jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ldap: add rootDSE test

Browse Source
This commit is contained in:
Girish Ramakrishnan
2022-03-31 21:18:56 -07:00
parent 3295d2b727
commit 638fe2e6c8
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ldap.js
View File

@@ -636,10 +636,12 @@ async function authenticateMail(req, res, next) {
}
// https://ldapwiki.com/wiki/RootDSE / RFC 4512 - ldapsearch -x -h "${CLOUDRON_LDAP_SERVER}" -p "${CLOUDRON_LDAP_PORT}" -b "" -s base
async function rootDSE(req, res, next) {
debug(`rootDSE: requested with scope ${req.scope}`);
// ldapjs seems to call this handler for everything when search === ''
async function maybeRootDSE(req, res, next) {
debug(`maybeRootDSE: requested with scope:${req.scope} dn:${req.dn.toString()}`);
if (req.scope !== 'base') return next(new ldap.NoSuchObjectError()); // per the spec, rootDSE search require base scope
if (!req.dn || req.dn.toString() !== '') return next(new ldap.NoSuchObjectError());
res.send({
dn: '',
@@ -669,7 +671,6 @@ async function start() {
debug('start: server error ', error);
});
gServer.search('', rootDSE);
gServer.search('ou=users,dc=cloudron', authenticateApp, userSearch);
gServer.search('ou=groups,dc=cloudron', authenticateApp, groupSearch);
gServer.bind('ou=users,dc=cloudron', authenticateApp, authenticateUser, authorizeUserForApp);
@@ -714,6 +715,8 @@ async function start() {
finalSend([obj], req, res, next);
});
gServer.search('', maybeRootDSE); // when '', it seems the callback is called for everything else
// just log that an attempt was made to unknown route, this helps a lot during app packaging
gServer.use(function(req, res, next) {
debug('not handled: dn %s, scope %s, filter %s (from %s)', req.dn ? req.dn.toString() : '-', req.scope, req.filter ? req.filter.toString() : '-', req.connection.ldap.id);