func (l *LdifBackend) Bind(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetBindRequest()
res := ldap.NewBindResponse(ldap.LDAPResultInvalidCredentials)
l.Log.Debug("Bind", log.Ctx{"authchoice": r.AuthenticationChoice(), "user": r.Name()})
if r.AuthenticationChoice() == "simple" {
//search for userdn
for _, ldif := range l.ldifs {
if ldif.dn == string(r.Name()) {
//Check password
for _, attr := range ldif.attr {
if attr.name == "userPassword" {
if string(attr.content) == string(r.AuthenticationSimple()) {
res.SetResultCode(ldap.LDAPResultSuccess)
w.Write(res)
return
}
l.Log.Debug("userPassword doesn't match", log.Ctx{"pass": r.Authentication(), "userPassword": attr.content})
break
}
}
l.Log.Debug("no userPassword found!")
break
}
}
l.Log.Info("Bind failed", log.Ctx{"user": r.Name(), "pass": r.Authentication()})
res.SetResultCode(ldap.LDAPResultInvalidCredentials)
res.SetDiagnosticMessage("invalid credentials")
} else {
res.SetResultCode(ldap.LDAPResultUnwillingToPerform)
res.SetDiagnosticMessage("Authentication choice not supported")
}
w.Write(res)
}
func (l *LdifBackend) Modify(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetModifyRequest()
l.Log.Debug("Modify entry", log.Ctx{"entry": r.Object()})
for _, change := range r.Changes() {
modification := change.Modification()
var operationString string
switch change.Operation() {
case ldap.ModifyRequestChangeOperationAdd:
operationString = "Add"
case ldap.ModifyRequestChangeOperationDelete:
operationString = "Delete"
case ldap.ModifyRequestChangeOperationReplace:
operationString = "Replace"
}
l.Log.Debug("attribute change", log.Ctx{"operation": operationString, "type": modification.Type_()})
for _, attributeValue := range modification.Vals() {
l.Log.Debug("value", log.Ctx{"value": attributeValue})
}
}
res := ldap.NewModifyResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
// The resultCode is set to compareTrue, compareFalse, or an appropriate
// error. compareTrue indicates that the assertion value in the ava
// Comparerequest field matches a value of the attribute or subtype according to the
// attribute's EQUALITY matching rule. compareFalse indicates that the
// assertion value in the ava field and the values of the attribute or
// subtype did not match. Other result codes indicate either that the
// result of the comparison was Undefined, or that
// some error occurred.
func (l *LdifBackend) Compare(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetCompareRequest()
l.Log.Debug("Comparing entry", log.Ctx{"entry": r.Entry(), "name": r.Ava().AttributeDesc(), "value": r.Ava().AssertionValue()})
//attributes values
res := ldap.NewCompareResponse(ldap.LDAPResultCompareTrue)
w.Write(res)
}
func (d *DefaultsBackend) searchMyCompany(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetSearchRequest()
d.Log.Debug("SearchMyCompany", log.Ctx{"basedn": r.BaseObject(), "filter": r.Filter(), "filterString": r.FilterString(), "attributes": r.Attributes(), "timeLimit": r.TimeLimit().Int()})
e := ldap.NewSearchResultEntry(string(r.BaseObject()))
e.AddAttribute("objectClass", "top", "organizationalUnit")
w.Write(e)
res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (l *LdifBackend) NotFound(w ldap.ResponseWriter, r *ldap.Message) {
switch r.ProtocolOpType() {
case ldap.ApplicationBindRequest:
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
res.SetDiagnosticMessage("Default binding behavior set to return Success")
w.Write(res)
