NTLMv2 : session key for sign and seal """ sign_seal_enable = client._ntlm_sign_seal_enable(ntlm_version) ntlm_negotiate_msg = ntlm.create_negotiate_msg( sign_seal=sign_seal_enable) op = pureldap.LDAPBindRequest(auth=("GSS-SPNEGO", ntlm_negotiate_msg), sasl=True) response = yield client.send(op) if response.resultCode != ldaperrors.LDAPSaslBindInProgress.resultCode: raise ldaperrors.get(response.resultCode, response.errorMessage) ntlm_challenge_msg = response.serverSaslCreds.value ntlm_authenticate = ntlm.create_ntlm_auth( ntlm_negotiate_msg, ntlm_challenge_msg, username, password, domain, workstation, ntlm_version, sign_seal=sign_seal_enable, peercert=peercert, ) op = pureldap.LDAPBindRequest( auth=("GSS-SPNEGO", ntlm_authenticate.get_encoded_msg()), sasl=True) response = yield client.send(op) if response.resultCode != ldaperrors.Success.resultCode: raise ldaperrors.get(response.resultCode, response.errorMessage) if ntlm_version == 2 and isinstance(ntlm_authenticate, ntlm.NTLMv2Auth): defer.returnValue(ntlm_authenticate.session_key)
def test_reusing_connection_succeeds2(self): # User Bind, User Bind server, client = self.create_server_and_client( [pureldap.LDAPBindResponse(resultCode=0)], [pureldap.LDAPBindResponse(resultCode=0)]) yield client.bind('uid=hugo,cn=users,dc=test,dc=local', 'secret') yield client.bind('uid=hugo,cn=users,dc=test,dc=local', 'secret') server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), )
def test_bind(self): server = self.createServer([ pureldap.LDAPBindResponse(resultCode=0), ]) server.dataReceived(str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) reactor.iterate() #TODO self.assertEqual(server.transport.value(), str(pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_search(self): """ When performing an LDAP search against the server; the search results and a single "search done" response is written to the transport. """ server = self.createServer( [pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_simple_bind(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('sAMAccountName', ['hugo'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend (the actual connection) did not send anything server.client.assertNothingSent() # Assert that Proxy<->Backend (the lookup connection) did send something service_account_client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), pureldap.LDAPSearchRequest( baseObject='uid=thegreathugo,cn=users,dc=test,dc=local', scope=0, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=pureldap.LDAPFilter_present(value='objectClass'), attributes=()), 'fake-unbind-by-LDAPClientTestDriver')
def test_simple_search(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) results = yield entry.search('(objectClass=*)', scope=pureldap.LDAP_SCOPE_baseObject) self.assertEqual(len(results), 1) self.assertEqual(len(results[0]['someattr']), 1) (value, ) = results[0]['someattr'] self.assertEqual(value, 'somevalue')
def test_realm_mapping_fails_wrong_password(self): marker = 'markerSecret' realm = 'realmSecret' password = '******' # this is the wrong password! service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) d = client2.bind(dn, password) yield self.assertFailure(d, ldaperrors.LDAPInvalidCredentials) self.assertEqual(self.privacyidea.authentication_requests, [('hugo', realm, password, False)]) time.sleep(1) # to clean the reactor
def test_realm_mapping_succeeds_case_sensitive(self): marker = 'markerSecret' password = '******' service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=Hugo,cn=users,dc=test,DC=LOCAL' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep half a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) yield client2.bind( dn.lower(), password) # this will work even though the DN has differing case self.assertEqual(self.privacyidea.authentication_requests, [('hugo', 'realmSecret', password, True)]) time.sleep(1) # to clean the reactor
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) reactor.iterate() # TODO self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), id=3, ).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), id=3, ).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire(), )
def test_intercepted_search_response(self): """ When performing an LDAP search against the server; the search results are intercepted and modified by the proxy. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], protocol=ResponseInterceptingProxy) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) server.reactor.advance(5) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_bind(self): self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4).toWire())
def test_passthrough_bind_succeeds(self): server, client = self.create_server_and_client( [pureldap.LDAPBindResponse(resultCode=0)]) yield client.bind('uid=passthrough,cn=users,dc=test,dc=local', 'some-secret') server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=passthrough,cn=users,dc=test,dc=local', auth='some-secret'), )
def _send_sspi_bind(self, dn, current_buffer): # format request and send it op = pureldap.LDAPBindRequest( dn=dn, auth=('GSS-SPNEGO', current_buffer[0].Buffer), sasl='True', ) response = yield self.send(op) return response
def test_bind_invalidCredentials_nonExisting(self): self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=non-existing,dc=example,dc=com', auth=b'invalid'), id=78).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=78).toWire())
def test_bind_invalidCredentials_badPassword(self): self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth=b'invalid'), id=734).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=734).toWire())
def test_bind(self): """ When binding to the server an `LDAPBindResponse` with a successful result code.is written to the transport. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)]) server.dataReceived(str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) server.reactor.advance(1) self.assertEqual(server.transport.value(), str(pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind_badVersion_4_anonymous(self): self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(version=4), id=32).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 4 not supported'), id=32).toWire())
def test_reusing_connection_fails1(self): # Scenario 1: Passthrough Bind, User Bind server, client = self.create_server_and_client( [pureldap.LDAPBindResponse(resultCode=0)]) yield client.bind('uid=passthrough,cn=users,dc=test,dc=local', 'some-secret') server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=passthrough,cn=users,dc=test,dc=local', auth='some-secret'), ) d = client.bind('uid=hugo,cn=users,dc=test,dc=local', 'secret') yield self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def test_passwordModify_someoneElse(self): commits = observeCommits(self.thingie) # first bind to some entry userPassword = b"{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=" # secret self.thingie["userPassword"] = [userPassword] self.server.dataReceived( pureldap.LDAPMessage( pureldap.LDAPBindRequest( dn="cn=thingie,ou=stuff,dc=example,dc=com", auth=b"secret"), id=4, ).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage( pureldap.LDAPBindResponse( resultCode=0, matchedDN="cn=thingie,ou=stuff,dc=example,dc=com"), id=4, ).toWire(), ) self.server.transport.clear() observer = testing.EventLoggingObserver.createWithCleanup(self, log) self.server.dataReceived( pureldap.LDAPMessage( pureldap.LDAPPasswordModifyRequest( userIdentity="cn=another,ou=stuff,dc=example,dc=com", newPasswd="hushhush", ), id=2, ).toWire()) self.assertEqual( observer[0]["log_text"], "User cn=thingie,ou=stuff,dc=example,dc=com " "tried to change password of " "b'cn=another,ou=stuff,dc=example,dc=com'", ) self.assertListEqual(commits, [], "Server committed data.") self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage( pureldap.LDAPExtendedResponse( resultCode=ldaperrors.LDAPInsufficientAccessRights. resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid, ), id=2, ).toWire(), ) self.assertSequenceEqual( self.thingie.get("userPassword", []), [userPassword], )
def test_control_unknown_critical(self): self.server.dataReceived(pureldap.LDAPMessage( pureldap.LDAPBindRequest(), id=2, controls=[('42.42.42.42', True, None), ]).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage( pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPUnavailableCriticalExtension.resultCode, errorMessage='Unknown control 42.42.42.42'), id=2).toWire())
def perform_bind_ntlm(self, dn, username, password, domain, workstation, ntlm_version): ntlm_negotiate_msg = ntlm.create_negotiate_msg() op = pureldap.LDAPBindRequest(dn=dn, auth=('GSS-SPNEGO', ntlm_negotiate_msg), sasl=True) response = yield self.send(op) if response.resultCode != ldaperrors.LDAPSaslBindInProgress.resultCode: raise ldaperrors.get(response.resultCode, response.errorMessage) ntlm_challenge_msg = response.serverSaslCreds.value ntlm_authenticate_msg = ntlm.create_authenticate_msg( ntlm_negotiate_msg, ntlm_challenge_msg, username, password, domain, workstation, ntlm_version) op = pureldap.LDAPBindRequest(dn=dn, auth=('GSS-SPNEGO', ntlm_authenticate_msg), sasl=True) response = yield self.send(op) if response.resultCode != ldaperrors.Success.resultCode: raise ldaperrors.get(response.resultCode, response.errorMessage)
def test_bindBadPassword(self): """ When password don't match the BIND fails. """ self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='*****@*****.**', auth='invalid'), id=734).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=734).toWire())
def checkSuccessfulBIND(self, bind_dn, password): """ Do a BIND request and check that is succeeds. """ self.server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(dn=bind_dn, auth=password), id=4).toWire()) self.assertEqual( self.server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=bob,dc=example,dc=com'), id=4).toWire())
def bind(self, dn='', auth=''): """ @depreciated: Use e.bind(auth). @todo: Remove this method when there are no callers. """ if not self.connected: raise LDAPClientConnectionLostException() else: r = pureldap.LDAPBindRequest(dn=dn, auth=auth) d = self.send(r) d.addCallback(self._handle_bind_msg) return d