def handle_LDAPModifyDNRequest(self, request, controls, reply):
self.checkControls(controls)
dn = distinguishedname.DistinguishedName(request.entry)
newrdn = distinguishedname.RelativeDistinguishedName(request.newrdn)
deleteoldrdn = bool(request.deleteoldrdn)
if not deleteoldrdn:
raise ldaperrors.LDAPUnwillingToPerform(
"Cannot handle preserving old RDN yet.")
newSuperior = request.newSuperior
if newSuperior is None:
newSuperior = dn.up()
else:
newSuperior = distinguishedname.DistinguishedName(newSuperior)
newdn = distinguishedname.DistinguishedName(
listOfRDNs=(newrdn,)+newSuperior.split())
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(dn)
def _gotEntry(entry):
d = entry.move(newdn)
return d
def _report(entry):
return pureldap.LDAPModifyDNResponse(resultCode=0)
d.addCallback(_gotEntry)
d.addCallback(_report)
return d
def getRootDSE(self, request, reply):
root = interfaces.IConnectedLDAPEntry(self.factory)
reply(pureldap.LDAPSearchResultEntry(
objectName='',
attributes=[('supportedLDAPVersion', ['3']),
('namingContexts', [str(root.dn)]),
('supportedExtension', [
pureldap.LDAPPasswordModifyRequest.oid, ]), ], ))
return pureldap.LDAPSearchResultDone(
resultCode=ldaperrors.Success.resultCode)
def handle_LDAPModifyRequest(self, request, controls, reply):
self.checkControls(controls)
root = interfaces.IConnectedLDAPEntry(self.factory)
mod = delta.ModifyOp.fromLDAP(request)
d = mod.patch(root)
def _patched(entry):
return entry.commit()
d.addCallback(_patched)
def _report(entry):
return pureldap.LDAPModifyResponse(resultCode=0)
d.addCallback(_report)
return d
def handle_LDAPDelRequest(self, request, controls, reply):
self.checkControls(controls)
dn = distinguishedname.DistinguishedName(request.value)
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(dn)
def _gotEntry(entry):
d = entry.delete()
return d
d.addCallback(_gotEntry)
def _report(entry):
return pureldap.LDAPDelResponse(resultCode=0)
d.addCallback(_report)
return d
def handle_LDAPSearchRequest(self, request, controls, reply):
self.checkControls(controls)
if (request.baseObject == ''
and request.scope == pureldap.LDAP_SCOPE_baseObject
and request.filter == pureldap.LDAPFilter_present('objectClass')):
return self.getRootDSE(request, reply)
dn = distinguishedname.DistinguishedName(request.baseObject)
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(dn)
d.addCallback(self._cbSearchGotBase, dn, request, reply)
d.addErrback(self._cbSearchLDAPError)
d.addErrback(defer.logError)
d.addErrback(self._cbSearchOtherError)
return d
def handle_LDAPCompareRequest(self, request, controls, reply):
def _cbCompareGotBase(base, ava, reply):
def _done(result_list):
if result_list:
resultCode = ldaperrors.LDAPCompareTrue.resultCode
else:
resultCode = ldaperrors.LDAPCompareFalse.resultCode
return pureldap.LDAPCompareResponse(resultCode)
