Created
June 25, 2024 10:10
-
-
Save synopse/d0d1da86c30f55a193ddbbc84f50e544 to your computer and use it in GitHub Desktop.
some test code about LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
procedure TestLdap; | |
var usr, dn {, grp}: RawUtf8; | |
g: TLdapGroup; | |
u: TLdapUser; | |
//id: cardinal; | |
//res: TLdapResult; | |
grps: TRawUtf8DynArray; | |
//qw: Qword; | |
//smtp: TSmtpConnection; | |
//info: TCldapDomainInfo; servers: TCldapServers; | |
//oid: TBytesDynArray; | |
begin | |
//InitializeDomainAuth; | |
//writeln(RawUtf8ArrayToCsv(GssEnlistMechsSupported(@oid), #10)); | |
with TLdapCheckMember.Create do | |
try | |
//Settings.TargetUri := 'ldaps://dc.ad.company.com/ad.company.com'; | |
//Settings.UserName := 'auser@AD.company.com'; | |
//Settings.Password := 'pass'; | |
{ | |
RegisterKnownHost('srvads.my.lan', '192.168.0.1'); | |
RegisterDnsAddress('192.168.0.1'); | |
Settings.TargetUri := 'ldaps://srvads.my.lan/my.lan'; | |
Settings.UserName := 'administrator@my.lan'; | |
Settings.Password := 'pass'; | |
} | |
{ | |
RegisterKnownHost('msad.lan', '10.11.11.11'); | |
RegisterDnsAddress('10.11.11.11'); | |
Settings.TargetUri := 'ldaps://msad.lan/msad.lan'; | |
Settings.UserName := 'testuser@msad.lan'; | |
Settings.Password := 'pass'; | |
} | |
if BindSaslKerberos('', @usr) then | |
writeln(' authenticated as ',usr,' via Kerberos to ', Settings.TargetUri) | |
else if Bind then | |
writeln(' authenticated as plain ',usr,' to ', Settings.TargetUri) | |
else | |
writeln(' authentication failed as ', ResultString); | |
//writeln('users',WellKnownObjects.Users); | |
// | |
writeln('DefaultDN=',DefaultDN); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
//Search(DefaultDN, false, '(sAMAccountName=auser)', []); | |
//writeln(SearchResult.Dump); | |
//Search(WellKnownObjects.Computers, false, '', []); | |
GetUserInfo('duser', '', '', u, | |
'OU=users,OU=companyit,DC=ad,DC=company,DC=com', true); | |
//'', true); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
dn := StringReplaceAll(u.distinguishedName, 'duser', 'dc\61rdon'); | |
writeln('dn=',dn); | |
writeln('dn=',DNToCN(dn)); | |
writeln('dn=',LdapValidDistinguishedName(dn)); | |
Finalize(u); | |
GetUserInfo('', dn, '', u); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln('dn=',u.distinguishedName); | |
writeln('dn=',DNToCN(dn)); | |
GetUserInfo('', '', '', u); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
GetGroupinfo('waptadmins', '', g, '', true); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetGroups)); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetGroups([gtGlobal]))); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetGroups([gtGlobal], [], 'grp*'))); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetUsers)); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetUsers([uacNormalAccount]))); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(RawUtf8ArrayToCsv(GetUsers([uacAccountDisable]))); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(BeforeAuth(nil, 'auser')); | |
AllowGroupAN('grp_bitwarden,grp_waptgit_users,dusergroup'); | |
writeln(BeforeAuth(nil, 'auser')); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(BeforeAuth(nil, 'susereau')); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(BeforeAuth(nil, 'cuserues')); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(BeforeAuth(nil, 'toto')); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(Authorize('auser')); | |
writeln(Authorize('auser', @grps)); | |
writeln(Authorize('susereau')); | |
writeln(Authorize('duser')); | |
writeln(Authorize('cuserues')); | |
writeln(Authorize('toto')); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
{ | |
GetUserInfo('auser', '', '', u); | |
// writeln(GetSetName(TypeInfo(u.userAccountControl); | |
GetGroupInfo('grp_waptgit_users', '', g); | |
usr := GetUserDN(u.sAMAccountName, ''); | |
writeln(usr); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
grp := GetGroupDN(g.sAMAccountName); | |
writeln(grp); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln('grp_waptgit_users=',GegrpMemberOf(usr, 'grp_waptgit_users', '', '', false)); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln('grp_bitwarden=',GegrpMemberOf(usr, 'grp_bitwarden', '', '', false)); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln('any=',GegrpMemberOf(usr, '', ['grp_bitwarden', 'grp_waptgit_users'], [])); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
