def child_base(self, context): cfg = context.locate(interfaces.ILDAPConfig) c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d=c.connectAnonymously(iwebui.ICurrentDN(context), cfg.getServiceLocationOverrides()) def _search(proto, base): baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=base) d=baseEntry.search(scope=pureldap.LDAP_SCOPE_baseObject, sizeLimit=1) def _cb(result, proto): proto.unbind() return result d.addBoth(_cb, proto) return d d.addCallback(_search, iwebui.ICurrentDN(context)) def _first(results, dn): assert len(results)==1, \ "Expected one result, not %r" % results return {'dn': dn, 'attributes': results[0], } d.addCallback(_first, iwebui.ICurrentDN(context)) return d
def main(cfg, fromDN, toDN, binddn, bindPassword): fromDN = distinguishedname.DistinguishedName(stringValue=fromDN) toDN = distinguishedname.DistinguishedName(stringValue=toDN) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connect(dn=fromDN, overrides=cfg.getServiceLocationOverrides()) def _bind(proto, binddn, bindPassword): if binddn: pwd = bindPassword if pwd is None: pwd = getpass.getpass("Password for %s: " % binddn) d = proto.bind(binddn, pwd) else: d = proto.bind() d.addCallback(lambda _: proto) return d d.addCallback(_bind, binddn, bindPassword) d.addCallback(move, fromDN, toDN) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def main(cfg, filter_text): from twisted.python import log log.startLogging(sys.stderr, setStdout=0) try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) if filter_text is not None: filt = ldapfilter.parseFilter(filter_text) else: filt = None c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(baseDN, overrides=cfg.getServiceLocationOverrides()) d.addCallback(cbConnected, cfg, filt) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def requestAvatarId(self, credentials): try: baseDN = self.config.getIdentityBaseDN() except config.MissingBaseDNError as e: return failure.Failure( error.UnauthorizedLogin( "Disabled due configuration error: %s." % e)) if not credentials.username: return failure.Failure( error.UnauthorizedLogin("I don't support anonymous")) filtText = self.config.getIdentitySearch(credentials.username) try: filt = ldapfilter.parseFilter(filtText) except ldapfilter.InvalidLDAPFilter: return failure.Failure( error.UnauthorizedLogin("Couldn't create filter")) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connect(baseDN, self.config.getServiceLocationOverrides()) d.addCallback(self._connected, filt, credentials) def _err(reason): reason.trap( ldaperrors.LDAPInvalidCredentials, # this happens with slapd 2.1.30 when binding # with DN but no password ldaperrors.LDAPUnwillingToPerform) return failure.Failure(error.UnauthorizedLogin()) d.addErrback(_err) return d
def get_user(self, login, password): from twisted.internet import reactor from ldaptor.protocols.ldap import ldapconnector, ldapclient, ldapsyntax if isinstance(login, unicode): login = login.encode('utf-8') if isinstance(password, unicode): password = password.encode('utf-8') server_ip = self.config.get('ldap_host', '127.0.0.1') server_port = self.config.get('ldap_port', 389) basedn = self.config.get('base_dn', 'OU=FNKC,DC=fccho-moscow,DC=ru') binddn, bindpw = login, password query = '(sAMAccountName=%s)' % login c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) overrides = {basedn: (server_ip, server_port)} client = yield c.connect(basedn, overrides=overrides) try: yield client.bind(binddn, bindpw) except LDAPException as e: if e.name == 'invalidCredentials': raise EInvalidCredentials() raise o = ldapsyntax.LDAPEntry(client, basedn) results = yield o.search(filterText=query, sizeLimit=1) if not results: raise EInvalidCredentials() result = dict((name, value[0]) for name, value in results[0].items()) defer.returnValue(LdapAuthObject(result))