default:
res := ldap.NewResponse(ldap.LDAPResultUnwillingToPerform)
res.SetDiagnosticMessage("Operation not implemented by server")
w.Write(res)
}
}
func (d *DefaultsBackend) startTLS(w ldap.ResponseWriter, m *ldap.Message) {
tlsconfig, _ := d.getTLSconfig()
tlsConn := tls.Server(m.Client.GetConn(), tlsconfig)
res := ldap.NewExtendedResponse(ldap.LDAPResultSuccess)
res.SetResponseName(ldap.NoticeOfStartTLS)
w.Write(res)
if err := tlsConn.Handshake(); err != nil {
d.Log.Error("StartTLS Handshake error", log.Ctx{"error": err})
res.SetDiagnosticMessage(fmt.Sprintf("StartTLS Handshake error : \"%s\"", err.Error()))
res.SetResultCode(ldap.LDAPResultOperationsError)
w.Write(res)
return
}
m.Client.SetConn(tlsConn)
d.Log.Debug("StartTLS OK")
}
func (l *LdifBackend) Search(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetSearchRequest()
// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
select {
case <-m.Done:
l.Log.Debug("Leaving Search... stop signal")
return
default:
}
l.Log.Debug("Search", log.Ctx{"basedn": r.BaseObject(), "filter": r.Filter(), "filterString": r.FilterString(), "attributes": r.Attributes(), "timeLimit": r.TimeLimit().Int()})
var entries []message.SearchResultEntry
for _, ldif := range l.ldifs {
if strings.ToLower(ldif.dn) == strings.ToLower(string(r.BaseObject())) {
if m, result := matchesFilter(r.Filter(), ldif); m != true {
if result != ldap.LDAPResultSuccess {
res := ldap.NewSearchResultDoneResponse(result)
w.Write(res)
//return make([]message.SearchResultEntry, 0), result
return
}
continue
}
entry := l.formatEntry(&ldif, r.Attributes())
entries = append(entries, entry)
continue
}
if strings.HasSuffix(strings.ToLower(ldif.dn), strings.ToLower(string(r.BaseObject()))) {
if m, result := matchesFilter(r.Filter(), ldif); m != true {
if result != ldap.LDAPResultSuccess {
res := ldap.NewSearchResultDoneResponse(result)
w.Write(res)
//return make([]message.SearchResultEntry, 0), result
return
}
continue
}
entry := l.formatEntry(&ldif, r.Attributes())
entries = append(entries, entry)
continue
}
}
for i := 0; i < len(entries); i++ {
w.Write(entries[i])
}
res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (l *LdifBackend) Add(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetAddRequest()
// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
select {
case <-m.Done:
l.Log.Debug("Leaving Add... stop signal")
return
default:
}
l.Log.Debug("Adding entry", log.Ctx{"entry": r.Entry()})
entry := ldif{dn: string(r.Entry())}
for _, attribute := range r.Attributes() {
for _, attributeValue := range attribute.Vals() {
if isValueBinary([]byte(attributeValue)) {
value := base64.StdEncoding.EncodeToString([]byte(attributeValue))
entry.attr = append(entry.attr, attr{name: string(attribute.Type_()), content: []byte(value), atype: ATTR_TYPE_BINARY})
l.Log.Debug("attribute", log.Ctx{"type": attribute.Type_(), "value": string(value), "atype": "binary"})
} else {
entry.attr = append(entry.attr, attr{name: string(attribute.Type_()), content: []byte(attributeValue), atype: ATTR_TYPE_TEXT})
l.Log.Debug("attribute", log.Ctx{"type": attribute.Type_(), "value": string(attributeValue), "atype": "string"})
}
}
}
if ok, err := l.saveEntry(entry); ok {
l.ldifs = append(l.ldifs, entry)
res := ldap.NewAddResponse(ldap.LDAPResultSuccess)
w.Write(res)
return
} else {
l.Log.Debug("Add entry error", log.Ctx{"error": err})
}
res := ldap.NewAddResponse(ldap.LDAPResultOperationsError)
w.Write(res)
}
func (d *DefaultsBackend) searchDSE(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetSearchRequest()
d.Log.Debug("SearchDSE", log.Ctx{"basedn": r.BaseObject(), "filter": r.Filter(), "filterString": r.FilterString(), "attributes": r.Attributes(), "timeLimit": r.TimeLimit().Int()})
e := ldap.NewSearchResultEntry("")
e.AddAttribute("vendorName", "Jeroen Simonetti")
e.AddAttribute("vendorVersion", "0.0.1")
e.AddAttribute("objectClass", "top", "extensibleObject")
e.AddAttribute("supportedLDAPVersion", "3")
e.AddAttribute("namingContexts", "o=Pronoc, c=Net")
e.AddAttribute("supportedExtension", "1.3.6.1.4.1.1466.20037")
// e.AddAttribute("subschemaSubentry", "cn=schema")
// e.AddAttribute("namingContexts", "ou=system", "ou=schema", "dc=example,dc=com", "ou=config")
// e.AddAttribute("supportedFeatures", "1.3.6.1.4.1.4203.1.5.1")
// e.AddAttribute("supportedControl", "2.16.840.1.113730.3.4.3", "1.3.6.1.4.1.4203.1.10.1", "2.16.840.1.113730.3.4.2", "1.3.6.1.4.1.4203.1.9.1.4", "1.3.6.1.4.1.42.2.27.8.5.1", "1.3.6.1.4.1.4203.1.9.1.1", "1.3.6.1.4.1.4203.1.9.1.3", "1.3.6.1.4.1.4203.1.9.1.2", "1.3.6.1.4.1.18060.0.0.1", "2.16.840.1.113730.3.4.7", "1.2.840.113556.1.4.319")
// e.AddAttribute("supportedExtension", "1.3.6.1.4.1.1466.20036", "1.3.6.1.4.1.4203.1.11.1", "1.3.6.1.4.1.18060.0.1.5", "1.3.6.1.4.1.18060.0.1.3", "1.3.6.1.4.1.1466.20037")
// e.AddAttribute("supportedSASLMechanisms", "NTLM", "GSSAPI", "GSS-SPNEGO", "CRAM-MD5", "SIMPLE", "DIGEST-MD5")
// e.AddAttribute("entryUUID", "f290425c-8272-4e62-8a67-92b06f38dbf5")
w.Write(e)
res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) Search(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetSearchRequest()
dump(r)
res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) Delete(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetDeleteRequest()
dump(r)
res := ldap.NewDeleteResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) Extended(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetExtendedRequest()
dump(r)
res := ldap.NewExtendedResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (l *LdifBackend) ModifyDN(w ldap.ResponseWriter, m *ldap.Message) {
//r := m.GetModifyDNRequest()
l.Log.Debug("ModifyDN entry")
res := ldap.NewModifyResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) ModifyDN(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetModifyDNRequest()
dump(r)
res := ldap.NewModifyResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) Bind(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetBindRequest()
dump(r)
res := ldap.NewBindResponse(ldap.LDAPResultUnwillingToPerform)
w.Write(res)
}
func (l *LdifBackend) Extended(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetExtendedRequest()
l.Log.Debug("Extended request received", log.Ctx{"name": r.RequestName(), "value": r.RequestValue()})
res := ldap.NewExtendedResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
func (d *DebugBackend) Compare(w ldap.ResponseWriter, m *ldap.Message) {
dump(m)
res := ldap.NewCompareResponse(ldap.LDAPResultCompareTrue)
w.Write(res)
}
func (d *DebugBackend) Add(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetAddRequest()
dump(r)
res := ldap.NewAddResponse(ldap.LDAPResultOperationsError)
w.Write(res)
}
func (l *LdifBackend) Delete(w ldap.ResponseWriter, m *ldap.Message) {
r := m.GetDeleteRequest()
l.Log.Debug("Deleting entry", log.Ctx{"entry": r})
res := ldap.NewDeleteResponse(ldap.LDAPResultSuccess)
w.Write(res)
}