Search(DefaultDN, false, | |
'(&(sAMAccountType=805306368)(|(sAMAccountName=susereau)))', | |
[]); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(SearchResult.Dump); | |
usr := SearchObject(DefaultDN, | |
'(&(sAMAccountType=805306368)(|(sAMAccountName=auser)(userPrincipalName=auser)))', | |
// '(&(objectClass=user)(|(sAMAccountName=auser)))', | |
'distinguishedName', lssWholeSubtree | |
).GetReadable; | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
writeln(SearchResult.Dump); | |
usr := 'CN=auser,OU=no_srp,OU=users,OU=companyit,DC=ad,DC=company,DC=com'; | |
//usr := 'CN=susereau,OU=srp_hard,OU=users,OU=companyit,DC=ad,DC=company,DC=com'; | |
grp := 'OU=groupes,OU=companyit,DC=ad,DC=company,DC=com'; | |
Search(DefaultDN, false, | |
//'(&(objectClass=user)(memberof=CN=grp_waptgit_users,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com))', | |
//'(&(objectClass=user)(memberof=CN=grp,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com))', | |
//'(&(objectClass=user)(sAMAccountName=susereau))', | |
//'(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=' + usr + | |
'(&(sAMAccountType=268435456)(member:1.2.840.113556.1.4.1941:=' + usr + | |
')(|(sAMAccountName=grp_bitwarden)(sAMAccountName=grp_waptgit_users)))', | |
//'(&(objectCategory=group))', | |
//'(&(objectCategory=person)(objectClass=user)(sAMAccountName=susereau))', | |
//'(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))', | |
[]); // , 'distinguishedName', 'sAMAccountName', 'objectSid']); | |
writeln(SearchResult.Dump); | |
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
// grp_waptgit_users = S-1-5-21-4065038523-172981886-1017972661-103605 | |
// CN=grp_waptgit_users,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com | |
writeln('ok'); | |
repeat | |
write('filter='); | |
readln(usr); | |
if usr = '' then | |
break; | |
Search(DefaultDN, false, usr,[]); | |
writeln(SearchResult.Dump); | |
until false; | |
} | |
finally | |
Free; | |
end; | |
//writeln(BinToHex(ASN1_BOOLEAN[true])); | |
//writeln('GetDnsAddresses=', RawUtf8ArrayToCsv(GetDnsAddresses, ', ')); | |
//DnsSendOverTcp := true; | |
//writeln(CldapGetLdapController('ad.company.com')); | |
//RegisterDnsAddress('192.168.0.1'); | |
//writeln(CldapGetLdapController('my.lan')); | |
//writeln(CldapGetLdapController('my.lan', 'srvads.my.lan')); | |
//writeln('CldapMyLdapController=',CldapMyLdapController); | |
//writeln('ldap=',RawUtf8ArrayToCsv(DnsLdapControlersSorted(100, 10))); | |
//writeln('synopse.info=', DnsReverseLookup(DnsLookup('synopse.info'))); | |
//writeln('srvaltern.ad.company.com=',DnsLookup('srvaltern.ad.company.com', 'tcp@192.168.149.11')); | |
//if false then | |
//writeln('GetDomainNames=', RawUtf8ArrayToCsv(GetDomainNames, ', ')); | |
// writeln('192.168.0.2=', DnsReverseLookup('192.168.0.2')); | |
{ } | |
//DnsQuery('blog.synopse.info', res); | |
//DnsQuery('ictuswin.com', res, drrNS); | |
//DnsQuery('1.229.167.213.in-addr.arpa', res, drrPTR); if false then | |
//writeln('synopse.info=', DnsReverseLookup(DnsLookup('synopse.info'))); | |
//writeln('yahoo.com=', RawUtf8ArrayToCsv(DnsLookups('yahoo.com'))); | |
//writeln('ldap=',RawUtf8ArrayToCsv(DnsServices('_ldap._tcp.ad.company.com'))); | |
//writeln('ldap=',RawUtf8ArrayToCsv(DnsLdapControlers)); | |
//writeln('InitializeDomainAuth=',InitializeDomainAuth); | |
//writeln(CldapBroadcast(servers, 1000, '172.16.144.255')); | |
//writeln(SaveJson(servers, TypeInfo(servers))); | |
//CldapGetDomainInfo(info, 200, 'ad.company.com', 'dc-online.ad.company.com'); | |
//writeln(GuidToShort(info.UUID)); | |
//ForcedDomainName := 'ad.company.com'; | |
{ with TLdapClient.Create do | |
try | |
RegisterKnownHost('srvads.my.lan', '192.168.0.2'); | |
RegisterDnsAddress('192.168.0.2'); | |
// | |
Settings.TargetHost := 'srvads.my.lan'; | |
Settings.TargetPort := LDAP_TLS_PORT; | |
//ForcedDomainName := 'my.lan'; | |
Connect; | |
writeln('TargetHost = ', Settings.TargetHost, ':', Settings.TargetPort); | |
if Settings.Tls then | |
writeln(' over TLS'); | |