def example(dn_file, stats, basedn, test_starttls, test_bind, test_search, unbind): with open(dn_file, "r") as f: dns = [line.strip() for line in f] serverip = '127.0.0.1' bindpw = 'secret' for n, binddn in enumerate(dns): c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) overrides = {basedn: (serverip, 10389)} client = yield c.connect(basedn, overrides=overrides) stats['attempted'] += 1 stats['att_per_s'] += 1 if test_starttls: client = yield client.startTLS() if test_bind: try: yield client.bind(binddn, bindpw) except LDAPInvalidCredentials: pass if test_search: o = ldapsyntax.LDAPEntry(client, basedn) results = yield o.search(filterText="(uid=xyzzy)", attributes=['uid']) if unbind: client.unbind() stats['successful'] += 1 stats['suc_per_s'] += 1
def example(): scp = load_settings() host = scp.get('LDAP', 'host') port = scp.getint('LDAP', 'port') basedn = scp.get('LDAP', 'basedn') binddn = scp.get('LDAP', 'binddn') bindpw = scp.get('LDAP', 'bindpw') query = '(uid=pumpkin)' print "host", host[0] c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) overrides = {basedn: (host, 389)} client = yield c.connect(basedn, overrides=overrides) client = yield client.startTLS() yield client.bind(binddn, bindpw) o = ldapsyntax.LDAPEntry(client, basedn) #results = yield o.search(filterText=query, attributes=['uid', 'memberOf']) results = yield o.search(filterText=query) #results = yield o.search(filterText=query, attributes=[]) for entry in results: # Print the LDIF representation. print entry print #Access the DN print entry.dn # Print attribute values. for x in entry['uid']: print x print
def connectionMade(self): clientCreator = ldapconnector.LDAPClientCreator(reactor, self.protocol) d = clientCreator.connect( dn="", overrides=self.config.getServiceLocationOverrides()) d.addCallback(self._cbConnectionMade) d.addErrback(self._failConnection) ldapserver.BaseLDAPServer.connectionMade(self)
def make_connected_client(self): client_creator = ldapconnector.LDAPClientCreator( reactor=reactor, protocolClass=ldapclient.LDAPClient, ) return client_creator.connect( dn="", overrides=self.cfg.getServiceLocationOverrides(), )
def ldapEntryFactory(pdnsProto): c = ldapconnector.LDAPClientCreator(reactor, MyLDAPClient, pdnsProto=pdnsProto) d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides()) def _cb(client, baseDN): e = LDAPEntry(client=client, dn=baseDN) return e d.addCallback(_cb, baseDN) return d
def connectionMade(self): clientCreator = ldapconnector.LDAPClientCreator(reactor, self.protocol) for (c, tls) in zip(self.configs, self.use_tls): d = clientCreator.connect(dn="", overrides=c.getServiceLocationOverrides()) if tls: d.addCallback(lambda x: x.startTLS()) d.addCallback(self._cbConnectionMade) d.addErrback(self._failConnection) ldapserver.BaseLDAPServer.connectionMade(self)
def testSimple(self): dn = distinguishedname.DistinguishedName('dc=example,dc=com') c = ldapconnector.LDAPClientCreator(reactor, FakeProto) def _doConnect(factory): factory.doStart() factory.startedConnecting(c) factory.buildProtocol(address.IPv4Address('TCP', 'localhost', '1')) d = c.connect(dn, overrides={ dn: _doConnect, }) def cb(r): self.failUnless(isinstance(r, FakeProto)) d.addCallback(cb) return d
def search(config): c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(config["base"], config["serviceLocationOverrides"]) def _doSearch(proto, config): searchFilter = ldapfilter.parseFilter("(gn=j*)") baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=config["base"]) d = baseEntry.search(filterObject=searchFilter) return d d.addCallback(_doSearch, config) return d
def main(base, serviceLocationOverrides, numOfConnections=3, numOfSearches=3): log.startLogging(sys.stderr, setStdout=0) l = [] for connection in range(0, numOfConnections): c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(base, serviceLocationOverrides) d.addCallback(_search, base, connection, numOfSearches) d.addErrback(error) l.append(d) dl = defer.DeferredList(l) dl.addBoth(lambda dummy: reactor.stop()) reactor.run() sys.exit(exitStatus)
