Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supplying Control during SimpleBind results in a panic in the response #538

Open
srisuman opened this issue Dec 4, 2024 · 0 comments
Open

Supplying Control during SimpleBind results in a panic in the response #538

srisuman opened this issue Dec 4, 2024 · 0 comments

Comments

@srisuman
Copy link

srisuman commented Dec 4, 2024

package main

import (
"fmt"
"log"

"github.com/go-ldap/ldap/v3"

)

func main() {

ldapServer := "localhost"

l, err := ldap.DialURL(fmt.Sprintf("ldap://%s:389", ldapServer))
if err != nil {
	panic(err)
}
defer l.Close()
bindDN := "cn=testuser3"
bindPassword := "Passw0rd"
controls := []ldap.Control{}
controls = append(controls, ldap.NewControlBeheraPasswordPolicy())

// Set up the bind request
bindRequest := ldap.NewSimpleBindRequest(bindDN, bindPassword, controls)

r, err := l.SimpleBind(bindRequest)

ppolicyControl := ldap.FindControl(r.Controls, ldap.ControlTypeBeheraPasswordPolicy)

var ppolicy *ldap.ControlBeheraPasswordPolicy
if ppolicyControl != nil {
	ppolicy = ppolicyControl.(*ldap.ControlBeheraPasswordPolicy)
} else {
	log.Printf("ppolicyControl response not available.\n")
}
if err != nil {
	errStr := "ERROR: Cannot bind: " + err.Error()
	if ppolicy != nil && ppolicy.Error >= 0 {
		errStr += ":" + ppolicy.ErrorString
	}
	log.Print(errStr)
} else {
	logStr := "Login Ok"
	if ppolicy != nil {
		if ppolicy.Expire >= 0 {
			logStr += fmt.Sprintf(". Password expires in %d seconds\n", ppolicy.Expire)
		} else if ppolicy.Grace >= 0 {
			logStr += fmt.Sprintf(". Password expired, %d grace logins remain\n", ppolicy.Grace)
		}
	}
	log.Print(logStr)
}
passwordMustChangeControl := ldap.FindControl(r.Controls, ldap.ControlTypeVChuPasswordMustChange)
var passwordMustChange *ldap.ControlVChuPasswordMustChange
if passwordMustChangeControl != nil {
	passwordMustChange = passwordMustChangeControl.(*ldap.ControlVChuPasswordMustChange)
}

if passwordMustChange != nil && passwordMustChange.MustChange {
	log.Printf("Password Must be changed.\n")
}

if err != nil {
	panic(err)
}

fmt.Println("Bind successful!")

}
This results in a panic
ppolicyControl := ldap.FindControl(r.Controls, ldap.ControlTypeBeheraPasswordPolicy)

The error when the program was run without the above line
panic: failed to decode child control: failed to decode data bytes: invalid PasswordPolicyResponse enum value

ldapsearch -s sub -D cn=testuser3 -w Passw0rd -b "objectclass=*" ++
ldap_simple_bind: DSA is unwilling to perform --- Error, Account is locked
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@srisuman