test_ldap = { version = "1.1" # 2013-03-27 - GMF - 1.0.1 - Fixed bug where admin password was used for login password # 2013-05-23 - GMF - 1.0.2 - Fixed bug where ldap_username_label was ignored # 2014-05-22 - GMF - 1.1 - Switched to attr=*, and added support for distinguishedName as a subnode (as returned by the latest C code with LDAPv3). label = "Test LDAP" shortcut = "tl" parameters = { ldap_server_hostname = { shortcut = "lsh" # required = true default = "not_specified" } ldap_base = { shortcut = "lb" # required = true default = "not_specified" } ldap_username_label = { shortcut = "lul" # required = true default = "not_specified" } use_ssl_for_ldap = { shortcut = "usfl" # required = true default = "not_specified" } login_uname = { shortcut = "lu" required = true } login_password = { shortcut = "lp" required = true } admin_dn = { shortcut = "ad" # required = true default = "not_specified" } admin_password = { shortcut = "ap" # required = true default = "not_specified" } } expression = ` echo("login_username: " . login_uname); if (ldap_server_hostname eq "not_specified") then ldap_server_hostname = preferences.security.ldap_server_hostname; if (ldap_server_hostname eq "") then echo("You must either configure LDAP in Preferences, or specify ldap_server_hostname with -lsh"); if (ldap_base eq "not_specified") then ldap_base = preferences.security.ldap_base; if (ldap_base eq "") then echo("You must either configure LDAP in Preferences, or specify ldap_base with -lb"); if (ldap_username_label eq "not_specified") then ldap_username_label = preferences.security.ldap_username_label; if (ldap_username_label eq "") then echo("You must either configure LDAP in Preferences, or specify ldap_username_label with -lul"); if (use_ssl_for_ldap eq "not_specified") then use_ssl_for_ldap = preferences.security.use_ssl_for_ldap; if (use_ssl_for_ldap eq "") then echo("You must either configure LDAP in Preferences, or specify use_ssl_for_ldap with -usfl"); #if (login_uname eq "not_specified") then # login_uname = preferences.security.login_uname; #if (login_uname eq "") then # echo("You must either configure LDAP in Preferences, or specify login_uname with -lu"); # #if (login_password eq "not_specified") then # login_password = preferences.security.login_password; #if (login_password eq "") then # echo("You must either configure LDAP in Preferences, or specify login_password with -lp"); if (admin_dn eq "not_specified") then admin_dn = preferences.security.ldap_administrator_dn; if (admin_dn eq "") then echo("You must either configure LDAP in Preferences, or specify admin_dn with -ad"); if (admin_password eq "not_specified") then admin_password = format(preferences.security.ldap_administrator_password, "!decrypt"); if (admin_password eq "") then echo("You must either configure LDAP in Preferences, or specify admin_password with -ap"); echo("ldap_server_hostname: " . ldap_server_hostname); echo("ldap_base: " . ldap_base); echo("ldap_username_label: " . ldap_username_label); echo("use_ssl_for_ldap: " . use_ssl_for_ldap); echo("login_uname: " . login_uname); echo("login_password: " . login_password); echo("admin_dn: " . admin_dn); echo("admin_password: " . admin_password); # Build the LDAP connection URL string url = if (use_ssl_for_ldap) then "ldaps" else "ldap"; url .= "://" . ldap_server_hostname . "/"; echo("url: " . url); # Initialize LDAP string ld = ldap_initialize(url); echo("result of ldap_initialize: " . ld); # Bind to LDAP as administrator node info = new_node(); @info{"dn"} = admin_dn; echo("binding to DN: " . @info{"dn"}); @info{"password"} = admin_password; echo("Calling ldap_bind() with info: " . node_as_string(info)); bool success = ldap_bind(ld, info); echo("BOUND: success=" . success); if (!success) then ( echo("ldap_bind() failed"); echo("ldap_error_return_code=" . volatile.ldap_error_return_code); echo("ldap_errno=" . volatile.ldap_errno); echo("ldap_error_message=" . volatile.ldap_error_message); echo("ldap_error_message_ret=" . volatile.ldap_error_message_ret); ); else ( # Find the login user in the directory; get the "distinguishedName" attribute node searchinfo = new_node(); @searchinfo{"base"} = ldap_base; @searchinfo{"scope"} = "subtree"; @searchinfo{"filter"} = "(" . ldap_username_label . "=" . login_uname . ")"; # @searchinfo{"filter"} = "(cn=Jane Doe)"; # @searchinfo{"filter"} = "(gidNumber=501)"; # @searchinfo{"filter"} = "(uid=jdoe)"; # @searchinfo{"filter"} = "objectClass=*"; echo("searchinfo: " . node_as_string(searchinfo)); node attrs = new_node(); # @attrs{0} = "distinguishedName"; @attrs{0} = "*"; node searchResult = ldap_search(ld, searchinfo, attrs); echo("searchResult: " . node_as_string(searchResult)); if (num_subnodes(searchResult) == 0) then error("Search returns no results"); # Get the login user's DN string login_user_dn = @searchResult{0}{'distinguishedName'}; # string login_user_dn = @searchResult{0}{'dn'}; echo("login_user_dn: " . login_user_dn); # Bind to them, to check their password @info{"dn"} = login_user_dn; echo("binding to login user DN: " . @info{"dn"}); @info{"password"} = login_password; echo("Calling ldap_bind() with info: " . node_as_string(info)); bool success = ldap_bind(ld, info); echo("USER BIND: success=" . success); if (!success) then ( echo("ldap_bind() failed"); echo("ldap_error_return_code=" . volatile.ldap_error_return_code); echo("ldap_errno=" . volatile.ldap_errno); echo("ldap_error_message=" . volatile.ldap_error_message); echo("ldap_error_message_ret=" . volatile.ldap_error_message_ret); ); ); # if success # # Run a search to find who reports to this user [FAKING IT RIGHT NOW WITH displayName] # node searchinfo = new_node(); # @searchinfo{"base"} = ldap_base; # @searchinfo{"scope"} = "subtree"; # @searchinfo{"filter"} = "(sAMAccountName=dgilmore)"; # echo("searchinfo: " . node_as_string(searchinfo)); # node searchResult = ldap_search(ld, searchinfo); # echo("reportsTo search result: " . node_as_string(searchResult)); ` } # test_ldap