def _search(self, searchFilter): c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(self.config.getBaseDN(), self.config.getServiceLocationOverrides()) def _doSearch(proto, searchFilter): searchFilter = ldapfilter.parseFilter(searchFilter) baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=self.config.getBaseDN()) d = baseEntry.search(filterObject=searchFilter) return d d.addCallback(_doSearch, searchFilter) return d
def example(): serverip = '192.168.128.21' basedn = 'dc=example,dc=com' binddn = '*****@*****.**' bindpw = 'secret' query = '(cn=Babs*)' c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) overrides = {basedn: (serverip, 389)} client = yield c.connect(basedn, overrides=overrides) yield client.bind(binddn, bindpw) o = ldapsyntax.LDAPEntry(client, basedn) results = yield o.search(filterText=query) for entry in results: print(entry)
def main(cfg, filter_text, attributes): try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides()) d.addCallback(search, baseDN, filter_text, attributes) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def connection(): """ Connect to our LDAP server :returns: a deferred that when fired returns a ldaptor.protocols.ldap.ldapclient.LDAPClient """ if not hasattr(settings, 'LDAP'): raise RuntimeError('please configure my LDAP settings') host = settings.LDAP['host'] # ldap.corp.example.com basedn = settings.LDAP['basedn'] # dc=example,dc=com c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) overrides = {basedn: (host, 389)} client = yield c.connect(basedn, overrides=overrides) yield client.startTLS() yield client.bind() defer.returnValue(client)
def child(self, context, name): if name == 'searchFilter': return self._getSearchFilter() if name != 'results': return None config = context.locate(ILDAPConfig) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(config.getBaseDN(), config.getServiceLocationOverrides()) def _search(proto, base, searchFilter): baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=base) d = baseEntry.search(filterObject=searchFilter) return d d.addCallback(_search, config.getBaseDN(), self._getSearchFilter()) return d
def requestAvatarId(self, _credentials): try: baseDN = self.config.getIdentityBaseDN() except ldaptor_config.MissingBaseDNError as e: raise UnauthorizedLogin( "Disabled due configuration error: %s." % e) if not _credentials.username: raise UnauthorizedLogin('I dont support anonymous') filtText = self.config.getIdentitySearch(_credentials.username) try: filt = ldapfilter.parseFilter(filtText) except ldapfilter.InvalidLDAPFilter: raise UnauthorizedLogin("Couldn't create filter") deferred = defer.Deferred() client = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = client.connect(baseDN, self.config.getServiceLocationOverrides()) d.addCallback(self._connected, filt, _credentials, deferred) def timeout(_deferred, _client): if _deferred.called: return log.msg('Warning! LDAP connection timeout') _deferred.errback(UnauthorizedLogin('LDAP connection timeout')) # ClientCreator has no disconnect() #_client.disconnect() reactor.callLater(3, timeout, deferred, client) def _err(reason, _deferred): if _deferred.called: return ##maybe has timeout log.msg('Warning! LDAP connection problem %s' % reason) reason.trap( ldaperrors.LDAPInvalidCredentials, # this happens with slapd 2.1.30 when binding # with DN but no password ldaperrors.LDAPUnwillingToPerform) _deferred.errback(UnauthorizedLogin('LDAP connection problem')) d.addErrback(_err, deferred) return deferred
