Added LDAP search support

2020-08-17 12:09:29 -06:00 · 2020-08-17 12:09:29 -06:00 · ff10c282bf
commit ff10c282bf
parent 11292cff08
4 changed files with 57 additions and 1 deletions
--- a/5
+++ b/5
@ -103,6 +103,11 @@ To find the manufacturing company of an ethernet device with the MAC address 38:
 ```sh
 ifxlookup -m "38:F9:D3:A6:88:C7" -f "*.mac.company"
 ```
+
+To find the email addresses of all LDAP users whose username starts with 'daniel':
+```sh
+ifxlookup -l daniel -f '*.ldap.*.mail[0]'
+```
 ----
 ## Library Documentation

--- a/config_sample.yml
+++ b/config_sample.yml
@ -106,3 +106,10 @@ paloalto:
    p-sv1-sg-2.imovetv.com: 10.125.4.32
    p-sv1-baf-1.imovetv.com: 10.125.4.33
 mac: {}
+ldap :
+  host: 'p-af1-idp-1.imovetv.com'
+  bind_string: ''
+  bind_key: ''
+  search_base: 'dc=movenetworks,dc=com'
+  scope: 'sub'
+  filter_string: 'uid~='
--- a/ifxlookup/plugins/ldap.py
+++ b/ifxlookup/plugins/ldap.py
@ -0,0 +1,44 @@
+from ifxlookup.servicebase import ServiceBase
+import ldap3
+import json
+
+class ServiceDelegate(ServiceBase) :
+
+	def get_arguments(cls) :
+		"""Returns an array of information used to construct an argumentparser argument."""
+		return [ '-l', '--ldap', 'store_true', 'Return LDAP information about the subject (ldap)' ]
+
+	def startup(self) :
+		for requirement in ['host','bind_string','bind_key','search_base','scope','filter_string'] :
+			if requirement not in self._config or (requirement in self._config and (self._config[requirement] == '' or type(self._config[requirement]) != str)):
+				self._error.append('Missing required config option ' + requirement)
+				return
+		if self._config['scope'].upper() not in ['BASE','CHILDREN','SUB','SUBTREE','ONE','LEVEL'] :
+			self._error.append('LDAP search scope ' + self._config + ' is not valid and was not applied')
+			self._config['scope'] = None
+		try :
+			self.connection = ldap3.Connection(self._config['host'], self._config['bind_string'], self._config['bind_key'], auto_bind=True)
+		except Exception as exception :
+			self.error.append('Problem connecting to LDAP server: ' + exception)
+			return
+
+	def lookup(self,subject) :
+		if not self.connection :
+			return
+		try :
+			scope = None
+			if self._config['scope'].upper() in ['SUB','SUBTREE'] :
+				scope = 'SUBTREE'
+			if self._config['scope'].upper() in ['BASE','CHILDREN'] :
+				scope = 'BASE'
+			if self._config['scope'].upper() in ['ONE','LEVEL'] :
+				scope = 'LEVEL'
+			self.connection.search(self._config['search_base'], '(' + self._config['filter_string'] + subject + ')', search_scope=scope,attributes=ldap3.ALL_ATTRIBUTES)
+		except Exception as exception :
+			self.error.append('Problem with LDAP search: ' + exception)
+			return
+		results = {}
+		for entry in self.connection.entries :
+			results.update({entry['uid'].values[0]: json.loads(entry.entry_to_json())['attributes']})
+#			results.append(entry.entry_mandatory_attributes)
+		return results
--- a/setup.py
+++ b/setup.py
@ -12,7 +12,7 @@ setup(name='ifxlookup',
 	description='A python lookup module and command-line tool for infrastructure equipment.',
 	packages=find_packages(exclude=['tests']),
 	package_data={"": ['plugins/*.py']},
-	install_requires=['dnspython','jsonpath-ng','paramiko','PyYAML','requests','shodan'],
+	install_requires=['dnspython','jsonpath-ng','paramiko','PyYAML','requests','shodan','ldap3'],
 	scripts=['bin/ifxlookup'],
 	long_description=open('README').read(),
 	zip_safe=True