'start_tls': 'startTLS', 'trace_level': 'trace', } ldap_url = MyLDAPUrl(sys.argv[1]) trace_level = int(ldap_url.trace_level or '0') print('***trace_level', trace_level) ldap.trace_level = trace_level l = LDAPObject( ldap_url.initializeUrl(), trace_level=trace_level, ) l.protocol_version = 3 l.set_option(ldap.OPT_REFERRALS, 0) l.simple_bind_s((ldap_url.who or ''), (ldap_url.cred or '')) result = l.search_s(ldap_url.dn, ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*']) pprint.pprint(result) print('***DIAGNOSTIC_MESSAGE', repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE))) l.unbind_s()
from ldap.ldapobject import LDAPObject from ldapurl import LDAPUrl try: ldap_url = LDAPUrl(sys.argv[1]) num_tests = int(sys.argv[2]) except IndexError: print 'Usage: pref_test.py <LDAP URL> <number of tests>' sys.exit(1) iter = num_tests start_time = time.time() l = LDAPObject(ldap_url.initializeUrl(), trace_level=0) l.protocol_version = 3 l.simple_bind_s(ldap_url.who or '', ldap_url.cred or '') while iter: l.search_s(ldap_url.dn, ldap_url.scope or ldap.SCOPE_BASE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*']) iter -= 1 end_time = time.time() l.unbind_s() del l print 'Reusing connection:', end_time - start_time
try: ldap_url = LDAPUrl(sys.argv[1]) num_tests = int(sys.argv[2]) except IndexError: print 'Usage: pref_test.py <LDAP URL> <number of tests>' sys.exit(1) iter = num_tests start_time = time.time() l = LDAPObject(ldap_url.initializeUrl(),trace_level=0) l.protocol_version = 3 l.simple_bind_s(ldap_url.who or '',ldap_url.cred or '') while iter: l.search_s( ldap_url.dn, ldap_url.scope or ldap.SCOPE_BASE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'] ) iter -= 1 end_time = time.time() l.unbind_s() del l print 'Reusing connection:',end_time-start_time
def main(): uri = os.environ["URI1"] managerdn = os.environ['MANAGERDN'] passwd = os.environ['PASSWD'] babsdn = os.environ['BABSDN'] babspw = b"bjensen" bjornsdn = os.environ['BJORNSDN'] bjornspw = b"bjorn" connection = LDAPObject(uri) start = time.time() connection.bind_s(managerdn, passwd) end = time.time() if end - start > 1: print( "It takes more than a second to connect and bind, " "skipping potentially unstable test", file=sys.stderr) raise SystemExit(0) dn, token_entry = get_token_for(connection, babsdn) paramsdn = token_entry['oathTOTPParams'][0].decode() result = connection.search_s(paramsdn, ldap.SCOPE_BASE) _, attrs = result[0] params = CIDict(attrs) secret = token_entry['oathSecret'][0] period = int(params['oathTOTPTimeStepPeriod'][0].decode()) bind_conn = LDAPObject(uri) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no - 3) print("Testing old tokens are not useable") bind_conn.bind_s(babsdn, babspw + token) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with an old token should have failed") interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) print("Testing token can only be used once") bind_conn.bind_s(babsdn, babspw + token) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") token = get_hotp_token(secret, interval_no + 1) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded") dn, token_entry = get_token_for(connection, babsdn) last = int(token_entry['oathTOTPLastTimeStep'][0].decode()) if last != interval_no + 1: SystemExit("Unexpected counter value %d (expected %d)" % (last, interval_no + 1)) print("Resetting counter and testing secret sharing between accounts") connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])]) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) try: bind_conn.bind_s(bjornsdn, bjornspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded") try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") print("Testing token is retired even with a wrong password") connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])]) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) try: bind_conn.bind_s(babsdn, b"not the password" + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with an incorrect password should have failed") try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") token = get_hotp_token(secret, interval_no + 1) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded")
ldap_url = MyLDAPUrl(sys.argv[1]) trace_level = int(ldap_url.trace_level or '0') print('***trace_level',trace_level) ldap.trace_level = trace_level l = LDAPObject( ldap_url.initializeUrl(), trace_level=trace_level, ) l.protocol_version = 3 l.set_option(ldap.OPT_REFERRALS,0) l.simple_bind_s((ldap_url.who or ''),(ldap_url.cred or '')) result = l.search_s( ldap_url.dn, ldap_url.scope or ldap.SCOPE_SUBTREE, ldap_url.filterstr or '(objectClass=*)', ldap_url.attrs or ['*'] ) pprint.pprint(result) print('***DIAGNOSTIC_MESSAGE',repr(l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE))) l.unbind_s()
