You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.7 KiB
90 lines
2.7 KiB
#!/usr/local/bin/ruby -w
|
|
|
|
# This is a modified version of rbslapd1.rb which uses a Router instead of
|
|
# subclassing the LDAP::Server::Operation class.
|
|
|
|
# This is a trivial LDAP server which just stores directory entries in RAM.
|
|
# It does no validation or authentication. This is intended just to
|
|
# demonstrate the API, it's not for real-world use!!
|
|
|
|
$:.unshift('../lib')
|
|
$debug = true
|
|
|
|
require 'ldap/server'
|
|
require 'ldap/server/router'
|
|
|
|
$logger = Logger.new($stderr)
|
|
|
|
class LDAPController
|
|
def self.bind(request, version, dn, password, params)
|
|
$logger.debug 'Catchall bind request'
|
|
raise LDAP::ResultError::UnwillingToPerform, 'Invalid bind DN'
|
|
end
|
|
|
|
def self.bindUser(request, version, dn, password, params)
|
|
if params[:uid].nil? or
|
|
params[:uid] != 'admin' or
|
|
password != 'adminpassword'
|
|
$logger.warn "Denied access for user #{params[:uid]}: Invalid credentials"
|
|
raise LDAP::ResultError::InvalidCredentials, 'Invalid credentials'
|
|
end
|
|
|
|
$logger.info "Authenticated user #{params[:uid]}"
|
|
end
|
|
|
|
def self.search(request, baseObject, scope, deref, filter, params)
|
|
$logger.info "Catchall search request for #{baseObject}"
|
|
raise LDAP::ResultError::UnwillingToPerform, 'Invalid search DN'
|
|
end
|
|
|
|
def self.searchUsers(request, baseObject, scope, deref, filter, params)
|
|
$logger.info 'Search users'
|
|
end
|
|
end
|
|
|
|
router = LDAP::Server::Router.new($logger) do
|
|
# Different syntax but same thing
|
|
bind nil => 'LDAPController#bind'
|
|
route :bind, nil => 'LDAPController#bind'
|
|
|
|
# Bind a route using variables. A hash with the variables will be passed
|
|
# to your function as last argument.
|
|
bind 'uid=:uid,ou=Users,dc=mydomain,dc=com' => 'LDAPController#bindUser'
|
|
bind 'uid=:uid,ou=Users,dc=:domain,dc=:tld' => 'LDAPController#bindUser'
|
|
|
|
search nil => 'LDAPController#search'
|
|
search 'ou=Users,dc=mydomain,dc=com' => 'LDAPController#searchUsers'
|
|
end
|
|
|
|
# This is the shared object which carries our actual directory entries.
|
|
# It's just a hash of {dn=>entry}, where each entry is {attr=>[val,val,...]}
|
|
|
|
directory = {}
|
|
|
|
# Let's put some backing store on it
|
|
|
|
require 'yaml'
|
|
begin
|
|
File.open('ldapdb.yaml') { |f| directory = YAML.load(f.read) }
|
|
rescue Errno::ENOENT
|
|
end
|
|
|
|
at_exit do
|
|
File.open('ldapdb.new', 'w') { |f| f.write(YAML.dump(directory)) }
|
|
File.rename('ldapdb.new', 'ldapdb.yaml')
|
|
end
|
|
|
|
# Listen for incoming LDAP connections. For each one, create a Connection
|
|
# object, which will invoke a HashOperation object for each request.
|
|
|
|
s = LDAP::Server.new(
|
|
port: 1389,
|
|
nodelay: true,
|
|
listen: 10,
|
|
# :ssl_key_file => "key.pem",
|
|
# :ssl_cert_file => "cert.pem",
|
|
# :ssl_on_connect => true,
|
|
router: router
|
|
)
|
|
s.run_tcpserver
|
|
s.join
|