//SettingS.UserName := 'auser@ad.company.com'; Settings.Password := 'xx'; | |
//Settings.KerberosDN := 'my.LAN'; | |
Settings.UserName := 'administrator'; | |
Settings.Password := 'passwpassw'; | |
//if BindSaslKerberos('') then writeln(' authenticated via Kerberos'); | |
if Bind then writeln('authenticated via plain bind'); | |
//writeln('NetbiosDomainName = ', NetbiosDN); | |
writeln('DiscoverRootDN = ', RootDN); | |
Search(RootDN, false, '(DnsDomain=my.lan)', ['NetLogon']); | |
// FileFromString(SearchResult.Dump, Executable.ProgramFilePath + 'AD.txt'); | |
writeln(SearchResult.Dump); | |
//writeln('Computers DN = ', WellKnownObjects.Computers); | |
//Search(WellKnownObjects.Computers, false, '', []); | |
//FileFromString(SearchResult.Dump, 'AD.txt'); | |
//writeln(RawUtf8ArrayToCsv(SearchResult.ObjectNames(true), CRLF)); | |
//writeln(ObjectToJsonDebug(Settings)); | |
//TLdapClient.Create(Settings).Free; | |
Close; | |
finally | |
Free; | |
end; if false then } | |
//GetCldapHostName; exit; | |
// ForcedDomainName := 'my.lan'; RegisterDnsAddress('192.168.0.2'); | |
// RegisterKnownHost('srvads.my.lan', '192.168.0.2'); | |
// | |
{ | |
ForcedDomainName := 'ad.company.com'; | |
with TLdapClient.Create do | |
try | |
Settings.UserName := 'auser@AD.company.com'; | |
Settings.Password := 'xxx'; | |
//if BindSaslKerberos then | |
if BindSaslDigest then | |
writeln('OK') else | |
writeln('KO'); | |
finally | |
Free; | |
end; | |
with TBasicAuthServerLDAP.Create do | |
try | |
//writeln('toto=',CheckCredential('toto', 'titi')); | |
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw2s')); | |
writeln('Administrator=',CheckCredential('Administrator', 'passwpassw')); | |
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw')); | |
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw2s')); | |
// | |
writeln('auser=',CheckCredential('auser','xxx')); | |
finally | |
Free; | |
end; if false then | |
} | |
{ | |
with TLdapClient.Create do | |
try | |
if false then | |
begin | |
ForcedDomainName := 'test.lan'; | |
Settings.TargetHost := 'win-456.test.lan'; | |
Settings.KerberosDN := 'test.LAN'; | |
Settings.UserName := 'Administrateur@test.lan'; | |
Settings.Password := 'passwpassw'; | |
end | |
else if false then | |
begin | |
ForcedDomainName := 'ad.company.com'; | |
Settings.UserName := 'auser@ad.company.com'; | |
Settings.Password := 'xxxx'; | |
end | |
else | |
begin | |
ForcedDomainName := 'my.lan'; | |
RegisterKnownHost('srvads.my.lan', '192.168.0.2'); | |
Settings.TargetHost := 'srvads.my.lan'; | |
Settings.TargetPort := LDAP_TLS_PORT; | |
Settings.KerberosDN := 'my.LAN'; | |
Settings.UserName := 'Administrator@my.lan'; | |
Settings.Password := 'passwpassw'; | |
end; | |
Connect; | |
writeln('Connected to ', Settings.TargetUri); | |
//Sock.SockSendFlush(Asn(); | |
//writeln('dnsHostName='); | |
//SearchObject('', '*', []); | |
//writeln(SearchResult.Dump); | |
//exit; | |
writeln('RootDN=', RootDN); | |
writeln('ConfigDN=', ConfigDN); | |
//writeln(RawUtf8ArrayToCsv(Mechanisms)); | |
//if BindSaslKerberos('', @usr) then writeln(' Authenticated as ', usr) else | |
//if not BindSaslDigest then | |
if not Bind then | |
writeln(' Error binding: ', ResultString); | |
//writeln(ObjectToJsonDebug(Settings)); | |
//Search(ConfigDN, false, '(Site-Object-BL=* )', ['Site-Object-BL']); | |
//writeln(SearchResult.Dump); | |
//writeln('Referals = ',Referals.Text); | |
writeln('NetbiosDN = ', NetbiosDN); | |
//writeln('RootDN = ', RootDN); | |
//writeln('Computers DN = ', WellKnownObjects(true).Computers); | |
//Search(WellKnownObjects.Users, false, | |
//'(&(cn=Domain Computers)(cn=Domain Computers))', | |
//'(cn=Domain Computers)', | |
//'(&(cn=Domain Computers)(sAMAccountType=268435456))', | |
//['*']); | |
//writeln(SearchResult.Dump); | |
SearchPageSize := 1; | |
SearchScope := lssBaseObject; | |
if Search('CN=Aggregate,CN=Schema,CN=Configuration,DC=my,DC=lan', | |
False, | |
'(objectClass=* )', | |
['attributeTypes']) then | |
WriteLn(SearchResult.Dump); | |
writeln('Found ', SearchResult.Count, ' matches in ', | |
MicroSecToString(SearchResult.SearchTimeMicroSec)); | |
//FileFromString(SearchResult.Dump, 'AD.txt'); | |
finally | |
Free; | |
end; | |
} | |
end; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment