You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.6 KiB
90 lines
2.6 KiB
#!/usr/local/bin/ruby -w
|
|
|
|
# This is a modified version of rbslapd1.rb which uses a Router instead of
|
|
# subclassing the LDAP::Server::Operation class.
|
|
|
|
# This is a trivial LDAP server which just stores directory entries in RAM.
|
|
# It does no validation or authentication. This is intended just to
|
|
# demonstrate the API, it's not for real-world use!!
|
|
|
|
$:.unshift('../lib')
|
|
$debug = true
|
|
|
|
require 'ldap/server'
|
|
require 'ldap/server/router'
|
|
|
|
$logger = Logger.new($stderr)
|
|
|
|
class LDAPController
|
|
def self.bind(request, version, dn, password, params)
|
|
$logger.debug "Catchall bind request"
|
|
raise LDAP::ResultError::UnwillingToPerform, "Invalid bind DN"
|
|
end
|
|
|
|
def self.bindUser(request, version, dn, password, params)
|
|
if params[:uid].nil? or
|
|
params[:uid] != 'admin' or
|
|
password != 'adminpassword'
|
|
$logger.warn "Denied access for user #{params[:uid]}: Invalid credentials"
|
|
raise LDAP::ResultError::InvalidCredentials, "Invalid credentials"
|
|
end
|
|
|
|
$logger.info "Authenticated user #{params[:uid]}"
|
|
end
|
|
|
|
def self.search(request, baseObject, scope, deref, filter, params)
|
|
$logger.info "Catchall search request for #{baseObject}"
|
|
raise LDAP::ResultError::UnwillingToPerform, "Invalid search DN"
|
|
end
|
|
|
|
def self.searchUsers(request, baseObject, scope, deref, filter, params)
|
|
$logger.info "Search users"
|
|
end
|
|
end
|
|
|
|
router = LDAP::Server::Router.new($logger) do
|
|
# Different syntax but same thing
|
|
bind nil => "LDAPController#bind"
|
|
route :bind, nil => "LDAPController#bind"
|
|
|
|
# Bind a route using variables. A hash with the variables will be passed
|
|
# to your function as last argument.
|
|
bind "uid=:uid,ou=Users,dc=mydomain,dc=com" => "LDAPController#bindUser"
|
|
|
|
search nil => "LDAPController#search"
|
|
search "ou=Users,dc=mydomain,dc=com" => "LDAPController#searchUsers"
|
|
end
|
|
|
|
|
|
# This is the shared object which carries our actual directory entries.
|
|
# It's just a hash of {dn=>entry}, where each entry is {attr=>[val,val,...]}
|
|
|
|
directory = {}
|
|
|
|
# Let's put some backing store on it
|
|
|
|
require 'yaml'
|
|
begin
|
|
File.open("ldapdb.yaml") { |f| directory = YAML::load(f.read) }
|
|
rescue Errno::ENOENT
|
|
end
|
|
|
|
at_exit do
|
|
File.open("ldapdb.new","w") { |f| f.write(YAML::dump(directory)) }
|
|
File.rename("ldapdb.new","ldapdb.yaml")
|
|
end
|
|
|
|
# Listen for incoming LDAP connections. For each one, create a Connection
|
|
# object, which will invoke a HashOperation object for each request.
|
|
|
|
s = LDAP::Server.new(
|
|
:port => 1389,
|
|
:nodelay => true,
|
|
:listen => 10,
|
|
# :ssl_key_file => "key.pem",
|
|
# :ssl_cert_file => "cert.pem",
|
|
# :ssl_on_connect => true,
|
|
:router => router
|
|
)
|
|
s.run_tcpserver
|
|
s.join
|