2011-11-19 00:39:37 +00:00
|
|
|
var ldap = require('../lib/index');
|
|
|
|
|
|
|
|
|
|
|
|
///--- Shared handlers
|
|
|
|
|
|
|
|
function authorize(req, res, next) {
|
2013-10-24 02:55:43 +00:00
|
|
|
/* Any user may search after bind, only cn=root has full power */
|
|
|
|
var isSearch = (req instanceof ldap.SearchRequest);
|
|
|
|
if (!req.connection.ldap.bindDN.equals('cn=root') && !isSearch)
|
2011-11-19 00:39:37 +00:00
|
|
|
return next(new ldap.InsufficientAccessRightsError());
|
|
|
|
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
///--- Globals
|
|
|
|
|
|
|
|
var SUFFIX = 'o=smartdc';
|
|
|
|
var db = {};
|
|
|
|
var server = ldap.createServer();
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.bind('cn=root', function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
if (req.dn.toString() !== 'cn=root' || req.credentials !== 'secret')
|
|
|
|
return next(new ldap.InvalidCredentialsError());
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.add(SUFFIX, authorize, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
|
|
|
|
if (db[dn])
|
|
|
|
return next(new ldap.EntryAlreadyExistsError(dn));
|
|
|
|
|
|
|
|
db[dn] = req.toObject().attributes;
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.bind(SUFFIX, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
if (!db[dn])
|
|
|
|
return next(new ldap.NoSuchObjectError(dn));
|
|
|
|
|
2013-10-24 02:55:43 +00:00
|
|
|
if (!db[dn].userpassword)
|
2011-11-19 00:39:37 +00:00
|
|
|
return next(new ldap.NoSuchAttributeError('userPassword'));
|
|
|
|
|
2013-10-24 02:55:43 +00:00
|
|
|
if (db[dn].userpassword.indexOf(req.credentials) === -1)
|
2011-11-19 00:39:37 +00:00
|
|
|
return next(new ldap.InvalidCredentialsError());
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.compare(SUFFIX, authorize, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
if (!db[dn])
|
|
|
|
return next(new ldap.NoSuchObjectError(dn));
|
|
|
|
|
|
|
|
if (!db[dn][req.attribute])
|
|
|
|
return next(new ldap.NoSuchAttributeError(req.attribute));
|
|
|
|
|
|
|
|
var matches = false;
|
|
|
|
var vals = db[dn][req.attribute];
|
|
|
|
for (var i = 0; i < vals.length; i++) {
|
|
|
|
if (vals[i] === req.value) {
|
|
|
|
matches = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
res.end(matches);
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.del(SUFFIX, authorize, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
if (!db[dn])
|
|
|
|
return next(new ldap.NoSuchObjectError(dn));
|
|
|
|
|
|
|
|
delete db[dn];
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.modify(SUFFIX, authorize, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
if (!req.changes.length)
|
|
|
|
return next(new ldap.ProtocolError('changes required'));
|
|
|
|
if (!db[dn])
|
|
|
|
return next(new ldap.NoSuchObjectError(dn));
|
|
|
|
|
|
|
|
var entry = db[dn];
|
|
|
|
|
|
|
|
for (var i = 0; i < req.changes.length; i++) {
|
|
|
|
mod = req.changes[i].modification;
|
|
|
|
switch (req.changes[i].operation) {
|
|
|
|
case 'replace':
|
|
|
|
if (!entry[mod.type])
|
|
|
|
return next(new ldap.NoSuchAttributeError(mod.type));
|
|
|
|
|
|
|
|
if (!mod.vals || !mod.vals.length) {
|
|
|
|
delete entry[mod.type];
|
|
|
|
} else {
|
|
|
|
entry[mod.type] = mod.vals;
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'add':
|
|
|
|
if (!entry[mod.type]) {
|
|
|
|
entry[mod.type] = mod.vals;
|
|
|
|
} else {
|
2013-10-24 02:56:26 +00:00
|
|
|
mod.vals.forEach(function (v) {
|
2011-11-19 00:39:37 +00:00
|
|
|
if (entry[mod.type].indexOf(v) === -1)
|
|
|
|
entry[mod.type].push(v);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'delete':
|
|
|
|
if (!entry[mod.type])
|
|
|
|
return next(new ldap.NoSuchAttributeError(mod.type));
|
|
|
|
|
|
|
|
delete entry[mod.type];
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.search(SUFFIX, authorize, function (req, res, next) {
|
2011-11-19 00:39:37 +00:00
|
|
|
var dn = req.dn.toString();
|
|
|
|
if (!db[dn])
|
|
|
|
return next(new ldap.NoSuchObjectError(dn));
|
|
|
|
|
|
|
|
var scopeCheck;
|
|
|
|
|
|
|
|
switch (req.scope) {
|
|
|
|
case 'base':
|
|
|
|
if (req.filter.matches(db[dn])) {
|
|
|
|
res.send({
|
|
|
|
dn: dn,
|
|
|
|
attributes: db[dn]
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
|
|
|
|
case 'one':
|
2013-10-24 02:56:26 +00:00
|
|
|
scopeCheck = function (k) {
|
2011-11-19 00:39:37 +00:00
|
|
|
if (req.dn.equals(k))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
var parent = ldap.parseDN(k).parent();
|
|
|
|
return (parent ? parent.equals(req.dn) : false);
|
|
|
|
};
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'sub':
|
2013-10-24 02:56:26 +00:00
|
|
|
scopeCheck = function (k) {
|
2011-11-19 00:39:37 +00:00
|
|
|
return (req.dn.equals(k) || req.dn.parentOf(k));
|
|
|
|
};
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
Object.keys(db).forEach(function (key) {
|
2011-11-19 00:39:37 +00:00
|
|
|
if (!scopeCheck(key))
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (req.filter.matches(db[key])) {
|
|
|
|
res.send({
|
|
|
|
dn: key,
|
|
|
|
attributes: db[key]
|
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
res.end();
|
|
|
|
return next();
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
///--- Fire it up
|
|
|
|
|
2013-10-24 02:56:26 +00:00
|
|
|
server.listen(1389, function () {
|
2011-11-19 00:39:37 +00:00
|
|
|
console.log('LDAP server up at: %s', server.url);
|
|
|
|
});
|