server: Improve rootDSE

Matches the case-insensitive "objectclass" filter, fix the reported
version, and declares the name context and some other attributes.

Potential fix to #330.
This commit is contained in:
Valentin Tolmer 2022-10-19 17:28:37 +02:00 committed by nitnelave
parent ff66e918cf
commit 2477439ecc

View File

@ -109,7 +109,9 @@ fn root_dse_response(base_dn: &str) -> LdapOp {
}, },
LdapPartialAttribute { LdapPartialAttribute {
atype: "vendorVersion".to_string(), atype: "vendorVersion".to_string(),
vals: vec![b"lldap_0.2.0".to_vec()], vals: vec![concat!("lldap_", env!("CARGO_PKG_VERSION"))
.to_string()
.into_bytes()],
}, },
LdapPartialAttribute { LdapPartialAttribute {
atype: "supportedLDAPVersion".to_string(), atype: "supportedLDAPVersion".to_string(),
@ -117,12 +119,30 @@ fn root_dse_response(base_dn: &str) -> LdapOp {
}, },
LdapPartialAttribute { LdapPartialAttribute {
atype: "supportedExtension".to_string(), atype: "supportedExtension".to_string(),
// Password modification extension.
vals: vec![b"1.3.6.1.4.1.4203.1.11.1".to_vec()], vals: vec![b"1.3.6.1.4.1.4203.1.11.1".to_vec()],
}, },
LdapPartialAttribute { LdapPartialAttribute {
atype: "defaultnamingcontext".to_string(), atype: "supportedControl".to_string(),
vals: vec![],
},
LdapPartialAttribute {
atype: "supportedFeatures".to_string(),
// Attribute "+"
vals: vec![b"1.3.6.1.4.1.4203.1.5.1".to_vec()],
},
LdapPartialAttribute {
atype: "defaultNamingContext".to_string(),
vals: vec![base_dn.to_string().into_bytes()], vals: vec![base_dn.to_string().into_bytes()],
}, },
LdapPartialAttribute {
atype: "namingContexts".to_string(),
vals: vec![base_dn.to_string().into_bytes()],
},
LdapPartialAttribute {
atype: "isGlobalCatalogReady".to_string(),
vals: vec![b"false".to_vec()],
},
], ],
}) })
} }
@ -307,16 +327,17 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
&mut self, &mut self,
request: &LdapSearchRequest, request: &LdapSearchRequest,
) -> LdapResult<Vec<LdapOp>> { ) -> LdapResult<Vec<LdapOp>> {
if request.base.is_empty() if request.base.is_empty() && request.scope == LdapSearchScope::Base {
&& request.scope == LdapSearchScope::Base if let LdapFilter::Present(attribute) = &request.filter {
&& request.filter == LdapFilter::Present("objectClass".to_string()) if attribute.to_ascii_lowercase() == "objectclass" {
{
debug!("rootDSE request"); debug!("rootDSE request");
return Ok(vec![ return Ok(vec![
root_dse_response(&self.ldap_info.base_dn_str), root_dse_response(&self.ldap_info.base_dn_str),
make_search_success(), make_search_success(),
]); ]);
} }
}
}
let user_info = self.user_info.as_ref().ok_or_else(|| LdapError { let user_info = self.user_info.as_ref().ok_or_else(|| LdapError {
code: LdapResultCode::InsufficentAccessRights, code: LdapResultCode::InsufficentAccessRights,
message: "No user currently bound".to_string(), message: "No user currently bound".to_string(),