1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
package org.openslx.taskmanager.tasks;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Random;
import org.apache.commons.io.FileUtils;
import org.openslx.taskmanager.api.SystemCommandTask;
import com.google.gson.annotations.Expose;
public class LdapSearch extends SystemCommandTask
{
@Expose
private String server = null;
@Expose
private String searchbase = null;
@Expose
private String binddn = null;
@Expose
private String bindpw = null;
private String fifo = null;
private volatile int userCount = 0;
private Output status = new Output();
@Override
protected boolean initTask()
{
this.setStatusObject( this.status );
if ( this.server == null || this.searchbase == null || this.binddn == null ) {
status.messages = "Missing parameter";
return false;
}
return true;
}
@Override
protected String[] initCommandLine()
{
if ( this.bindpw == null )
this.bindpw = "";
this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() );
File pwFile = new File( this.fifo );
FileUtils.deleteQuietly( pwFile );
try {
pwFile.createNewFile();
pwFile.setReadable( false, false );
pwFile.setReadable( true, true );
FileUtils.writeStringToFile( pwFile, this.bindpw, StandardCharsets.UTF_8 );
} catch ( IOException e ) {
FileUtils.deleteQuietly( pwFile );
status.messages = e.toString();
return null;
}
status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." );
return new String[] {
"ldapsearch",
"-x", // Simple auth
"-LLL", // No additional stuff
"-y", this.fifo, // Password from file
"-H", "ldap://" + this.server + ":3268/", // Host
"-b", this.searchbase, // SB
"-D", this.binddn, // DN
"-l", "4", // Time limit in seconds
"-z", "4", // Max number of results
"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
"(&(objectClass=user)(objectClass=person)(sAMAccountName=*))",
"sAMAccountName" // Only one attribute
};
}
@Override
protected boolean processEnded( int exitCode )
{
FileUtils.deleteQuietly( new File( this.fifo ) );
if ( exitCode == 4 ) // Means size limit exceeded, ignore
exitCode = 0;
if ( exitCode != 0 )
status.addMessage( "Exit code is " + exitCode );
if ( exitCode == 0 && this.userCount < 4 )
status.addMessage( "Found less than 4 users. Are you sure you got the right credentials." );
return this.userCount >= 4;
}
@Override
protected void processStdOut( String line )
{
if ( line.contains( "sAMAccountName: " ) ) {
status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" );
this.userCount++;
}
}
@Override
protected void processStdErr( String line )
{
if ( line.contains( "Size limit exceeded" ) )
return;
status.addMessage( "Error: " + line );
}
class Output
{
private String messages = null;
private void addMessage( String str )
{
if ( messages == null ) {
messages = str;
} else {
messages += "\n" + str;
}
}
}
}
|
