'start_tls': 'startTLS',
'trace_level': 'trace',
}
ldap_url = MyLDAPUrl(sys.argv[1])
trace_level = int(ldap_url.trace_level or '0')
print('***trace_level', trace_level)
ldap.trace_level = trace_level
l = LDAPObject(
ldap_url.initializeUrl(),
trace_level=trace_level,
)
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s((ldap_url.who or ''), (ldap_url.cred or ''))
result = l.search_s(ldap_url.dn, ldap_url.scope or ldap.SCOPE_SUBTREE,
ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs
or ['*'])
pprint.pprint(result)
print('***DIAGNOSTIC_MESSAGE', repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)))
l.unbind_s()
from ldap.ldapobject import LDAPObject
from ldapurl import LDAPUrl
try:
ldap_url = LDAPUrl(sys.argv[1])
num_tests = int(sys.argv[2])
except IndexError:
print 'Usage: pref_test.py <LDAP URL> <number of tests>'
sys.exit(1)
iter = num_tests
start_time = time.time()
l = LDAPObject(ldap_url.initializeUrl(), trace_level=0)
l.protocol_version = 3
l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '')
while iter:
l.search_s(ldap_url.dn, ldap_url.scope or ldap.SCOPE_BASE,
ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs
or ['*'])
iter -= 1
end_time = time.time()
l.unbind_s()
del l
print 'Reusing connection:', end_time - start_time
try:
ldap_url = LDAPUrl(sys.argv[1])
num_tests = int(sys.argv[2])
except IndexError:
print 'Usage: pref_test.py <LDAP URL> <number of tests>'
sys.exit(1)
iter = num_tests
start_time = time.time()
l = LDAPObject(ldap_url.initializeUrl(),trace_level=0)
l.protocol_version = 3
l.simple_bind_s(ldap_url.who or '',ldap_url.cred or '')
while iter:
l.search_s(
ldap_url.dn,
ldap_url.scope or ldap.SCOPE_BASE,
ldap_url.filterstr or '(objectClass=*)',
ldap_url.attrs or ['*']
)
iter -= 1
end_time = time.time()
l.unbind_s()
del l
print 'Reusing connection:',end_time-start_time
def main():
uri = os.environ["URI1"]
managerdn = os.environ['MANAGERDN']
passwd = os.environ['PASSWD']
babsdn = os.environ['BABSDN']
babspw = b"bjensen"
bjornsdn = os.environ['BJORNSDN']
bjornspw = b"bjorn"
connection = LDAPObject(uri)
start = time.time()
connection.bind_s(managerdn, passwd)
end = time.time()
if end - start > 1:
print(
"It takes more than a second to connect and bind, "
"skipping potentially unstable test",
file=sys.stderr)
raise SystemExit(0)
dn, token_entry = get_token_for(connection, babsdn)
paramsdn = token_entry['oathTOTPParams'][0].decode()
result = connection.search_s(paramsdn, ldap.SCOPE_BASE)
_, attrs = result[0]
params = CIDict(attrs)
secret = token_entry['oathSecret'][0]
period = int(params['oathTOTPTimeStepPeriod'][0].decode())
bind_conn = LDAPObject(uri)
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no - 3)
print("Testing old tokens are not useable")
bind_conn.bind_s(babsdn, babspw + token)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with an old token should have failed")
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
print("Testing token can only be used once")
bind_conn.bind_s(babsdn, babspw + token)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
token = get_hotp_token(secret, interval_no + 1)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
dn, token_entry = get_token_for(connection, babsdn)
last = int(token_entry['oathTOTPLastTimeStep'][0].decode())
if last != interval_no + 1:
SystemExit("Unexpected counter value %d (expected %d)" %
(last, interval_no + 1))
print("Resetting counter and testing secret sharing between accounts")
connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])])
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
try:
bind_conn.bind_s(bjornsdn, bjornspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
print("Testing token is retired even with a wrong password")
connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])])
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
try:
bind_conn.bind_s(babsdn, b"not the password" + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with an incorrect password should have failed")
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
token = get_hotp_token(secret, interval_no + 1)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
ldap_url = MyLDAPUrl(sys.argv[1])
trace_level = int(ldap_url.trace_level or '0')
print('***trace_level',trace_level)
ldap.trace_level = trace_level
l = LDAPObject(
ldap_url.initializeUrl(),
trace_level=trace_level,
)
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS,0)
l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or ''))
result = l.search_s(
ldap_url.dn,
ldap_url.scope or ldap.SCOPE_SUBTREE,
ldap_url.filterstr or '(objectClass=*)',
ldap_url.attrs or ['*']
)
pprint.pprint(result)
print('***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)))
l.unbind_s()
class EditionTests(SlapdTestCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
base = cls.server.suffix
suffix_dc = base.split(',')[0][3:]
# insert some Foo* objects via ldapadd
cls.server.ldapadd("\n".join([
'dn: '+cls.server.suffix,
'objectClass: dcObject',
'objectClass: organization',
'dc: '+suffix_dc,
'o: '+suffix_dc,
'',
'dn: '+cls.server.root_dn,
'objectClass: applicationProcess',
'cn: '+cls.server.root_cn,
'',
"dn: cn=Foo1,"+base,
"objectClass: organizationalRole",
"cn: Foo1",
"",
"dn: cn=Foo2,"+base,
"objectClass: organizationalRole",
"cn: Foo2",
"",
"dn: cn=Foo3,"+base,
"objectClass: organizationalRole",
"cn: Foo3",
"",
"dn: ou=Container,"+base,
"objectClass: organizationalUnit",
"ou: Container",
"",
"dn: cn=Foo4,ou=Container,"+base,
"objectClass: organizationalRole",
"cn: Foo4",
"",
])+"\n")
def setUp(self):
self.ldap = LDAPObject(self.server.ldap_uri, bytes_mode=False)
self.ldap.protocol_version = 3
self.ldap.set_option(ldap.OPT_REFERRALS, 0)
self.ldap.simple_bind_s(
self.server.root_dn,
self.server.root_pw
)
def tearDown(self):
self.ldap.unbind()
def test_add_object(self):
base = self.server.suffix
dn = "cn=Added,ou=Container," + base
self.ldap.add_ext_s(dn, [
("objectClass", [b'organizationalRole']),
("cn", [b'Added']),
])
# Lookup the object
result = self.ldap.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*'])
self.assertEqual(result, [
("cn=Added,ou=Container," + base,
{'cn': [b'Added'], 'objectClass': [b'organizationalRole']}),
])
# Delete object
self.ldap.delete_s(dn)
result = self.ldap.search_s(
base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*']
)
self.assertEqual(result, [])
class Directory(object):
"""XXX: this could be without base_dn, not supporting iteration
"""
def __init__(self, uri, base_dn, bind_dn, pw):
self.base_dn = base_dn
self._ldap = LDAPObject(uri)
self._ldap.bind_s(bind_dn, pw)
def __contains__(self, dn):
try:
return dn == self._ldap.search_s(dn, SCOPE_BASE,
attrlist=[''])[0][0]
except ldap.NO_SUCH_OBJECT:
return False
def __getitem__(self, dn):
try:
entry = self._ldap.search_s(dn, SCOPE_BASE)[0]
except ldap.NO_SUCH_OBJECT:
raise KeyError(dn)
node = Node(name=dn, attrs=entry[1], ldap=self._ldap)
return node
def __setitem__(self, dn, node):
addlist = node.attrs.items()
try:
self._ldap.add_s(dn, addlist)
except ldap.ALREADY_EXISTS:
del self[dn]
self._ldap.add_s(dn, addlist)
def __delitem__(self, dn):
try:
self._ldap.delete_s(dn)
except ldap.NO_SUCH_OBJECT:
raise KeyError(dn)
def __iter__(self):
return (x[0][0] for x in
self._search(self.base_dn, SCOPE_SUBTREE)
if x[0][0] != self.base_dn)
def _search(self, base, scope, filterstr='(objectClass=*)', attrlist=None,
timeout=-1):
"""asynchronous ldap search returning a generator
"""
msgid = self._ldap.search(base, scope,
filterstr=filterstr, attrlist=attrlist)
rtype = ldap.RES_SEARCH_ENTRY
while rtype is ldap.RES_SEARCH_ENTRY:
# Fetch results single file, the final result (usually)
# has an empty field. <sigh>
(rtype, data) = self._ldap.result(msgid=msgid, all=0,
timeout=timeout)
if rtype is ldap.RES_SEARCH_ENTRY or data:
yield data
def items(self):
return ItemsView(dictionary=self)
def keys(self):
return KeysView(dictionary=self)
def values(self):
return ValuesView(dictionary=self)
def __len__(self):
return sum(1 for node in iter(self))
def clear(self):
for dn in self.keys():
del self[dn]
def copy(self):
return copy.copy(self)
def get(self, dn, default=None):
try:
return self[dn]
except KeyError:
return default
def pop(self, dn, default=None):
try:
node = self[dn]
del self[dn]
except KeyError:
if default is None:
raise KeyError(dn)
return default
return node
def popitem(self):
if not self:
raise KeyError
dn = next(iter(self))
node = self[dn]
del self[dn]
return (dn, node)
def setdefault(self, dn, default=None):
try:
return self[dn]
except KeyError:
self[default.name] = default
return default
def update(self, other):
try:
items = other.items()
except AttributeError:
items = other
for dn, node in items:
self[dn] = node
return None
iterkeys = __iter__
def itervalues(self):
return (Node(name=x[0][0], attrs=x[0][1], ldap=self._ldap) for x in
self._search(self.base_dn,
ldap.SCOPE_SUBTREE, attrlist=[''])
if x[0][0] != self.base_dn)
def iteritems(self):
return ((node.name, node) for node in ValuesView(self))
