Skip to content

Instantly share code, notes, and snippets.

@synopse

synopse/gist:d0d1da86c30f55a193ddbbc84f50e544

Created June 25, 2024 10:10
Show Gist options
  • Save synopse/d0d1da86c30f55a193ddbbc84f50e544 to your computer and use it in GitHub Desktop.
Save synopse/d0d1da86c30f55a193ddbbc84f50e544 to your computer and use it in GitHub Desktop.
Download ZIP
some test code about LDAP
Raw
gistfile1.txt
procedure TestLdap;
var usr, dn {, grp}: RawUtf8;
g: TLdapGroup;
u: TLdapUser;
//id: cardinal;
//res: TLdapResult;
grps: TRawUtf8DynArray;
//qw: Qword;
//smtp: TSmtpConnection;
//info: TCldapDomainInfo; servers: TCldapServers;
//oid: TBytesDynArray;
begin
//InitializeDomainAuth;
//writeln(RawUtf8ArrayToCsv(GssEnlistMechsSupported(@oid), #10));
with TLdapCheckMember.Create do
try
//Settings.TargetUri := 'ldaps://dc.ad.company.com/ad.company.com';
//Settings.UserName := 'auser@AD.company.com';
//Settings.Password := 'pass';
{
RegisterKnownHost('srvads.my.lan', '192.168.0.1');
RegisterDnsAddress('192.168.0.1');
Settings.TargetUri := 'ldaps://srvads.my.lan/my.lan';
Settings.UserName := 'administrator@my.lan';
Settings.Password := 'pass';
}
{
RegisterKnownHost('msad.lan', '10.11.11.11');
RegisterDnsAddress('10.11.11.11');
Settings.TargetUri := 'ldaps://msad.lan/msad.lan';
Settings.UserName := 'testuser@msad.lan';
Settings.Password := 'pass';
}
if BindSaslKerberos('', @usr) then
writeln(' authenticated as ',usr,' via Kerberos to ', Settings.TargetUri)
else if Bind then
writeln(' authenticated as plain ',usr,' to ', Settings.TargetUri)
else
writeln(' authentication failed as ', ResultString);
//writeln('users',WellKnownObjects.Users);
//
writeln('DefaultDN=',DefaultDN);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
//Search(DefaultDN, false, '(sAMAccountName=auser)', []);
//writeln(SearchResult.Dump);
//Search(WellKnownObjects.Computers, false, '', []);
GetUserInfo('duser', '', '', u,
'OU=users,OU=companyit,DC=ad,DC=company,DC=com', true);
//'', true);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
dn := StringReplaceAll(u.distinguishedName, 'duser', 'dc\61rdon');
writeln('dn=',dn);
writeln('dn=',DNToCN(dn));
writeln('dn=',LdapValidDistinguishedName(dn));
Finalize(u);
GetUserInfo('', dn, '', u);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln('dn=',u.distinguishedName);
writeln('dn=',DNToCN(dn));
GetUserInfo('', '', '', u);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
GetGroupinfo('waptadmins', '', g, '', true);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetGroups));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetGroups([gtGlobal])));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetGroups([gtGlobal], [], 'grp*')));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetUsers));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetUsers([uacNormalAccount])));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(RawUtf8ArrayToCsv(GetUsers([uacAccountDisable])));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(BeforeAuth(nil, 'auser'));
AllowGroupAN('grp_bitwarden,grp_waptgit_users,dusergroup');
writeln(BeforeAuth(nil, 'auser'));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(BeforeAuth(nil, 'susereau'));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(BeforeAuth(nil, 'cuserues'));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(BeforeAuth(nil, 'toto'));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(Authorize('auser'));
writeln(Authorize('auser', @grps));
writeln(Authorize('susereau'));
writeln(Authorize('duser'));
writeln(Authorize('cuserues'));
writeln(Authorize('toto'));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
{
GetUserInfo('auser', '', '', u);
// writeln(GetSetName(TypeInfo(u.userAccountControl);
GetGroupInfo('grp_waptgit_users', '', g);
usr := GetUserDN(u.sAMAccountName, '');
writeln(usr);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
grp := GetGroupDN(g.sAMAccountName);
