def child_base(self, context):
cfg = context.locate(interfaces.ILDAPConfig)
c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d=c.connectAnonymously(iwebui.ICurrentDN(context),
cfg.getServiceLocationOverrides())
def _search(proto, base):
baseEntry = ldapsyntax.LDAPEntry(client=proto,
dn=base)
d=baseEntry.search(scope=pureldap.LDAP_SCOPE_baseObject,
sizeLimit=1)
def _cb(result, proto):
proto.unbind()
return result
d.addBoth(_cb, proto)
return d
d.addCallback(_search, iwebui.ICurrentDN(context))
def _first(results, dn):
assert len(results)==1, \
"Expected one result, not %r" % results
return {'dn': dn,
'attributes': results[0],
}
d.addCallback(_first, iwebui.ICurrentDN(context))
return d
def main(cfg, fromDN, toDN, binddn, bindPassword):
fromDN = distinguishedname.DistinguishedName(stringValue=fromDN)
toDN = distinguishedname.DistinguishedName(stringValue=toDN)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connect(dn=fromDN, overrides=cfg.getServiceLocationOverrides())
def _bind(proto, binddn, bindPassword):
if binddn:
pwd = bindPassword
if pwd is None:
pwd = getpass.getpass("Password for %s: " % binddn)
d = proto.bind(binddn, pwd)
else:
d = proto.bind()
d.addCallback(lambda _: proto)
return d
d.addCallback(_bind, binddn, bindPassword)
d.addCallback(move, fromDN, toDN)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def main(cfg, filter_text):
from twisted.python import log
log.startLogging(sys.stderr, setStdout=0)
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
if filter_text is not None:
filt = ldapfilter.parseFilter(filter_text)
else:
filt = None
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(baseDN,
overrides=cfg.getServiceLocationOverrides())
d.addCallback(cbConnected, cfg, filt)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def requestAvatarId(self, credentials):
try:
baseDN = self.config.getIdentityBaseDN()
except config.MissingBaseDNError as e:
return failure.Failure(
error.UnauthorizedLogin(
"Disabled due configuration error: %s." % e))
if not credentials.username:
return failure.Failure(
error.UnauthorizedLogin("I don't support anonymous"))
filtText = self.config.getIdentitySearch(credentials.username)
try:
filt = ldapfilter.parseFilter(filtText)
except ldapfilter.InvalidLDAPFilter:
return failure.Failure(
error.UnauthorizedLogin("Couldn't create filter"))
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connect(baseDN, self.config.getServiceLocationOverrides())
d.addCallback(self._connected, filt, credentials)
def _err(reason):
reason.trap(
ldaperrors.LDAPInvalidCredentials,
# this happens with slapd 2.1.30 when binding
# with DN but no password
ldaperrors.LDAPUnwillingToPerform)
return failure.Failure(error.UnauthorizedLogin())
d.addErrback(_err)
return d
def get_user(self, login, password):
from twisted.internet import reactor
from ldaptor.protocols.ldap import ldapconnector, ldapclient, ldapsyntax
if isinstance(login, unicode):
login = login.encode('utf-8')
if isinstance(password, unicode):
password = password.encode('utf-8')
server_ip = self.config.get('ldap_host', '127.0.0.1')
server_port = self.config.get('ldap_port', 389)
basedn = self.config.get('base_dn', 'OU=FNKC,DC=fccho-moscow,DC=ru')
binddn, bindpw = login, password
query = '(sAMAccountName=%s)' % login
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
overrides = {basedn: (server_ip, server_port)}
client = yield c.connect(basedn, overrides=overrides)
try:
yield client.bind(binddn, bindpw)
except LDAPException as e:
if e.name == 'invalidCredentials':
raise EInvalidCredentials()
raise
o = ldapsyntax.LDAPEntry(client, basedn)
results = yield o.search(filterText=query, sizeLimit=1)
if not results:
raise EInvalidCredentials()
result = dict((name, value[0]) for name, value in results[0].items())
defer.returnValue(LdapAuthObject(result))
def example(dn_file, stats, basedn, test_starttls, test_bind, test_search,
unbind):
with open(dn_file, "r") as f:
dns = [line.strip() for line in f]
serverip = '127.0.0.1'
bindpw = 'secret'
for n, binddn in enumerate(dns):
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
overrides = {basedn: (serverip, 10389)}
client = yield c.connect(basedn, overrides=overrides)
stats['attempted'] += 1
stats['att_per_s'] += 1
if test_starttls:
client = yield client.startTLS()
if test_bind:
try:
yield client.bind(binddn, bindpw)
except LDAPInvalidCredentials:
pass
if test_search:
o = ldapsyntax.LDAPEntry(client, basedn)
results = yield o.search(filterText="(uid=xyzzy)",
attributes=['uid'])
if unbind:
client.unbind()
stats['successful'] += 1
stats['suc_per_s'] += 1
def example():
scp = load_settings()
host = scp.get('LDAP', 'host')
port = scp.getint('LDAP', 'port')
basedn = scp.get('LDAP', 'basedn')
binddn = scp.get('LDAP', 'binddn')
bindpw = scp.get('LDAP', 'bindpw')
query = '(uid=pumpkin)'
print "host", host[0]
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
overrides = {basedn: (host, 389)}
client = yield c.connect(basedn, overrides=overrides)
client = yield client.startTLS()
yield client.bind(binddn, bindpw)
o = ldapsyntax.LDAPEntry(client, basedn)
#results = yield o.search(filterText=query, attributes=['uid', 'memberOf'])
results = yield o.search(filterText=query)
#results = yield o.search(filterText=query, attributes=[])
for entry in results:
# Print the LDIF representation.
print entry
print
#Access the DN
print entry.dn
# Print attribute values.
for x in entry['uid']:
print x
print
def connectionMade(self):
clientCreator = ldapconnector.LDAPClientCreator(reactor, self.protocol)
d = clientCreator.connect(
dn="", overrides=self.config.getServiceLocationOverrides())
d.addCallback(self._cbConnectionMade)
d.addErrback(self._failConnection)
ldapserver.BaseLDAPServer.connectionMade(self)
def make_connected_client(self):
client_creator = ldapconnector.LDAPClientCreator(
reactor=reactor,
protocolClass=ldapclient.LDAPClient,
)
return client_creator.connect(
dn="",
overrides=self.cfg.getServiceLocationOverrides(),
)
def ldapEntryFactory(pdnsProto):
c = ldapconnector.LDAPClientCreator(reactor, MyLDAPClient, pdnsProto=pdnsProto)
d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides())
def _cb(client, baseDN):
e = LDAPEntry(client=client, dn=baseDN)
return e
d.addCallback(_cb, baseDN)
return d
def connectionMade(self):
clientCreator = ldapconnector.LDAPClientCreator(reactor, self.protocol)
for (c, tls) in zip(self.configs, self.use_tls):
d = clientCreator.connect(dn="", overrides=c.getServiceLocationOverrides())
if tls:
d.addCallback(lambda x: x.startTLS())
d.addCallback(self._cbConnectionMade)
d.addErrback(self._failConnection)
ldapserver.BaseLDAPServer.connectionMade(self)
def testSimple(self):
dn = distinguishedname.DistinguishedName('dc=example,dc=com')
c = ldapconnector.LDAPClientCreator(reactor, FakeProto)
def _doConnect(factory):
factory.doStart()
factory.startedConnecting(c)
factory.buildProtocol(address.IPv4Address('TCP', 'localhost', '1'))
d = c.connect(dn, overrides={ dn: _doConnect, })
def cb(r):
self.failUnless(isinstance(r, FakeProto))
d.addCallback(cb)
return d
def search(config):
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(config["base"],
config["serviceLocationOverrides"])
def _doSearch(proto, config):
searchFilter = ldapfilter.parseFilter("(gn=j*)")
baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=config["base"])
d = baseEntry.search(filterObject=searchFilter)
return d
d.addCallback(_doSearch, config)
return d
def main(base, serviceLocationOverrides, numOfConnections=3, numOfSearches=3):
log.startLogging(sys.stderr, setStdout=0)
l = []
for connection in range(0, numOfConnections):
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(base, serviceLocationOverrides)
d.addCallback(_search, base, connection, numOfSearches)
d.addErrback(error)
l.append(d)
dl = defer.DeferredList(l)
dl.addBoth(lambda dummy: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def _search(self, searchFilter):
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(self.config.getBaseDN(),
self.config.getServiceLocationOverrides())
def _doSearch(proto, searchFilter):
searchFilter = ldapfilter.parseFilter(searchFilter)
baseEntry = ldapsyntax.LDAPEntry(client=proto,
dn=self.config.getBaseDN())
d = baseEntry.search(filterObject=searchFilter)
return d
d.addCallback(_doSearch, searchFilter)
return d
def example():
serverip = '192.168.128.21'
basedn = 'dc=example,dc=com'
binddn = '*****@*****.**'
bindpw = 'secret'
query = '(cn=Babs*)'
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
overrides = {basedn: (serverip, 389)}
client = yield c.connect(basedn, overrides=overrides)
yield client.bind(binddn, bindpw)
o = ldapsyntax.LDAPEntry(client, basedn)
results = yield o.search(filterText=query)
for entry in results:
print(entry)
def main(cfg, filter_text, attributes):
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(dn=baseDN,
overrides=cfg.getServiceLocationOverrides())
d.addCallback(search, baseDN, filter_text, attributes)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def connection():
"""
Connect to our LDAP server
:returns: a deferred that when fired returns a
ldaptor.protocols.ldap.ldapclient.LDAPClient
"""
if not hasattr(settings, 'LDAP'):
raise RuntimeError('please configure my LDAP settings')
host = settings.LDAP['host'] # ldap.corp.example.com
basedn = settings.LDAP['basedn'] # dc=example,dc=com
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
overrides = {basedn: (host, 389)}
client = yield c.connect(basedn, overrides=overrides)
yield client.startTLS()
yield client.bind()
defer.returnValue(client)
def child(self, context, name):
if name == 'searchFilter':
return self._getSearchFilter()
if name != 'results':
return None
config = context.locate(ILDAPConfig)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(config.getBaseDN(),
config.getServiceLocationOverrides())
def _search(proto, base, searchFilter):
baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=base)
d = baseEntry.search(filterObject=searchFilter)
return d
d.addCallback(_search, config.getBaseDN(), self._getSearchFilter())
return d
def requestAvatarId(self, _credentials):
try:
baseDN = self.config.getIdentityBaseDN()
except ldaptor_config.MissingBaseDNError as e:
raise UnauthorizedLogin(
"Disabled due configuration error: %s." % e)
if not _credentials.username:
raise UnauthorizedLogin('I dont support anonymous')
filtText = self.config.getIdentitySearch(_credentials.username)
try:
filt = ldapfilter.parseFilter(filtText)
except ldapfilter.InvalidLDAPFilter:
raise UnauthorizedLogin("Couldn't create filter")
deferred = defer.Deferred()
client = ldapconnector.LDAPClientCreator(reactor,
ldapclient.LDAPClient)
d = client.connect(baseDN,
self.config.getServiceLocationOverrides())
d.addCallback(self._connected, filt, _credentials, deferred)
def timeout(_deferred, _client):
if _deferred.called: return
log.msg('Warning! LDAP connection timeout')
_deferred.errback(UnauthorizedLogin('LDAP connection timeout'))
# ClientCreator has no disconnect()
#_client.disconnect()
reactor.callLater(3, timeout, deferred, client)
def _err(reason, _deferred):
if _deferred.called: return ##maybe has timeout
log.msg('Warning! LDAP connection problem %s' % reason)
reason.trap(
ldaperrors.LDAPInvalidCredentials,
# this happens with slapd 2.1.30 when binding
# with DN but no password
ldaperrors.LDAPUnwillingToPerform)
_deferred.errback(UnauthorizedLogin('LDAP connection problem'))
d.addErrback(_err, deferred)
return deferred
def main(cfg, filter_text):
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
filt = ldapfilter.parseFilter("(objectClass=posixAccount)")
if filter_text is not None:
filt = pureldap.LDAPFilter_and(
[filt, ldapfilter.parseFilter(filter_text)])
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(dn=baseDN,
overrides=cfg.getServiceLocationOverrides())
d.addCallback(search, baseDN, filt)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def main(cfg):
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(dn=baseDN,
overrides=cfg.getServiceLocationOverrides())
