package org.openslx.taskmanager.tasks;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Random;
import org.apache.commons.io.FileUtils;
import org.openslx.taskmanager.api.SystemCommandTask;
import com.google.gson.annotations.Expose;
public class LdapSearch extends SystemCommandTask
{
@Expose
private String server = null;
@Expose
private String searchbase = null;
@Expose
private String binddn = null;
@Expose
private String bindpw = null;
@Expose
private String username = null;
private String fifo = null;
private boolean getDn = false;
private volatile int userCount = 0;
private Output status = new Output();
@Override
protected boolean initTask()
{
this.setStatusObject( this.status );
if ( this.server == null || this.searchbase == null || this.binddn == null ) {
status.messages = "Missing parameter";
return false;
}
this.timeoutSeconds = 5;
return true;
}
@Override
protected String[] initCommandLine()
{
if ( this.bindpw == null )
this.bindpw = "";
this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() );
File pwFile = new File( this.fifo );
FileUtils.deleteQuietly( pwFile );
try {
pwFile.createNewFile();
pwFile.setReadable( false, false );
pwFile.setReadable( true, true );
FileUtils.writeStringToFile( pwFile, this.bindpw, StandardCharsets.UTF_8 );
} catch ( IOException e ) {
FileUtils.deleteQuietly( pwFile );
status.messages = e.toString();
return null;
}
if ( this.username == null ) {
status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." );
this.username = "*";
} else {
this.getDn = true;
}
// As we don't care about the certificate here, you might want to put TLS_REQCERT never
// in /etc/ldap/ldap.conf
return new String[] {
"ldapsearch",
"-x", // Simple auth
"-LLL", // No additional stuff
"-y", this.fifo, // Password from file
"-H", this.server, // Host
"-b", this.searchbase, // SB
"-D", this.binddn, // DN
"-l", "4", // Time limit in seconds
"-o", "nettimeout=4",
"-z", "4", // Max number of results
"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
"(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))",
"sAMAccountName", // Find account name
"dn" // And dn
};
}
@Override
protected boolean processEnded( int exitCode )
{
FileUtils.deleteQuietly( new File( this.fifo ) );
if ( exitCode == 4 ) // Means size limit exceeded, ignore
exitCode = 0;
if ( exitCode != 0 )
status.addMessage( "Exit code is " + exitCode );
if ( exitCode == 0 && this.userCount < 4 && !this.getDn )
status.addMessage( "Found less than 4 users. Are you sure you got the right credentials." );
return this.userCount >= 4 || ( this.getDn && status.dn != null );
}
@Override
protected void processStdOut( String line )
{
if ( line.startsWith( "sAMAccountName: " ) ) {
status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" );
this.userCount++;
}
if ( line.startsWith( "sAMAccountName:: " ) ) {
status.addMessage( "Found AD user " + line.substring( 17 ) + " :-)" );
this.userCount++;
}
if ( this.getDn && line.startsWith( "dn: " ) ) {
status.dn = line.substring( 4 );
}
}
@Override
protected void processStdErr( String line )
{
if ( line.contains( "Size limit exceeded" ) )
return;
status.addMessage( "Error: " + line );
}
class Output
{
private String messages = null;
public String dn = null;
private void addMessage( String str )
{
if ( messages == null ) {
messages = str;
} else {
messages += "\n" + str;
}
}
}
}