# base.search only works with Filter Objects, and not with
# AttributeValueAssertion objects. Here we convert the AVA to an
# equivalent Filter so we can re-use the existing search
# functionality we require.
search_filter = pureldap.LDAPFilter_equalityMatch(
attributeDesc=ava.attributeDesc,
assertionValue=ava.assertionValue
)
d = base.search(
filterObject=search_filter,
scope=pureldap.LDAP_SCOPE_baseObject,
derefAliases=pureldap.LDAP_DEREF_neverDerefAliases
)
d.addCallback(_done)
return d
def _cbCompareLDAPError(reason):
reason.trap(ldaperrors.LDAPException)
return pureldap.LDAPCompareResponse(
resultCode=reason.value.resultCode)
def _cbCompareOtherError(reason):
return pureldap.LDAPCompareResponse(
resultCode=ldaperrors.other,
errorMessage=reason.getErrorMessage())
self.checkControls(controls)
dn = distinguishedname.DistinguishedName(request.entry)
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(dn)
d.addCallback(_cbCompareGotBase, request.ava, reply)
d.addErrback(_cbCompareLDAPError)
d.addErrback(defer.logError)
d.addErrback(_cbCompareOtherError)
return d
def getRootDSE(self, request, reply):
root = interfaces.IConnectedLDAPEntry(self.factory)
reply(
pureldap.LDAPSearchResultEntry(
objectName="",
attributes=[
("supportedLDAPVersion", ["3"]),
("namingContexts", [root.dn.getText()]),
(
"supportedExtension",
[
pureldap.LDAPPasswordModifyRequest.oid,
],
),
],
))
return pureldap.LDAPSearchResultDone(
resultCode=ldaperrors.Success.resultCode)
def handle_LDAPBindRequest(self, request, controls, reply):
if request.version != 3:
raise ldaperrors.LDAPProtocolError("Version %u not supported" %
request.version)
self.checkControls(controls)
if request.dn == b"":
# anonymous bind
self.boundUser = None
return pureldap.LDAPBindResponse(resultCode=0)
else:
dn = distinguishedname.DistinguishedName(request.dn)
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(dn)
def _noEntry(fail):
fail.trap(ldaperrors.LDAPNoSuchObject)
return None
d.addErrback(_noEntry)
def _gotEntry(entry, auth):
if entry is None:
raise ldaperrors.LDAPInvalidCredentials()
d = entry.bind(auth)
def _cb(entry):
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=entry.dn.getText(),
)
return msg
d.addCallback(_cb)
return d
d.addCallback(_gotEntry, request.auth)
return d
def handle_LDAPAddRequest(self, request, controls, reply):
self.checkControls(controls)
attributes = {}
for name, vals in request.attributes:
attributes.setdefault(name.value, sets.Set())
attributes[name.value].update([x.value for x in vals])
dn = distinguishedname.DistinguishedName(request.entry)
rdn = str(dn.split()[0])
parent = dn.up()
root = interfaces.IConnectedLDAPEntry(self.factory)
d = root.lookup(parent)
def _gotEntry(parent):
d = parent.addChild(rdn, attributes)
return d
d.addCallback(_gotEntry)
def _report(entry):
return pureldap.LDAPAddResponse(resultCode=0)
d.addCallback(_report)
return d
def handle_LDAPBindRequest(self, request, controls, reply):
if request.version != 3:
raise ldaperrors.LDAPProtocolError('Version %u not supported' %
request.version)
self.checkControls(controls)
if request.dn == b'':
# anonymous bind
self.boundUser = None
return pureldap.LDAPBindResponse(resultCode=0)
root = interfaces.IConnectedLDAPEntry(self.factory)
def _gotUPNResult(results):
if len(results) != 1:
# Not exactly one result, so this might not be an UNP.
return distinguishedname.DistinguishedName(request.dn)
# A single result, so the UPN might exist.
return results[0].dn
if b'@' in request.dn and b',' not in request.dn:
# This might be an UPN request.
filterText = b'(' + self._loginAttribute + b'=' + request.dn + b')'
d = root.search(filterText=filterText)
d.addCallback(_gotUPNResult)
else:
d = defer.succeed(distinguishedname.DistinguishedName(request.dn))
# Once the BIND DN is known, search for the LDAP entry.
d.addCallback(lambda dn: root.lookup(dn))
def _noEntry(fail):
"""
Called when the requested BIND DN was not found.
"""
fail.trap(ldaperrors.LDAPNoSuchObject)
return None
d.addErrback(_noEntry)
def _gotEntry(entry, auth):
"""
Called when the requested BIND DN was found.
"""
if entry is None:
raise ldaperrors.LDAPInvalidCredentials()
d = entry.bind(auth)
def _cb(entry):
"""
Called when BIND operation was successful.
"""
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=entry.dn)
return msg
d.addCallback(_cb)
return d
d.addCallback(_gotEntry, request.auth)
return d