def _cbBound(client, baseDN):
d = fetchschema.fetch(client, baseDN)
return d
d.addCallback(_cbBound, baseDN)
d.addCallback(_printResults)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def child_results(self, context):
assert self.filter is not None
cfg = context.locate(interfaces.ILDAPConfig)
c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
curDN = iwebui.ICurrentDN(context)
d=c.connectAnonymously(curDN,
cfg.getServiceLocationOverrides())
def _search(proto, dn, searchFilter, scope):
baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=dn)
d=baseEntry.search(filterObject=searchFilter,
scope=scope,
sizeLimit=20,
sizeLimitIsNonFatal=True)
def _cb(result, proto):
proto.unbind()
return result
d.addBoth(_cb, proto)
return d
d.addCallback(_search, curDN, self.filter, self.data['scope'])
return d
def main(cfg):
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(dn=baseDN,
overrides=cfg.getServiceLocationOverrides())
def _cbBound(client, baseDN):
o = ldapsyntax.LDAPEntry(client=client, dn=baseDN)
return numberalloc.getFreeNumber(o, "uidNumber", min=1000)
d.addCallback(_cbBound, baseDN)
d.addCallback(lambda num: sys.stdout.write("%s\n" % repr(num)))
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
def main(cfg, domain, forward, reverse, filter_text):
from twisted.python import log
log.startLogging(sys.stderr, setStdout=0)
try:
baseDN = cfg.getBaseDN()
except config.MissingBaseDNError as e:
print("{}: {}.".format(sys.argv[0], e), file=sys.stderr)
sys.exit(1)
if filter_text is not None:
filt = ldapfilter.parseFilter(filter_text)
else:
filt = None
forwardTmp = "%s.%d.tmp" % (forward, os.getpid())
forwardFile = open(forwardTmp, "w")
print("$ORIGIN\t%s." % domain, file=forwardFile)
print(file=forwardFile)
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connectAnonymously(baseDN,
overrides=cfg.getServiceLocationOverrides())
d.addCallback(cbConnected, cfg, domain, forwardFile, reverse, filt)
d.addCallbacks(
callback=filesOk,
callbackArgs=(forward, forwardTmp, forwardFile, reverse),
errback=filesAbort,
errbackArgs=(forward, forwardTmp, forwardFile, reverse),
)
d.addErrback(error)
d.addBoth(lambda x: reactor.stop())
reactor.run()
sys.exit(exitStatus)
class LDAPBindingChecker:
"""
The avatarID returned is an LDAPEntry.
"""
implements(checkers.ICredentialsChecker)
credentialInterfaces = (credentials.IUsernamePassword, )
def __init__(self, cfg):
self.config = cfg
def _valid(self, result, entry):
matchedDN, serverSaslCreds = result
return entry
def _found(self, results, credentials):
if not results:
return failure.Failure(error.UnauthorizedLogin('TODO 1'))
assert len(results) == 1
entry = results[0]
d = entry.client.bind(str(entry.dn), credentials.password)
d.addCallback(self._valid, entry)
return d
def _connected(self, client, filt, credentials):
base = ldapsyntax.LDAPEntry(client, self.config.getIdentityBaseDN())
d = base.search(
filterObject=filt,
sizeLimit=1,
attributes=[''], # TODO no attributes
)
d.addCallback(self._found, credentials)
return d
def requestAvatarId(self, credentials):
try:
baseDN = self.config.getIdentityBaseDN()
except config.MissingBaseDNError, e:
return failure.Failure(
error.UnauthorizedLogin(
"Disabled due configuration error: %s." % e))
if not credentials.username:
return failure.Failure(
error.UnauthorizedLogin("I don't support anonymous"))
filtText = self.config.getIdentitySearch(credentials.username)
try:
filt = ldapfilter.parseFilter(filtText)
except ldapfilter.InvalidLDAPFilter:
return failure.Failure(
error.UnauthorizedLogin("Couldn't create filter"))
c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
d = c.connect(baseDN, self.config.getServiceLocationOverrides())
d.addCallback(self._connected, filt, credentials)
def _err(reason):
reason.trap(
ldaperrors.LDAPInvalidCredentials,
# this happens with slapd 2.1.30 when binding
# with DN but no password
ldaperrors.LDAPUnwillingToPerform)
return failure.Failure(error.UnauthorizedLogin())
d.addErrback(_err)
return d