writeln(grp);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln('grp_waptgit_users=',GegrpMemberOf(usr, 'grp_waptgit_users', '', '', false));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln('grp_bitwarden=',GegrpMemberOf(usr, 'grp_bitwarden', '', '', false));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln('any=',GegrpMemberOf(usr, '', ['grp_bitwarden', 'grp_waptgit_users'], []));
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
Search(DefaultDN, false,
'(&(sAMAccountType=805306368)(|(sAMAccountName=susereau)))',
[]);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(SearchResult.Dump);
usr := SearchObject(DefaultDN,
'(&(sAMAccountType=805306368)(|(sAMAccountName=auser)(userPrincipalName=auser)))',
// '(&(objectClass=user)(|(sAMAccountName=auser)))',
'distinguishedName', lssWholeSubtree
).GetReadable;
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
writeln(SearchResult.Dump);
usr := 'CN=auser,OU=no_srp,OU=users,OU=companyit,DC=ad,DC=company,DC=com';
//usr := 'CN=susereau,OU=srp_hard,OU=users,OU=companyit,DC=ad,DC=company,DC=com';
grp := 'OU=groupes,OU=companyit,DC=ad,DC=company,DC=com';
Search(DefaultDN, false,
//'(&(objectClass=user)(memberof=CN=grp_waptgit_users,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com))',
//'(&(objectClass=user)(memberof=CN=grp,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com))',
//'(&(objectClass=user)(sAMAccountName=susereau))',
//'(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=' + usr +
'(&(sAMAccountType=268435456)(member:1.2.840.113556.1.4.1941:=' + usr +
')(|(sAMAccountName=grp_bitwarden)(sAMAccountName=grp_waptgit_users)))',
//'(&(objectCategory=group))',
//'(&(objectCategory=person)(objectClass=user)(sAMAccountName=susereau))',
//'(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))',
[]); // , 'distinguishedName', 'sAMAccountName', 'objectSid']);
writeln(SearchResult.Dump);
writeln(SearchResult.Count,' in ', MicroSecToString(SearchResult.SearchTimeMicroSec));
// grp_waptgit_users = S-1-5-21-4065038523-172981886-1017972661-103605
// CN=grp_waptgit_users,OU=groupes,OU=companyit,DC=ad,DC=company,DC=com
writeln('ok');
repeat
write('filter=');
readln(usr);
if usr = '' then
break;
Search(DefaultDN, false, usr,[]);
writeln(SearchResult.Dump);
until false;
}
finally
Free;
end;
//writeln(BinToHex(ASN1_BOOLEAN[true]));
//writeln('GetDnsAddresses=', RawUtf8ArrayToCsv(GetDnsAddresses, ', '));
//DnsSendOverTcp := true;
//writeln(CldapGetLdapController('ad.company.com'));
//RegisterDnsAddress('192.168.0.1');
//writeln(CldapGetLdapController('my.lan'));
//writeln(CldapGetLdapController('my.lan', 'srvads.my.lan'));
//writeln('CldapMyLdapController=',CldapMyLdapController);
//writeln('ldap=',RawUtf8ArrayToCsv(DnsLdapControlersSorted(100, 10)));
//writeln('synopse.info=', DnsReverseLookup(DnsLookup('synopse.info')));
//writeln('srvaltern.ad.company.com=',DnsLookup('srvaltern.ad.company.com', 'tcp@192.168.149.11'));
//if false then
//writeln('GetDomainNames=', RawUtf8ArrayToCsv(GetDomainNames, ', '));
// writeln('192.168.0.2=', DnsReverseLookup('192.168.0.2'));
{ }
//DnsQuery('blog.synopse.info', res);
//DnsQuery('ictuswin.com', res, drrNS);
//DnsQuery('1.229.167.213.in-addr.arpa', res, drrPTR); if false then
//writeln('synopse.info=', DnsReverseLookup(DnsLookup('synopse.info')));
//writeln('yahoo.com=', RawUtf8ArrayToCsv(DnsLookups('yahoo.com')));
//writeln('ldap=',RawUtf8ArrayToCsv(DnsServices('_ldap._tcp.ad.company.com')));
//writeln('ldap=',RawUtf8ArrayToCsv(DnsLdapControlers));
//writeln('InitializeDomainAuth=',InitializeDomainAuth);
//writeln(CldapBroadcast(servers, 1000, '172.16.144.255'));
//writeln(SaveJson(servers, TypeInfo(servers)));
//CldapGetDomainInfo(info, 200, 'ad.company.com', 'dc-online.ad.company.com');
//writeln(GuidToShort(info.UUID));
//ForcedDomainName := 'ad.company.com';
{ with TLdapClient.Create do
try
RegisterKnownHost('srvads.my.lan', '192.168.0.2');
RegisterDnsAddress('192.168.0.2');
//
Settings.TargetHost := 'srvads.my.lan';
Settings.TargetPort := LDAP_TLS_PORT;
//ForcedDomainName := 'my.lan';
Connect;
writeln('TargetHost = ', Settings.TargetHost, ':', Settings.TargetPort);
if Settings.Tls then
writeln(' over TLS');
//SettingS.UserName := 'auser@ad.company.com'; Settings.Password := 'xx';
//Settings.KerberosDN := 'my.LAN';
Settings.UserName := 'administrator';
Settings.Password := 'passwpassw';
//if BindSaslKerberos('') then writeln(' authenticated via Kerberos');
if Bind then writeln('authenticated via plain bind');
//writeln('NetbiosDomainName = ', NetbiosDN);
writeln('DiscoverRootDN = ', RootDN);
Search(RootDN, false, '(DnsDomain=my.lan)', ['NetLogon']);
// FileFromString(SearchResult.Dump, Executable.ProgramFilePath + 'AD.txt');
writeln(SearchResult.Dump);
//writeln('Computers DN = ', WellKnownObjects.Computers);
//Search(WellKnownObjects.Computers, false, '', []);
//FileFromString(SearchResult.Dump, 'AD.txt');
//writeln(RawUtf8ArrayToCsv(SearchResult.ObjectNames(true), CRLF));
//writeln(ObjectToJsonDebug(Settings));
//TLdapClient.Create(Settings).Free;
Close;
finally
Free;
end; if false then }
//GetCldapHostName; exit;
// ForcedDomainName := 'my.lan'; RegisterDnsAddress('192.168.0.2');
// RegisterKnownHost('srvads.my.lan', '192.168.0.2');
//
{
ForcedDomainName := 'ad.company.com';
with TLdapClient.Create do
try
Settings.UserName := 'auser@AD.company.com';
Settings.Password := 'xxx';
//if BindSaslKerberos then
if BindSaslDigest then
writeln('OK') else
writeln('KO');
finally
Free;
end;
with TBasicAuthServerLDAP.Create do
try
//writeln('toto=',CheckCredential('toto', 'titi'));
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw2s'));
writeln('Administrator=',CheckCredential('Administrator', 'passwpassw'));
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw'));
//writeln('Administrator=',CheckCredential('Administrator', 'passwpassw2s'));
//
writeln('auser=',CheckCredential('auser','xxx'));
finally
Free;
end; if false then
}
{
with TLdapClient.Create do
try
if false then
begin
ForcedDomainName := 'test.lan';
Settings.TargetHost := 'win-456.test.lan';
Settings.KerberosDN := 'test.LAN';
Settings.UserName := 'Administrateur@test.lan';
Settings.Password := 'passwpassw';
end
else if false then
begin
ForcedDomainName := 'ad.company.com';
Settings.UserName := 'auser@ad.company.com';
Settings.Password := 'xxxx';
end
else
begin
ForcedDomainName := 'my.lan';
RegisterKnownHost('srvads.my.lan', '192.168.0.2');
Settings.TargetHost := 'srvads.my.lan';
Settings.TargetPort := LDAP_TLS_PORT;
Settings.KerberosDN := 'my.LAN';
Settings.UserName := 'Administrator@my.lan';
Settings.Password := 'passwpassw';
end;
Connect;
writeln('Connected to ', Settings.TargetUri);
//Sock.SockSendFlush(Asn();
//writeln('dnsHostName=');
//SearchObject('', '*', []);
//writeln(SearchResult.Dump);
//exit;
writeln('RootDN=', RootDN);
writeln('ConfigDN=', ConfigDN);
//writeln(RawUtf8ArrayToCsv(Mechanisms));
//if BindSaslKerberos('', @usr) then writeln(' Authenticated as ', usr) else
//if not BindSaslDigest then
if not Bind then
writeln(' Error binding: ', ResultString);
//writeln(ObjectToJsonDebug(Settings));
//Search(ConfigDN, false, '(Site-Object-BL=* )', ['Site-Object-BL']);
//writeln(SearchResult.Dump);
//writeln('Referals = ',Referals.Text);
writeln('NetbiosDN = ', NetbiosDN);
//writeln('RootDN = ', RootDN);
//writeln('Computers DN = ', WellKnownObjects(true).Computers);
//Search(WellKnownObjects.Users, false,
//'(&(cn=Domain Computers)(cn=Domain Computers))',
//'(cn=Domain Computers)',
//'(&(cn=Domain Computers)(sAMAccountType=268435456))',
//['*']);
//writeln(SearchResult.Dump);
SearchPageSize := 1;
SearchScope := lssBaseObject;
if Search('CN=Aggregate,CN=Schema,CN=Configuration,DC=my,DC=lan',
False,
'(objectClass=* )',
['attributeTypes']) then
WriteLn(SearchResult.Dump);
writeln('Found ', SearchResult.Count, ' matches in ',
MicroSecToString(SearchResult.SearchTimeMicroSec));
//FileFromString(SearchResult.Dump, 'AD.txt');
finally
Free;
end;
}
end;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment