Created
July 29, 2011 16:47
-
-
Save RowanH/1114204 to your computer and use it in GitHub Desktop.
Testing Net::LDAP against Redhat Directory Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Script to manipulate LDAP with common operations | |
| require 'rubygems' | |
| require 'net/ldap' | |
| require 'sha1' | |
| require 'base64' | |
| HOST = 'somehost' | |
| PORT = 636 | |
| UID = 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' | |
| PASSWORD = 'somepass' | |
| BASE = 'dc=example,dc=com' | |
| new_password = 'banana' | |
| crypted_password = "{SSHA}"+Base64.encode64(Digest::SHA1.digest(new_password+'salt')+'salt').chomp! | |
| def create_connection(host,port,uid,password) | |
| @ldap = Net::LDAP.new(:host => host, :port => port, :method => :ssl) | |
| @ldap.encryption :simple_tls | |
| @ldap.auth(uid, password) | |
| puts "Connecting to #{host} with #{uid} on port #{port}, searching base #{BASE}" | |
| end | |
| def display_members_in(cn) | |
| # to do, change so that this will search on a DN, not a CN. | |
| puts "Searching for CN:#{cn}" | |
| @ldap.search(:base => "dc=example,dc=com", :filter => Net::LDAP::Filter.eq("cn", cn)) do |entry| | |
| puts entry.uniquemember.inspect | |
| end | |
| end | |
| def add_dn_to_group_dn(user_dn,group_dn) | |
| @ldap.add_attribute(group_dn, :uniqueMember, user_dn) | |
| puts @ldap.get_operation_result() | |
| end | |
| def remove_dn_from_group_dn(user_dn,group_dn) | |
| # Special note: | |
| @ldap.modify(:dn => group_dn, :operations => [[:delete, :uniqueMember, user_dn]]) | |
| puts @ldap.get_operation_result() | |
| end | |
| puts "\n\nLDAP TESTING SCRIPT" | |
| create_connection(HOST,PORT,UID,PASSWORD) | |
| puts "\nTEST 1 - reset existing dn password" | |
| if @ldap.bind | |
| dn = 'uid=john.doe,ou=People,dc=example,dc=com' | |
| puts "Bound as Admin DN: #{UID}" | |
| @ldap.replace_attribute(dn,:userPassword, crypted_password) | |
| puts "Attempting to change password for DN:#{dn} to #{crypted_password}" | |
| puts @ldap.get_operation_result() | |
| create_connection(HOST,PORT,dn,new_password) | |
| if @ldap.bind | |
| puts "Bound to John Does account, DN: #{dn} using new password - #{new_password}" | |
| else | |
| puts "Reset pword failed" | |
| end | |
| else | |
| puts "Failed to bind as #{UID}" | |
| puts @ldap.get_operation_result() | |
| end | |
| puts "Resetting connection to #{UID}" | |
| create_connection(HOST,PORT,UID,PASSWORD) | |
| puts "\nTEST 2 - create a DN without a password" | |
| if @ldap.bind | |
| dn = "uid=jane.doe,ou=People,dc=example,dc=com" | |
| attr = { | |
| :cn => "Jane Done", | |
| :objectclass => ["top", "inetOrgPerson", "person", "organizationalPerson"], | |
| :sn => "Doe", | |
| :mail => "[email protected]" | |
| } | |
| puts "Attempting to create DN: #{dn} with attrs: #{attr.inspect}" | |
| @ldap.add(:dn => dn, :attributes => attr) | |
| puts @ldap.get_operation_result() | |
| end | |
| puts "\nTEST 3 - create a DN with a password" | |
| if @ldap.bind | |
| dn = "uid=bob.smith,ou=People,dc=example,dc=com" | |
| attr = { | |
| :cn => "Bob Smith", | |
| :objectclass => ["top", "inetOrgPerson", "person", "organizationalPerson"], | |
| :sn => "smith", | |
| :mail => "[email protected]", | |
| :userPassword => crypted_password | |
| } | |
| puts "Attempting to create DN: #{dn} with attrs: #{attr.inspect}" | |
| @ldap.add(:dn => dn, :attributes => attr) | |
| puts @ldap.get_operation_result() | |
| end | |
| puts "\nTEST 4 - login as newly created DN" | |
| create_connection(HOST,PORT,dn,new_password) | |
| puts @ldap.get_operation_result() | |
| puts "Resetting to admin" | |
| puts "Resetting connection to #{UID}" | |
| create_connection(HOST,PORT,UID,PASSWORD) | |
| puts "\nTEST 6 - search Group with CN for users" | |
| display_members_in("QA Managers") | |
| # | |
| # | |
| puts "\nTEST 7 - add Bob and Jane to QA Managers" | |
| qa_mgrs_dn = 'cn=QA Managers,ou=Groups,dc=example,dc=com' | |
| ['john.doe', 'bob.smith', 'jane.doe'].each do |uid| | |
| dn = "uid=#{uid},ou=People,dc=example,dc=com" | |
| puts "Adding DN:#{dn} to #{qa_mgrs_dn}" | |
| add_dn_to_group_dn(dn, qa_mgrs_dn) | |
| end | |
| puts "\nTEST 8 - search specific group for users, bob smith and jane doe should be there" | |
| display_members_in("QA Managers") | |
| puts "\nTEST 9 - remove a user from the DN" | |
| dn = 'uid=john.doe,ou=People,dc=example,dc=com' | |
| puts "Removing DN #{dn}" | |
| remove_dn_from_group_dn(dn, qa_mgrs_dn) | |
| display_members_in("QA Managers") | |
| puts "\nTEST 10 - cleanup for next test, remove other DN's" | |
| ['jane.doe', 'bob.smith'].each do |uid| | |
| dn = "uid=#{uid},ou=People,dc=example,dc=com" | |
| remove_dn_from_group_dn(dn, qa_mgrs_dn) | |
| end | |
| display_members_in("QA Managers") | |
| # puts "\nTEST 7 - search specific group for users, bob smith should not exist" | |
| # | |
| # | |
| puts "\nTEST 11 - delete newly created DN's" | |
| if @ldap.bind | |
| dn = "uid=bob.smith,ou=People,dc=example,dc=com" | |
| puts "Deleting DN: #{dn}" | |
| @ldap.delete(:dn => dn) | |
| puts @ldap.get_operation_result() | |
| dn = "uid=jane.doe,ou=People,dc=example,dc=com" | |
| puts "Deleting DN: #{dn}" | |
| @ldap.delete(:dn => dn) | |
| puts @ldap.get_operation_result() | |
| end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment