Active Directory/Connect: Difference between revisions

Content added Content deleted

Inline

Latest revision as of 21:13, 14 March 2024

The task is to establish a connection to an Active Directory or Lightweight Directory Access Protocol server.

AutoHotkey

Translation of: VBScript

objConn := CreateObject("ADODB.Connection")
objCmd := CreateObject("ADODB.Command")
objConn.Provider := "ADsDSOObject"
objConn.Open()

AutoIt

Works with: AutoIt

 #include <AD.au3>
_AD_Open()

C

With OpenLDAP:

#include <ldap.h>
...
char *name, *password;
...
LDAP *ld = ldap_init("ldap.somewhere.com", 389);
ldap_simple_bind_s(ld, name, password);
... after done with it...
ldap_unbind(ld);

C#

// Requires adding a reference to System.DirectoryServices 
var objDE = new System.DirectoryServices.DirectoryEntry("LDAP://DC=onecity,DC=corp,DC=fabrikam,DC=com");

ColdFusion

<cfldap 
server = "#someip#"
action="query" 
start="somestart#" 
username = "#someusername#" 
password = "#somepassowrd#" 
name = "results" 
scope="subtree" 
attributes = "#attributeslist#"
>

D

Based on dopenldap.

import openldap;
import std.stdio;

void main() {
  auto ldap = LDAP("ldap://localhost");
  auto r = ldap.search_s("dc=example,dc=com", LDAP_SCOPE_SUBTREE, "(uid=%s)".format("test"));
  int b = ldap.bind_s(r[0].dn, "password");
  scope(exit) ldap.unbind;
  if (b)
  {
    writeln("error on binding");
    return;
  }

  // do something
  ...
    
}

Erlang

This needs a test case. Is there a LDAP server available?

-module(ldap_example).
-export( [main/1] ).

main( [Host, DN, Password] ) ->
 {ok, Handle} = eldap:open( [Host] ),
 ok = eldap:simple_bind( Handle, DN, Password ),
 eldap:close( Handle ).

F#

Translation of: C_sharp

For Active Directory we use the library System.DirectoryServices

let adObject = new System.DirectoryServices.DirectoryEntry("LDAP://DC=onecity,DC=corp,DC=fabrikam,DC=com")

For your average LDAP server we use System.DirectoryServices.Protocol

For a minimal example we make an anonymous connect to the local machine on the well-known LDAP port 389

let ldapServer = new System.DirectoryServices.Protocols.LdapDirectoryIdentifier("127.0.0.1")
let connect = new System.DirectoryServices.Protocols.LdapConnection(ldapServer)
connect.Bind()

FreeBASIC

Library: winldap

#Include "win\winldap.bi"

Dim ldap As LDAP Ptr
Dim hostname As String
Dim port As Integer
Dim username As String
Dim password As String
Dim result As Integer

hostname = "ldap.example.com"
port = 389    ' Standard port for LDAP. Use 636 for LDAPS.
username = "cn=username,dc=example,dc=com"
password = "password"

' Initialize the LDAP connection
ldap = ldap_init(hostname, port)
If ldap = NULL Then
     Print "Error initializing LDAP connection"
     Sleep
     End 1
End If

' Authenticate with the LDAP server
result = ldap_simple_bind_s(ldap, username, password)
If result <> LDAP_SUCCESS Then
     Print "Error authenticating with LDAP server: "; ldap_err2string(result)
     Sleep
     End 1
End If

' Here you can perform LDAP operations
'...