def main(cfg, filter_text): try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) filt = ldapfilter.parseFilter("(objectClass=posixAccount)") if filter_text is not None: filt = pureldap.LDAPFilter_and( [filt, ldapfilter.parseFilter(filter_text)]) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides()) d.addCallback(search, baseDN, filt) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def main(cfg): try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides()) def _cbBound(client, baseDN): d = fetchschema.fetch(client, baseDN) return d d.addCallback(_cbBound, baseDN) d.addCallback(_printResults) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def child_results(self, context): assert self.filter is not None cfg = context.locate(interfaces.ILDAPConfig) c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) curDN = iwebui.ICurrentDN(context) d=c.connectAnonymously(curDN, cfg.getServiceLocationOverrides()) def _search(proto, dn, searchFilter, scope): baseEntry = ldapsyntax.LDAPEntry(client=proto, dn=dn) d=baseEntry.search(filterObject=searchFilter, scope=scope, sizeLimit=20, sizeLimitIsNonFatal=True) def _cb(result, proto): proto.unbind() return result d.addBoth(_cb, proto) return d d.addCallback(_search, curDN, self.filter, self.data['scope']) return d
def main(cfg): try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(dn=baseDN, overrides=cfg.getServiceLocationOverrides()) def _cbBound(client, baseDN): o = ldapsyntax.LDAPEntry(client=client, dn=baseDN) return numberalloc.getFreeNumber(o, "uidNumber", min=1000) d.addCallback(_cbBound, baseDN) d.addCallback(lambda num: sys.stdout.write("%s\n" % repr(num))) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
def main(cfg, domain, forward, reverse, filter_text): from twisted.python import log log.startLogging(sys.stderr, setStdout=0) try: baseDN = cfg.getBaseDN() except config.MissingBaseDNError as e: print("{}: {}.".format(sys.argv[0], e), file=sys.stderr) sys.exit(1) if filter_text is not None: filt = ldapfilter.parseFilter(filter_text) else: filt = None forwardTmp = "%s.%d.tmp" % (forward, os.getpid()) forwardFile = open(forwardTmp, "w") print("$ORIGIN\t%s." % domain, file=forwardFile) print(file=forwardFile) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connectAnonymously(baseDN, overrides=cfg.getServiceLocationOverrides()) d.addCallback(cbConnected, cfg, domain, forwardFile, reverse, filt) d.addCallbacks( callback=filesOk, callbackArgs=(forward, forwardTmp, forwardFile, reverse), errback=filesAbort, errbackArgs=(forward, forwardTmp, forwardFile, reverse), ) d.addErrback(error) d.addBoth(lambda x: reactor.stop()) reactor.run() sys.exit(exitStatus)
class LDAPBindingChecker: """ The avatarID returned is an LDAPEntry. """ implements(checkers.ICredentialsChecker) credentialInterfaces = (credentials.IUsernamePassword, ) def __init__(self, cfg): self.config = cfg def _valid(self, result, entry): matchedDN, serverSaslCreds = result return entry def _found(self, results, credentials): if not results: return failure.Failure(error.UnauthorizedLogin('TODO 1')) assert len(results) == 1 entry = results[0] d = entry.client.bind(str(entry.dn), credentials.password) d.addCallback(self._valid, entry) return d def _connected(self, client, filt, credentials): base = ldapsyntax.LDAPEntry(client, self.config.getIdentityBaseDN()) d = base.search( filterObject=filt, sizeLimit=1, attributes=[''], # TODO no attributes ) d.addCallback(self._found, credentials) return d def requestAvatarId(self, credentials): try: baseDN = self.config.getIdentityBaseDN() except config.MissingBaseDNError, e: return failure.Failure( error.UnauthorizedLogin( "Disabled due configuration error: %s." % e)) if not credentials.username: return failure.Failure( error.UnauthorizedLogin("I don't support anonymous")) filtText = self.config.getIdentitySearch(credentials.username) try: filt = ldapfilter.parseFilter(filtText) except ldapfilter.InvalidLDAPFilter: return failure.Failure( error.UnauthorizedLogin("Couldn't create filter")) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connect(baseDN, self.config.getServiceLocationOverrides()) d.addCallback(self._connected, filt, credentials) def _err(reason): reason.trap( ldaperrors.LDAPInvalidCredentials, # this happens with slapd 2.1.30 when binding # with DN but no password ldaperrors.LDAPUnwillingToPerform) return failure.Failure(error.UnauthorizedLogin()) d.addErrback(_err) return d