Act as a LDAP client.
Probe Type ID: ldap.client
Properties:
Name | Type | Default value | Description |
---|---|---|---|
server_url |
string | 'ldap://127.0.0.1:389' |
LDAP server url, including protocol to use (ldap or ldaps) |
ldap_version |
integer | 2 |
LDAP server version |
bind_dn |
string | None (undefined) |
The DN entry to bind, if not provided through a request |
password |
string | (empty) | The password to use by default for binding |
timeout |
float | 60.0 |
The maximum amount of time allowed to perform a search/write/delete operation before raising an error response |
base_dn |
string | (empty) | A base DN to suffix all DNs used in search/write/delete operations. It is not used for the |
username |
string | None (undefined) |
Deprecated. Use bind_dn instead. |
This probe simulates a LDAP client that can connect to a LDAP server to perform the following LDAP operations:
It can connect to LDAP v2 and v3 servers, using a standard or a secure (ldaps, SSL/TLS) connection.
SASL connections are currently not interfaced.
By default, the probe automatically binds using the properties bind_dn
and password
prior
to executing a search/write/delete command, unless an explicit bind command was performed by the user before.
The probe automatically unbinds on unmap.
To add or update an entry, use a WriteCommand
message. The probe
automatically detects if it should be a new entry (don’t forget mandatory
attributes according to the entry’s schema) or an update. In case of an update:
To make ATSes more portable and more simple to manage, you may use the base_dn
property
to set a DN that will be appended to all DNs in use in:
dn
parameter)dn
parameter)baseDn
parameter)and automatically removed from the dn values as returned in SearchResult.SearchEntry.dn
structures.[[BR]]
In other words, all the dn values, in the userland, will be relative to that base_dn
.
This base_dn
, however, won’t be suffixed to the bind_dn
.
Notes:
BindResult
or WriteResult
before assuming the operation is complete.BindResult
and WriteResult
as explained above.All platforms.
This probe depends on the openldap library and its associated Python wrapper.
On Debian-based system, this is python-ldap
and its dependencies.
The test system interface port bound to such a probe complies with the LdapPortType
port type as specified below:
type union LdapCommand
{
BindCommand bind, // binds to the server set in properties, with the defaut or given credentials
UnbindCommand unbind, // unbinds from the server
SearchCommand search, // searches entries according to a ldap search filter
WriteCommand write, // updates or adds a new entry or attribute
DeleteCommand delete, // deletes an entry
AbandonCommand abandon, // abandon the current command, if any
CancelCommand abandon, // cancel the current command, if any (only supported on RFC3909 compliant server)
}
type record BindCommand {
charstring bindDn optional, // the distinguished name of the entry to bind
charstring password optional,
}
type any UnbindCommand;
type record SearchCommand {
charstring baseDn, // suffixed by the probe's base_dn property, if any
charstring filter,
charstring scope optional, // enum in 'base', 'subtree', 'onelevel', defaulted to 'base'
record of charstring attributes optional, // defaulted to an empty list, i.e. all attributes are returned
}
type record WriteCommand {
charstring dn, // suffixed by the probe's base_dn property, if any
record of Attribute attributes optional, // defaulted to an empty list
}
type record Attribute {
record of <natural type> <name> // dynamic names, natural types (charstring/universal charstring, int, double, octetstring, ...)
}
type record DeleteCommand {
charstring dn, // suffixed by the probe's base_dn property, if any
}
type any AbandonCommand;
type any CancelCommand;
type boolean DeleteResult;
type boolean BindResult;
type boolean UnbindResult;
type record of SearchEntry SearchResult;
type record SearchEntry {
charstring dn, // does not contain the base_dn property part, if any
record of Attribute attributes,
}
type boolean WriteResult;
type charstring ErrorResponse;
type union LdapResponse
{
BindResult bindResult,
UnbindResult unbindResult,
DeleteResulet deleteResult,
SearchResult searchResult,
WriteResult writeResult,
ErrorResponse error,
}
type port LdapPortType message
{
in LdapCommand;
out LdapResponse;
}