Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


Library ldap

Library methods for handling LDAP.

Author:
Patrik Karlsson

Copyright© Same as Nmap--See http://nmap.org/book/man-legal.html Credit goes out to Martin Swende who provided me with the initial code that got me started writing this. Version 0.6 Created 01/12/2010 - v0.1 - Created by Patrik Karlsson <patrik@cqure.net> Revised 01/28/2010 - v0.2 - Revised to fit better fit ASN.1 library Revised 02/02/2010 - v0.3 - Revised to fit OO ASN.1 Library Revised 09/05/2011 - v0.4 - Revised to include support for writing output to file, added decoding certain time formats Revised 10/29/2011 - v0.5 - Added support for performing wildcard searches via the substring filter. Revised 10/30/2011 - v0.6 - Added support for the ldap extensibleMatch filter type for searches

Source: http://nmap.org/svn/nselib/ldap.lua

Functions

bindRequest (socket, params)

Attempts to bind to the server using the credentials given

convertADTimeStamp (timestamp)

Convert Microsoft Active Directory timestamp format to a human readable form These values store time values in 100 nanoseconds segments from 01-Jan-1601

convertZuluTimeStamp (timestamp)

Converts a non-delimited Zulu timestamp format to a human readable form For example 20110904003302.0Z becomes 2001/09/04 00:33:02 UTC

copyTable (targetTable)

Creates a copy of a table

createFilter (filter)

Creates an ASN1 structure from a filter table

decode (encStr, pos)

Decodes an LDAP packet or a part of it according to ASN.1 basic encoding rules.

encode (val)

Encodes a given value according to ASN.1 basic encoding rules for SNMP packet creation.

extractAttribute (searchEntries, attributeName)

Extract naming context from a search response

searchRequest (socket, params)

Performs an LDAP Search request

searchResultToFile (searchEntries, filename)

Saves a search result as received from searchRequest to a file

searchResultToTable (searchEntries)

Converts a search result as received from searchRequest to a "result" table

unbindRequest (socket)

Performs an LDAP Unbind

Tables

APPNO

Application constants



Functions

bindRequest (socket, params)

Attempts to bind to the server using the credentials given

Parameters

  • socket: socket already connected to the ldap server
  • params: table containing version, username and password

Return values:

  1. success true or false
  2. err string containing error message
convertADTimeStamp (timestamp)

Convert Microsoft Active Directory timestamp format to a human readable form These values store time values in 100 nanoseconds segments from 01-Jan-1601

Parameters

  • timestamp: Microsoft Active Directory timestamp value

Return value:

string containing human readable form
convertZuluTimeStamp (timestamp)

Converts a non-delimited Zulu timestamp format to a human readable form For example 20110904003302.0Z becomes 2001/09/04 00:33:02 UTC

Parameters

  • timestamp: in Zulu format without separators

Return value:

string containing human readable form
copyTable (targetTable)

Creates a copy of a table

Parameters

  • targetTable: table object to copy

Return value:

table object containing copy of original
createFilter (filter)

Creates an ASN1 structure from a filter table

Parameters

  • filter: table containing the filter to be created

Return value:

string containing the ASN1 byte sequence
decode (encStr, pos)

Decodes an LDAP packet or a part of it according to ASN.1 basic encoding rules.

Parameters

  • encStr: Encoded string.
  • pos: Current position in the string.

Return values:

  1. The position after decoding
  2. The decoded value(s).
encode (val)

Encodes a given value according to ASN.1 basic encoding rules for SNMP packet creation.

Parameters

  • val: Value to be encoded.

Return value:

Encoded value.
extractAttribute (searchEntries, attributeName)

Extract naming context from a search response

Parameters

  • searchEntries: table containing searchEntries from a searchResponse
  • attributeName: string containing the attribute to extract

Return value:

table containing the attribute values
searchRequest (socket, params)

Performs an LDAP Search request

This function has a concept of softerrors which populates the return tables error information while returning a true status. The reason for this is that LDAP may return a number of records and then finish off with an error like SIZE LIMIT EXCEEDED. We still want to return the records that were received prior to the error. In order to achieve this and not terminating the script by returning a false status a true status is returned together with a table containing all searchentries. This table has the errorMessage and resultCode entries set with the error information. As a try won't catch this error it's up to the script to do so. See ldap-search.nse for an example.

Parameters

  • socket: socket already connected to the ldap server
  • params: table containing at least scope, derefPolicy, baseObject the field maxObjects may also be included to restrict the amount of records returned

Return values:

  1. success true or false.
  2. err string containing error message
searchResultToFile (searchEntries, filename)

Saves a search result as received from searchRequest to a file

Does some limited decoding of LDAP attributes

TODO: Add decoding of missing attributes TODO: Add decoding of userParameters TODO: Add decoding of loginHours

Parameters

  • searchEntries: table as returned from searchRequest
  • filename: the name of a save to save results to

Return value:

table suitable for stdnse.format_output
searchResultToTable (searchEntries)

Converts a search result as received from searchRequest to a "result" table

Does some limited decoding of LDAP attributes

TODO: Add decoding of missing attributes TODO: Add decoding of userParameters TODO: Add decoding of loginHours

Parameters

  • searchEntries: table as returned from searchRequest

Return value:

table suitable for stdnse.format_output
unbindRequest (socket)

Performs an LDAP Unbind

Parameters

  • socket: socket already connected to the ldap server

Return values:

  1. success true or false
  2. err string containing error message

Tables

APPNO

Application constants

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]