' We close the connection when finished
ldap_unbind(ldap)

Go

Library: go-ldap-client

There are a large number of third-party LDAP libraries for Go. This uses one of the simpler ones and the code below is largely taken from the example on its main page.

package main

import (
    "log"
    "github.com/jtblin/go-ldap-client"
)

func main() {
    client := &ldap.LDAPClient{
        Base:         "dc=example,dc=com",
        Host:         "ldap.example.com",
        Port:         389,
        UseSSL:       false,
        BindDN:       "uid=readonlyuser,ou=People,dc=example,dc=com",
        BindPassword: "readonlypassword",
        UserFilter:   "(uid=%s)",
        GroupFilter:  "(memberUid=%s)",
        Attributes:   []string{"givenName", "sn", "mail", "uid"},
    }
    defer client.Close()
    err := client.Connect()
    if err != nil { 
        log.Fatalf("Failed to connect : %+v", err)
    }
    // Do something
}

Haskell

Example uses the ldap-client package:

{-# LANGUAGE OverloadedStrings #-}

module Main (main) where

import           Data.Foldable (for_)
import qualified Data.Text.Encoding as Text (encodeUtf8)
import           Ldap.Client (Attr(..), Filter(..))
import qualified Ldap.Client as Ldap (Dn(..), Host(..), search, with, typesOnly)

main :: IO ()
main = do
    entries <- Ldap.with (Ldap.Plain "localhost") 389 $ \ldap ->
        Ldap.search ldap (Ldap.Dn "o=example.com") (Ldap.typesOnly True) (Attr "uid" := Text.encodeUtf8 "user") []
    for_ entries $ \entry ->
        print entry

Java

This code uses the Apache Directory third-party library.

import java.io.IOException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;

public class LdapConnectionDemo {

    public static void main(String[] args) throws LdapException, IOException {
        try (LdapConnection connection = new LdapNetworkConnection("localhost", 10389)) {
            connection.bind();
            connection.unBind();
        }
    }
}

Julia

using LDAPClient

conn = LDAPClient.LDAPConnection("ldap://localhost:10389")
LDAPClient.simple_bind(conn, "user", "password")
LDAPClient.unbind(conn)

Kotlin

import org.apache.directory.api.ldap.model.exception.LdapException
import org.apache.directory.ldap.client.api.LdapNetworkConnection
import java.io.IOException
import java.util.logging.Level
import java.util.logging.Logger

class LDAP(map: Map<String, String>) {
    fun run() {
        var connection: LdapNetworkConnection? = null
        try {
            if (info) log.info("LDAP Connection to $hostname on port $port")
            connection = LdapNetworkConnection(hostname, port.toInt())

            try {
                if (info) log.info("LDAP bind")
                connection.bind()
            } catch (e: LdapException) {
                log.severe(e.toString())
            }

            try {
                if (info) log.info("LDAP unbind")
                connection.unBind()
            } catch (e: LdapException) {
                log.severe(e.toString())
            }
        } finally {
            try {
                if (info) log.info("LDAP close connection")
                connection!!.close()
            } catch (e: IOException) {
                log.severe(e.toString())
            }
        }
    }

    private val log = Logger.getLogger(LDAP::class.java.name)
    private val info = log.isLoggable(Level.INFO)
    private val hostname: String by map
    private val port: String by map
}

fun main(args: Array<String>) = LDAP(mapOf("hostname" to "localhost", "port"  to "10389")).run()

NetRexx

Uses the Apache LDAP API, connecting to a local ApacheDS LDAP directory server.

/* NetRexx */
options replace format comments java crossref symbols binary

import org.apache.directory.ldap.client.api.LdapConnection
import org.apache.directory.ldap.client.api.LdapNetworkConnection
import org.apache.directory.shared.ldap.model.exception.LdapException
import org.slf4j.Logger
import org.slf4j.LoggerFactory

class RDirectoryLDAP public

  properties constant
    log_ = LoggerFactory.getLogger(RDirectoryLDAP.class)

  properties private static
    connection = LdapConnection null

  method main(args = String[]) public static
    ldapHostName = String "localhost"
    ldapPort = int 10389

    if log_.isInfoEnabled() then log_.info("LDAP Connection to" ldapHostName "on port" ldapPort)
    connection = LdapNetworkConnection(ldapHostName, ldapPort)

    do
      if log_.isTraceEnabled() then log_.trace("LDAP bind")
      connection.bind()

