Search RootDSE and return information on the server Returns: LDAPResultSuccess, LDAPResultOther, LDAPResultUnwillingToPerform, LDAPResultInsufficientAccessRights
(ctx context.Context, h LDAPOpsHandler, baseDN string, searchBaseDN string, searchReq ldap.SearchRequest, anonymous bool)
| 338 | // Search RootDSE and return information on the server |
| 339 | // Returns: LDAPResultSuccess, LDAPResultOther, LDAPResultUnwillingToPerform, LDAPResultInsufficientAccessRights |
| 340 | func (l LDAPOpsHelper) searchMaybeRootDSEQuery(ctx context.Context, h LDAPOpsHandler, baseDN string, searchBaseDN string, searchReq ldap.SearchRequest, anonymous bool) (resultentries []*ldap.Entry, ldapresultcode ldap.LDAPResultCode) { |
| 341 | ctx, span := l.tracer.Start(ctx, "handler.LDAPOpsHelper.searchMaybeRootDSEQuery") |
| 342 | defer span.End() |
| 343 | |
| 344 | if searchBaseDN != "" { |
| 345 | return nil, ldap.LDAPResultOther // OK |
| 346 | } |
| 347 | /// Only base scope searches allowed if no basedn is provided |
| 348 | if searchReq.Scope != ldap.ScopeBaseObject { |
| 349 | h.GetLog().Info().Interface("src", searchReq.Controls).Msg("Search Error: No BaseDN provided") |
| 350 | return nil, ldap.LDAPResultUnwillingToPerform // KO |
| 351 | } |
| 352 | if anonymous && !h.GetBackend().AnonymousDSE { |
| 353 | return nil, ldap.LDAPResultInsufficientAccessRights // KO |
| 354 | } |
| 355 | |
| 356 | h.GetLog().Info().Str("special case", "root DSE").Msg("Search request") |
| 357 | entries := []*ldap.Entry{} |
| 358 | attrs := []*ldap.EntryAttribute{} |
| 359 | // unfortunately, objectClass is not to be included so we will respect that |
| 360 | // attrs = append(attrs, &ldap.EntryAttribute{Name: "objectClass", Values: []string{"*"}}) |
| 361 | attrs = append(attrs, &ldap.EntryAttribute{Name: "supportedSASLMechanisms", Values: []string{}}) |
| 362 | //attrs = append(attrs, &ldap.EntryAttribute{Name: "supportedSASLMechanisms", Values: []string{"GSSAPI", "PLAIN", "EXTERNAL"}}) |
| 363 | attrs = append(attrs, &ldap.EntryAttribute{Name: "supportedLDAPVersion", Values: []string{"3"}}) |
| 364 | attrs = append(attrs, &ldap.EntryAttribute{Name: "supportedControl", Values: []string{}}) |
| 365 | attrs = append(attrs, &ldap.EntryAttribute{Name: "supportedCapabilities", Values: []string{}}) |
| 366 | attrs = append(attrs, &ldap.EntryAttribute{Name: "subschemaSubentry", Values: []string{"cn=schema"}}) |
| 367 | attrs = append(attrs, &ldap.EntryAttribute{Name: "serverName", Values: []string{"unknown"}}) |
| 368 | attrs = append(attrs, &ldap.EntryAttribute{Name: "namingContexts", Values: []string{baseDN}}) |
| 369 | attrs = append(attrs, &ldap.EntryAttribute{Name: "defaultNamingContext", Values: []string{baseDN}}) |
| 370 | attrs = l.collectRequestedAttributesBack(ctx, attrs, searchReq) |
| 371 | entries = append(entries, &ldap.Entry{DN: searchBaseDN, Attributes: attrs}) |
| 372 | stats.Frontend.Add("search_successes", 1) |
| 373 | h.GetLog().Info().Str("filter", searchReq.Filter).Msg("AP: Root Search OK") |
| 374 | return entries, ldap.LDAPResultSuccess |
| 375 | } |
| 376 | |
| 377 | // Search and return the information, after indirection from the RootDSE |
| 378 | // Returns: LDAPResultSuccess, LDAPResultOther, LDAPResultOperationsError |
no test coverage detected