From 296f2af66ff144ef456b9205e2a9cdcc7e6cf8dc Mon Sep 17 00:00:00 2001 From: Steve Kemp Date: Wed, 13 Feb 2013 10:35:17 +0000 Subject: LDAP probe complete. --- cfg/sample.cfg | 2 +- lib/custodian/protocoltest/ldap.rb | 41 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/cfg/sample.cfg b/cfg/sample.cfg index a455f6b..d407b17 100644 --- a/cfg/sample.cfg +++ b/cfg/sample.cfg @@ -1,3 +1,3 @@ -http://secure.servoshop.co.uk/ must run http with status 404 otherwise "Failure - this site is https only #524771'. +auth.bytemark.co.uk must run ldap on 389 with username 'uid=apache,ou=systems,dc=bytemark,dc=co,dc=uk' with password 'binding' otherwise 'LDAP failure'. diff --git a/lib/custodian/protocoltest/ldap.rb b/lib/custodian/protocoltest/ldap.rb index 8ec42b6..49b9b41 100644 --- a/lib/custodian/protocoltest/ldap.rb +++ b/lib/custodian/protocoltest/ldap.rb @@ -1,5 +1,6 @@ require 'custodian/protocoltest/tcp' +require 'ldap' # # The LDAP-protocol test. @@ -67,7 +68,7 @@ module Custodian # Save the port # if ( line =~ /on\s+([0-9]+)/ ) - @port = $1.dup + @port = $1.dup.to_i else @port = 389 end @@ -94,7 +95,43 @@ module Custodian # reset the error, in case we were previously executed. @error = nil - run_test_internal( @host, @port, nil, false ) + begin + # + # Connect. + # + ldap = LDAP::Conn.new( @host, @port ) + ldap.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3) + + # + # Hardwired search is bad.. + # + base = 'ou=groups,dc=bytemark,dc=co,dc=uk' + scope = LDAP::LDAP_SCOPE_SUBTREE + filter = '(cn=vpn*)' + attrs = ['sn', 'cn'] + + # + # Bind. + # + ldap.bind( @ldap_user, @ldap_pass ) + if ( ldap.bound? ) + + # + # Search + # + ldap.search(base,scope,filter,attrs) { |entry| + puts entry.vals('cn') + } + ldap.unbind + return true + else + @error "failed to bind to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'" + return false. + end + rescue LDAP::ResultError => ex + @error = "LDAP exception: #{ex} when talkign to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'" + return false + end end -- cgit v1.2.1