      if log_.isTraceEnabled() then log_.trace("LDAP unbind")
      connection.unBind()
    catch lex = LdapException
      log_.error("LDAP Error", Throwable lex)
    catch iox = IOException
      log_.error("I/O Error", Throwable iox)
    finally
      do
      if connection \= null then connection.close()
      catch iox = IOException
        log_.error("I/O Error on connection.close()", Throwable iox)
      end
    end

    return

Sample log4j.xml configuration file:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j='http://jakarta.apache.org/log4j/'>
  <appender name="stdout" class="org.apache.log4j.ConsoleAppender">
    <param name="Target" value="System.out" />
    <layout class="org.apache.log4j.PatternLayout">
      <param name="ConversionPattern" value="[%d{HH:mm:ss}] %-5p [%c] - %m%n" />
    </layout>
  </appender>

  <!-- with these we'll not get innundated when switching to DEBUG -->
  <logger name="org.apache.directory.shared.ldap.name">
    <level value="warn" />
  </logger>
  <logger name="org.apache.directory.shared.codec">
    <level value="warn" />
  </logger>
  <logger name="org.apache.directory.shared.asn1">
    <level value="warn" />
  </logger>

  <root>
    <level value="info" />
    <appender-ref ref="stdout" />
  </root>
</log4j:configuration>

Output:

[08:40:05] INFO  [RDirectoryLDAP] - LDAP Connection to localhost on port 10389

Perl

LDAP Modules

use Net::LDAP;

my $ldap = Net::LDAP->new('ldap://ldap.example.com') or die $@;
my $mesg = $ldap->bind( $bind_dn, password => $bind_pass );

Note that builtins\ldap.e is incomplete, windows-only (depends on wldap32.dll), and largely untested. This has been tested against a random 7-year-old list of public ldap servers, getting mixed errors of LDAP_SERVER_DOWN/LDAP_INVALID_CREDENTIALS/LDAP_INVALID_DN_SYNTAX/LDAP_CONFIDENTIALITY_REQUIRED.

include builtins/ldap.e
 
constant servers = {
"ldap.somewhere.com",
}
--...
string name="name", password="passwd"
--...
for i=1 to length(servers) do
    atom ld = ldap_init(servers[i])
    integer res = ldap_simple_bind_s(ld, name, password)
    printf(1,"%s: %d [%s]\n",{servers[i],res,ldap_err_desc(res)})
    --... after done with it...
    ldap_unbind(ld)
end for

Output:

ldap.somewhere.com: 81 [LDAP_SERVER_DOWN]

PHP

PHP LDAP Reference

<?php
$ldap = ldap_connect($hostname, $port);
$success = ldap_bind($ldap, $username, $password);

PicoLisp

(unless (=0 (setq Ldap (native "libldap.so" "ldap_open" 'N "example.com" 389)))
   (quit "Can't open LDAP") )

(native "libldap.so" "ldap_simple_bind_s" 'I Ldap "user" "password")

Python

Works with: Python version 2.6

Library: python-ldap

python-ldap Documentation

import ldap

l = ldap.initialize("ldap://ldap.example.com")
try:
    l.protocol_version = ldap.VERSION3
    l.set_option(ldap.OPT_REFERRALS, 0)

    bind = l.simple_bind_s("me@example.com", "password")
finally:
    l.unbind()

Racket

This version uses the ldap package, and was tested against OpenLDAP (with real values):

#lang racket
(require net/ldap)
(ldap-authenticate "ldap.somewhere.com" 389 "uid=username,ou=people,dc=somewhere,dc=com" password)

Translation of: C

This is a direct translation of the C code -- I have no idea how to try it out since I don't have a working ldap server... So take it as a stub that waits for someone who can try it to do so. (And it's a low level thing anyway, there's an ldap package for Racket which I can't try for a similar reason.)

