1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
require 'custodian/protocoltest/tcp'
require 'ldap'
#
# The LDAP-protocol test.
#
# This object is instantiated if the parser sees a line such as:
#
###
### foo.vm.bytemark.co.uk must run ldap with username 'user' and password 'xx' otherwise 'auth-server fail'.
###
#
# The specification of the port is optional and defaults to 389.
#
module Custodian
module ProtocolTest
class LDAPTest < TestFactory
#
# Constructor
#
def initialize( line )
#
# Save the line.
#
@line = line
#
# Save the host
#
@host = line.split( /\s+/)[0]
#
# The username/password
#
@ldap_user = nil
@ldap_pass = nil
if ( line =~ /with\s+username\s+'([^']+)'/ )
@ldap_user = $1.dup
end
if ( line =~ /with\s+password\s+'([^']+)'/ )
@ldap_pass = $1.dup
end
if ( @ldap_user.nil? )
raise ArgumentError, "No username specified: #{@line}"
end
if ( @ldap_pass.nil? )
raise ArgumentError, "No password specified: #{@line}"
end
#
# Is this test inverted?
#
if ( line =~ /must\s+not\s+run\s+/ )
@inverted = true
else
@inverted = false
end
#
# Save the port
#
if ( line =~ /on\s+([0-9]+)/ )
@port = $1.dup.to_i
else
@port = 389
end
end
#
# Allow this test to be serialized.
#
def to_s
@line
end
#
# Run the test.
#
def run_test
# reset the error, in case we were previously executed.
@error = nil
begin
# Connect.
ldap = LDAP::Conn.new( @host, @port )
ldap.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
# Hardwired search is bad..
base = 'ou=groups,dc=bytemark,dc=co,dc=uk'
scope = LDAP::LDAP_SCOPE_SUBTREE
filter = '(cn=vpn*)'
attrs = ['sn', 'cn']
# Bind.
ldap.bind( @ldap_user, @ldap_pass )
if ( ldap.bound? )
#
# Search
#
ldap.search(base,scope,filter,attrs) { |entry|
puts "We found an LDAP result #{entry.vals('cn')}"
}
ldap.unbind
return true
else
@error = "failed to bind to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
return false.
end
end
rescue LDAP::ResultError => ex
@error = "LDAP exception: #{ex} when talking to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
return false
end
@error = "LDAP server test failed against '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
return false
end
#
# If the test fails then report the error.
#
def error
@error
end
register_test_type "ldap"
end
end
end
|