class EditionTests(SlapdTestCase): @classmethod def setUpClass(cls): super().setUpClass() base = cls.server.suffix suffix_dc = base.split(',')[0][3:] # insert some Foo* objects via ldapadd cls.server.ldapadd("\n".join([ 'dn: '+cls.server.suffix, 'objectClass: dcObject', 'objectClass: organization', 'dc: '+suffix_dc, 'o: '+suffix_dc, '', 'dn: '+cls.server.root_dn, 'objectClass: applicationProcess', 'cn: '+cls.server.root_cn, '', "dn: cn=Foo1,"+base, "objectClass: organizationalRole", "cn: Foo1", "", "dn: cn=Foo2,"+base, "objectClass: organizationalRole", "cn: Foo2", "", "dn: cn=Foo3,"+base, "objectClass: organizationalRole", "cn: Foo3", "", "dn: ou=Container,"+base, "objectClass: organizationalUnit", "ou: Container", "", "dn: cn=Foo4,ou=Container,"+base, "objectClass: organizationalRole", "cn: Foo4", "", ])+"\n") def setUp(self): self.ldap = LDAPObject(self.server.ldap_uri, bytes_mode=False) self.ldap.protocol_version = 3 self.ldap.set_option(ldap.OPT_REFERRALS, 0) self.ldap.simple_bind_s( self.server.root_dn, self.server.root_pw ) def tearDown(self): self.ldap.unbind() def test_add_object(self): base = self.server.suffix dn = "cn=Added,ou=Container," + base self.ldap.add_ext_s(dn, [ ("objectClass", [b'organizationalRole']), ("cn", [b'Added']), ]) # Lookup the object result = self.ldap.search_s(base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*']) self.assertEqual(result, [ ("cn=Added,ou=Container," + base, {'cn': [b'Added'], 'objectClass': [b'organizationalRole']}), ]) # Delete object self.ldap.delete_s(dn) result = self.ldap.search_s( base, ldap.SCOPE_SUBTREE, '(cn=Added)', ['*'] ) self.assertEqual(result, [])
class Directory(object): """XXX: this could be without base_dn, not supporting iteration """ def __init__(self, uri, base_dn, bind_dn, pw): self.base_dn = base_dn self._ldap = LDAPObject(uri) self._ldap.bind_s(bind_dn, pw) def __contains__(self, dn): try: return dn == self._ldap.search_s(dn, SCOPE_BASE, attrlist=[''])[0][0] except ldap.NO_SUCH_OBJECT: return False def __getitem__(self, dn): try: entry = self._ldap.search_s(dn, SCOPE_BASE)[0] except ldap.NO_SUCH_OBJECT: raise KeyError(dn) node = Node(name=dn, attrs=entry[1], ldap=self._ldap) return node def __setitem__(self, dn, node): addlist = node.attrs.items() try: self._ldap.add_s(dn, addlist) except ldap.ALREADY_EXISTS: del self[dn] self._ldap.add_s(dn, addlist) def __delitem__(self, dn): try: self._ldap.delete_s(dn) except ldap.NO_SUCH_OBJECT: raise KeyError(dn) def __iter__(self): return (x[0][0] for x in self._search(self.base_dn, SCOPE_SUBTREE) if x[0][0] != self.base_dn) def _search(self, base, scope, filterstr='(objectClass=*)', attrlist=None, timeout=-1): """asynchronous ldap search returning a generator """ msgid = self._ldap.search(base, scope, filterstr=filterstr, attrlist=attrlist) rtype = ldap.RES_SEARCH_ENTRY while rtype is ldap.RES_SEARCH_ENTRY: # Fetch results single file, the final result (usually) # has an empty field. <sigh> (rtype, data) = self._ldap.result(msgid=msgid, all=0, timeout=timeout) if rtype is ldap.RES_SEARCH_ENTRY or data: yield data def items(self): return ItemsView(dictionary=self) def keys(self): return KeysView(dictionary=self) def values(self): return ValuesView(dictionary=self) def __len__(self): return sum(1 for node in iter(self)) def clear(self): for dn in self.keys(): del self[dn] def copy(self): return copy.copy(self) def get(self, dn, default=None): try: return self[dn] except KeyError: return default def pop(self, dn, default=None): try: node = self[dn] del self[dn] except KeyError: if default is None: raise KeyError(dn) return default return node def popitem(self): if not self: raise KeyError dn = next(iter(self)) node = self[dn] del self[dn] return (dn, node) def setdefault(self, dn, default=None): try: return self[dn] except KeyError: self[default.name] = default return default def update(self, other): try: items = other.items() except AttributeError: items = other for dn, node in items: self[dn] = node return None iterkeys = __iter__ def itervalues(self): return (Node(name=x[0][0], attrs=x[0][1], ldap=self._ldap) for x in self._search(self.base_dn, ldap.SCOPE_SUBTREE, attrlist=['']) if x[0][0] != self.base_dn) def iteritems(self): return ((node.name, node) for node in ValuesView(self))