#lang racket

(require ffi/unsafe ffi/unsafe/define)

(define-ffi-definer defldap (ffi-lib "libldap"))
(defldap ldap_init (_fun _string _int -> _pointer))
(defldap ldap_unbind (_fun _pointer -> _void))
(defldap ldap_simple_bind_s (_fun _pointer _string _string -> _int))
(defldap ldap_err2string (_fun _int -> _string))

(define name ...)
(define password ...)
(define ld (ldap_init "ldap.somewhere.com" 389))
(ldap_simple_bind_s ld name password)

(ldap_unbind ld)

Raku

(formerly Perl 6)

Using module LMDB - bindings to the openLDAP library. Requires an LDAP instance.

use LMDB;

my %DB := LMDB::DB.open(:path<some-dir>, %connection-parameters);

%DB may be accessed, read from and written to like a native hash.

Ruby

Similar to Tcl, assume the AD server talks LDAP.

There are many Ruby LDAP packages ([1]) -- this solution uses Net::LDAP ("Pure Ruby LDAP Tools" on RubyForge, gem name "ruby-net-ldap")

Library: RubyGems

require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new(:host => 'ldap.example.com', :base => 'o=companyname')
ldap.authenticate('bind_dn', 'bind_pass')

Run BASIC

This example is incorrect. Please fix the code and remove this message.

Details: Active Directory has nothing to do with the local file system

print shell$("dir") ' shell out to the os and print it

Rust

This solution uses the popular ldap3 crate.

let conn = ldap3::LdapConn::new("ldap://ldap.example.com")?;
conn.simple_bind("bind_dn", "bind_pass")?.success()?;

Scala

import java.io.IOException

import org.apache.directory.api.ldap.model.exception.LdapException
import org.apache.directory.ldap.client.api.{LdapConnection, LdapNetworkConnection}

object LdapConnectionDemo {
  @throws[LdapException]
  @throws[IOException]
  def main(args: Array[String]): Unit = {
    try {
      val connection: LdapConnection = new LdapNetworkConnection("localhost", 10389)
      try {
        connection.bind()
        connection.unBind()
      } finally if (connection != null) connection.close()
    }
  }
}

smart BASIC

This example is incorrect. Please fix the code and remove this message.

Details: Active Directory has nothing to do with the local file system

smart BASIC uses three separate commands to list the current directory, folder and files respectively.

PRINT "Current directory: ";CURRENT_DIR$()
PRINT
PRINT "Folders:"
PRINT
DIR "/" LIST DIRS a$,c
FOR n = 0 TO c-1
PRINT ,a$(n)
NEXT n
PRINT
PRINT "Files:"
PRINT
DIR "/" LIST FILES a$,c
FOR n = 0 TO c-1
PRINT ,a$(n)
NEXT n

Tcl

This does not use SSPI/Kerberos yet, so your AD would need to allow simple ldap access.

package require ldap
set conn [ldap::connect $host $port]
ldap::bind $conn $user $password

VBScript

Creating the normal connection to AD

Set objConn = CreateObject("ADODB.Connection")
Set objCmd = CreateObject("ADODB.Command")
objConn.Provider = "ADsDSOObject"
objConn.Open

Wren

Translation of: C

Library: OpenLDAP

As it's not currently possible for Wren-cli to access OpenLDAP directly, we embed a Wren script in a C application to complete this task.

/* Active_Directory_Connect.wren */

foreign class LDAP {
    construct init(host, port) {}

    foreign simpleBindS(name, password)

    foreign unbind()
}

class C {
    foreign static getInput(maxSize)
}

var name = ""
while (name == "") {
    System.write("Enter name : ")
    name = C.getInput(40)
}

var password = ""
while (password == "") {
    System.write("Enter password : ")
    password = C.getInput(40)
}

var ld = LDAP.init("ldap.somewhere.com", 389)
ld.simpleBindS(name, password)

// do something here

ld.unbind()

We now embed this in the following C program, compile and run it.

#include <stdio.h>
#include <stdio_ext.h>
#include <stdlib.h>
#include <string.h>
#include <ldap.h>
#include "wren.h"

/* C <=> Wren interface functions */

void C_ldapAllocate(WrenVM* vm) {
    LDAP** pldap = (LDAP**)wrenSetSlotNewForeign(vm, 0, 0, sizeof(LDAP*));
    char *host = (char *)wrenGetSlotString(vm, 1);
    int port = (int)wrenGetSlotDouble(vm, 2);
    *pldap = ldap_init(host, port);
}

void C_simpleBindS(WrenVM* vm) {
    LDAP* ldap = *(LDAP**)wrenGetSlotForeign(vm, 0);
    const char *name = wrenGetSlotString(vm, 1);
    const char *password = wrenGetSlotString(vm, 2);
    ldap_simple_bind_s(ldap, name, password);
}

void C_unbind(WrenVM* vm) {
    LDAP* ldap = *(LDAP**)wrenGetSlotForeign(vm, 0);
    ldap_unbind(ldap);
}

void C_getInput(WrenVM* vm) {
    int maxSize = (int)wrenGetSlotDouble(vm, 1) + 2;
    char input[maxSize];
    fgets(input, maxSize, stdin);
    __fpurge(stdin);
    input[strcspn(input, "\n")] = 0;
    wrenSetSlotString(vm, 0, (const char*)input);
}

WrenForeignClassMethods bindForeignClass(WrenVM* vm, const char* module, const char* className) {
    WrenForeignClassMethods methods;
    methods.finalize = NULL;
    if (strcmp(className, "LDAP") == 0) {
        methods.allocate = C_ldapAllocate;
    } 
    return methods;
}

WrenForeignMethodFn bindForeignMethod(
    WrenVM* vm,
    const char* module,
    const char* className,
    bool isStatic,
    const char* signature) {
    if (strcmp(module, "main") == 0) {
        if (strcmp(className, "LDAP") == 0) {
            if (!isStatic && strcmp(signature, "simpleBindS(_,_)") == 0) return C_simpleBindS;
            if (!isStatic && strcmp(signature, "unbind()") == 0) return C_unbind;
        } else if (strcmp(className, "C") == 0) {
            if (isStatic && strcmp(signature, "getInput(_)") == 0) return C_getInput;
        }
    }
    return NULL;
}

static void writeFn(WrenVM* vm, const char* text) {
    printf("%s", text);
}

void errorFn(WrenVM* vm, WrenErrorType errorType, const char* module, const int line, const char* msg) {
    switch (errorType) {
        case WREN_ERROR_COMPILE:
            printf("[%s line %d] [Error] %s\n", module, line, msg);
            break;
        case WREN_ERROR_STACK_TRACE:
            printf("[%s line %d] in %s\n", module, line, msg);
            break;
        case WREN_ERROR_RUNTIME:
            printf("[Runtime Error] %s\n", msg);
            break;
    }
}

char *readFile(const char *fileName) {
    FILE *f = fopen(fileName, "r");
    fseek(f, 0, SEEK_END);
    long fsize = ftell(f);
    rewind(f);
    char *script = malloc(fsize + 1);
    fread(script, 1, fsize, f);
    fclose(f);
    script[fsize] = 0;
    return script;
}

int main(int argc, char **argv) {
    WrenConfiguration config;
    wrenInitConfiguration(&config);
    config.writeFn = &writeFn;
    config.errorFn = &errorFn;
    config.bindForeignClassFn = &bindForeignClass;
    config.bindForeignMethodFn = &bindForeignMethod;
    WrenVM* vm = wrenNewVM(&config);
    const char* module = "main";
    const char* fileName = "Active_Directory_Connect.wren";
    char *script = readFile(fileName);
    WrenInterpretResult result = wrenInterpret(vm, module, script);
    switch (result) {
        case WREN_RESULT_COMPILE_ERROR:
            printf("Compile Error!\n");
            break;
        case WREN_RESULT_RUNTIME_ERROR:
            printf("Runtime Error!\n");
            break;
        case WREN_RESULT_SUCCESS:
            break;
    }
    wrenFreeVM(vm);
    free(script);
    return 0;
}