def setUp(self):
schema = SchemaInfo.from_json(edir_8_8_8_schema)
info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
self.connection = Connection(server,
user='******',
password='******',
client_strategy=MOCK_SYNC)
def test_parse_search_filter_bad_object_class_type_check_true(self):
self.assertRaises(LDAPObjectClassError,
parse_filter,
'(objectClass=bad)',
SchemaInfo.from_json(edir_8_8_8_schema),
test_auto_escape,
test_auto_encode,
check_names=True)
def test_parse_search_filter_bad_attribute_type_check_true(self):
self.assertRaises(LDAPAttributeError,
parse_filter,
'(bad=admin)',
SchemaInfo.from_json(edir_8_8_8_schema),
test_auto_escape,
test_auto_encode,
check_names=True)
def test_parse_search_filter_bad_object_class_type_check_false(self):
f = parse_filter('(objectClass=bad)',
SchemaInfo.from_json(edir_8_8_8_schema),
test_auto_escape,
test_auto_encode,
check_names=False)
self.assertEqual(f.elements[0].tag, MATCH_EQUAL)
self.assertEqual(f.elements[0].assertion['attr'], 'objectClass')
self.assertEqual(f.elements[0].assertion['value'], b'bad')
def test_parse_search_filter_bad_attribute_type_check_false(self):
f = parse_filter('(bad=admin)',
SchemaInfo.from_json(edir_8_8_8_schema),
test_auto_escape,
test_auto_encode,
check_names=False)
self.assertEqual(f.elements[0].tag, MATCH_EQUAL)
self.assertEqual(f.elements[0].assertion['attr'], 'bad')
self.assertEqual(f.elements[0].assertion['value'], b'admin')
def get_connection(bind=None,
use_ssl=None,
check_names=None,
lazy_connection=None,
authentication=None,
sasl_mechanism=None,
sasl_credentials=None,
ntlm_credentials=(None, None),
get_info=None,
usage=None,
fast_decoder=None,
simple_credentials=(None, None),
receive_timeout=None):
if bind is None:
bind = True
if check_names is None:
check_names = test_check_names
if lazy_connection is None:
lazy_connection = test_lazy_connection
if authentication is None:
authentication = test_authentication
if get_info is None:
get_info = test_get_info
if usage is None:
usage = test_usage
if fast_decoder is None:
fast_decoder = test_fast_decoder
if receive_timeout is None:
receive_timeout = test_receive_timeout
if test_server_type == 'AD' and use_ssl is None:
use_ssl = True # Active directory forbids Add operations in cleartext
if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]:
# define real server
if isinstance(test_server, (list, tuple)):
server = ServerPool(pool_strategy=test_pooling_strategy,
active=test_pooling_active,
exhaust=test_pooling_exhaust)
for host in test_server:
server.add(Server(host=host,
use_ssl=use_ssl,
port=test_port_ssl if use_ssl else test_port,
allowed_referral_hosts=('*', True),
get_info=get_info,
mode=test_server_mode))
else:
server = Server(host=test_server,
use_ssl=use_ssl,
port=test_port_ssl if use_ssl else test_port,
allowed_referral_hosts=('*', True),
get_info=get_info,
mode=test_server_mode)
else:
if test_server_type == 'EDIR':
schema = SchemaInfo.from_json(edir_8_8_8_schema)
info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
elif test_server_type == 'AD':
schema = SchemaInfo.from_json(ad_2012_r2_schema)
info = DsaInfo.from_json(ad_2012_r2_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
elif test_server_type == 'SLAPD':
schema = SchemaInfo.from_json(slapd_2_4_schema)
info = DsaInfo.from_json(slapd_2_4_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
if authentication == SASL:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
authentication=SASL,
sasl_mechanism=sasl_mechanism,
sasl_credentials=sasl_credentials,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
elif authentication == NTLM:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=ntlm_credentials[0],
password=ntlm_credentials[1],
authentication=NTLM,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
elif authentication == ANONYMOUS:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=None,
password=None,
authentication=ANONYMOUS,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
else:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=simple_credentials[0] or test_user,
password=simple_credentials[1] or test_password,
authentication=authentication,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
if test_strategy in [MOCK_SYNC, MOCK_ASYNC]:
# create authentication identities for testing mock strategies
connection.strategy.add_entry(test_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_password})
connection.strategy.add_entry(test_secondary_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_secondary_password})
connection.strategy.add_entry(test_sasl_user_dn, {'objectClass': 'inetOrgPerson', 'userPassword': test_sasl_password})
connection.strategy.add_entry(test_sasl_secondary_user_dn, {'objectClass': 'inetOrgPerson', 'userPassword': test_sasl_secondary_password})
# connection.strategy.add_entry(test_ntlm_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_ntlm_password})
if bind:
connection.bind()
return connection
import sys
from ldap3.operation.search import parse_filter, compile_filter
from ldap3.protocol.schemas.ad2012R2 import ad_2012_r2_schema, ad_2012_r2_dsa_info
from ldap3.protocol.rfc4512 import SchemaInfo
from pyasn1.codec.der import decoder, encoder
from msldap.protocol.query import query_syntax_converter
from msldap.protocol.messages import LDAPMessage, Filter
# https://ldap3.readthedocs.io/bind.html
if __name__ == '__main__':
qry = r'(&(servicePrincipalName=*)(!(sAMAccountName=*$)))'
schema = SchemaInfo.from_json(ad_2012_r2_schema)
auto_escape = True
auto_encode = True
validator = None
check_names = False
res = parse_filter(qry, schema, auto_escape, auto_encode, validator,
check_names)
print(repr(res))
res = compile_filter(res.elements[0])
print(repr(res))
print(encoder.encode(res).hex())
msg = Filter.load(encoder.encode(res))
print(msg.native)
def test_parse_search_filter_bad_object_class_type_check_false(self):
f = parse_filter('(objectClass=bad)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, test_validator, check_names=False)
self.assertEqual(f.elements[0].tag, MATCH_EQUAL)
self.assertEqual(f.elements[0].assertion['attr'], 'objectClass')
self.assertEqual(f.elements[0].assertion['value'], b'bad')
def test_parse_search_filter_bad_object_class_type_check_true(self):
self.assertRaises(LDAPObjectClassError, parse_filter, '(objectClass=bad)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, test_validator, check_names=True)
def test_parse_search_filter_bad_attribute_type_check_true(self):
self.assertRaises(LDAPAttributeError, parse_filter, '(bad=admin)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, test_validator, check_names=True)
def setUp(self):
schema = SchemaInfo.from_json(edir_8_8_8_schema)
info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
self.connection = Connection(server, user='******', password='******', client_strategy=MOCK_SYNC)
def get_connection(bind=None,
use_ssl=None,
check_names=None,
lazy_connection=None,
authentication=None,
sasl_mechanism=None,
sasl_credentials=None,
ntlm_credentials=(None, None),
get_info=None,
usage=None,
fast_decoder=None,
simple_credentials=(None, None),
receive_timeout=None):
if bind is None:
bind = True
if check_names is None:
check_names = test_check_names
if lazy_connection is None:
lazy_connection = test_lazy_connection
if authentication is None:
authentication = test_authentication
if get_info is None:
get_info = test_get_info
if usage is None:
usage = test_usage
if fast_decoder is None:
fast_decoder = test_fast_decoder
if receive_timeout is None:
receive_timeout = test_receive_timeout
if test_server_type == 'AD' and use_ssl is None:
use_ssl = True # Active directory forbids Add operations in cleartext
if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]:
# define real server
if isinstance(test_server, (list, tuple)):
server = ServerPool(pool_strategy=test_pooling_strategy,
active=test_pooling_active,
exhaust=test_pooling_exhaust)
for host in test_server:
server.add(Server(host=host,
use_ssl=use_ssl,
port=test_port_ssl if use_ssl else test_port,
allowed_referral_hosts=('*', True),
get_info=get_info,
mode=test_server_mode))
else:
server = Server(host=test_server,
use_ssl=use_ssl,
port=test_port_ssl if use_ssl else test_port,
allowed_referral_hosts=('*', True),
get_info=get_info,
mode=test_server_mode)
else:
if test_server_type == 'EDIR':
schema = SchemaInfo.from_json(edir_8_8_8_schema)
info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
elif test_server_type == 'AD':
schema = SchemaInfo.from_json(ad_2012_r2_schema)
info = DsaInfo.from_json(ad_2012_r2_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
elif test_server_type == 'SLAPD':
schema = SchemaInfo.from_json(slapd_2_4_schema)
info = DsaInfo.from_json(slapd_2_4_dsa_info, schema)
server = Server.from_definition('MockSyncServer', info, schema)
if authentication == SASL:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
authentication=SASL,
sasl_mechanism=sasl_mechanism,
sasl_credentials=sasl_credentials,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
elif authentication == NTLM:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=ntlm_credentials[0],
password=ntlm_credentials[1],
authentication=NTLM,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
elif authentication == ANONYMOUS:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=None,
password=None,
authentication=ANONYMOUS,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
else:
connection = Connection(server,
auto_bind=bind,
version=3,
client_strategy=test_strategy,
user=simple_credentials[0] or test_user,
password=simple_credentials[1] or test_password,
authentication=authentication,
lazy=lazy_connection,
pool_name='pool1',
check_names=check_names,
collect_usage=usage,
fast_decoder=fast_decoder,
receive_timeout=receive_timeout)
if test_strategy in [MOCK_SYNC, MOCK_ASYNC]:
# create authentication identities for testing mock strategies
connection.strategy.add_entry(test_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_password})
connection.strategy.add_entry(test_secondary_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_secondary_password})
connection.strategy.add_entry(test_sasl_user_dn, {'objectClass': 'inetOrgPerson', 'userPassword': test_sasl_password})
connection.strategy.add_entry(test_sasl_secondary_user_dn, {'objectClass': 'inetOrgPerson', 'userPassword': test_sasl_secondary_password})
# connection.strategy.add_entry(test_ntlm_user, {'objectClass': 'inetOrgPerson', 'userPassword': test_ntlm_password})
if bind:
connection.bind()
return connection