Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
canvas-demo-techex17/deps/ldap/slapdconf/ldapgenerate
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
executable file
427 lines (336 sloc)
9.42 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# | |
# Copyright (c) 2014 Evolveum | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# | |
# Author: Radovan Semancik | |
# | |
# Required packages: | |
# Ubuntu: libnet-ldap-perl libauthen-sasl-perl | |
use strict; | |
use warnings; | |
use Net::LDAP; | |
use Net::LDAP::LDIF; | |
use Net::LDAP::Util qw(ldap_explode_dn); | |
use Authen::SASL; | |
use Digest::SHA qw(sha1); | |
use MIME::Base64; | |
use Getopt::Long qw(:config bundling no_auto_abbrev pass_through); | |
use Pod::Usage; | |
use Data::Dumper; | |
my ($verbose,$optHelp); | |
my $hostname; | |
my $port; | |
my $uri; | |
my ($bindDn,$bindPassword,$bindSaslMechanism); | |
my $debug = 0; | |
# my $defaultTLSCipherSuite = "TLSv1+RSA:!EXPORT:!NULL"; # OpenSSL | |
my $defaultTLSCipherSuite = "NORMAL"; # GnuTLS | |
my $suffix = "dc=example,dc=com"; | |
my $peopleContainer = "ou=people"; | |
my $groupsContainer = "ou=groups"; | |
my $defaultNamingAttribute="uid"; | |
my $defaultNameFormat="u%08d"; | |
my $defaultPasswordFormat="p%08d"; | |
my $defaultObjectClasses = [ qw(top person organizationalPerson inetOrgPerson) ]; | |
my $noPersonAttrs = 0; | |
my $notReally = 0; | |
my $continuous = 0; | |
my $initialize = 0; | |
my $quiet = 0; | |
my $startIndex = 0; | |
my $passwordHash = 'SSHA'; | |
my $outFilename; | |
my $displayCountAfter = 100; | |
my @saltChars = ('.','/',0..9,'A'..'Z','a'..'z'); | |
my @consonants = (qw(b c d f g h j k l m n p r s t v w x z)); | |
my @vowels = (qw(a e i o u)); | |
$SIG{__DIE__} = sub { Carp::confess(@_) }; | |
my $numEntries; | |
if (defined $ARGV[0] && $ARGV[0] !~ /^-/) { | |
$numEntries = shift; | |
} | |
GetOptions ( | |
"hostname|h=s" => \$hostname, | |
"port|p=i" => \$port, | |
"uri|H=s" => \$uri, | |
"bindDn|D=s" => \$bindDn, | |
"bindPassword|w=s" => \$bindPassword, | |
"saslMechanism|Y=s" => \$bindSaslMechanism, | |
"suffix|s=s" => \$suffix, | |
"init|i" => \$initialize, | |
"startIndex=i" => \$startIndex, | |
"passwordHash=s" => \$passwordHash, | |
"file|f=s" => \$outFilename, | |
"notReally|n" => \$notReally, | |
"continuous|c" => \$continuous, | |
"quiet|q" => \$quiet, | |
"verbose|v" => \$verbose, | |
"help" => \$optHelp, | |
) or usage(); | |
usage() if $optHelp; | |
if (!defined($numEntries)) { | |
$numEntries = shift; | |
} | |
if (!$numEntries && !$initialize) { usage(); } | |
if (defined $numEntries && $numEntries eq "--help") { usage(); } | |
if (!$hostname && !$port && !$uri) { | |
$uri = "ldapi:///"; | |
} elsif ($hostname && !$port) { | |
$port = 389; | |
} elsif (!$hostname && $port) { | |
$hostname = "localhost"; | |
} | |
if (!$bindDn && !$bindPassword && !$bindSaslMechanism) { | |
$bindSaslMechanism = "EXTERNAL"; | |
} | |
print("DEBUG: $numEntries: hostname: $hostname, port: $port\n") if $debug; | |
run(); | |
sub run { | |
my $conn = ldapConnectBind(); | |
if ($initialize) { | |
initialize($conn); | |
} | |
if ($numEntries) { | |
generateEntries($conn); | |
} | |
ldapDisconnect($conn); | |
} | |
sub initialize { | |
my ($conn) = @_; | |
my $explodedSuffix = ldap_explode_dn($suffix); | |
my $suffixFirst = $explodedSuffix->[0]; | |
ldapAddSimple($conn, $suffix, "domain"); | |
ldapAddSimple($conn, "$peopleContainer,$suffix", "organizationalunit"); | |
ldapAddSimple($conn, "$groupsContainer,$suffix", "organizationalunit"); | |
} | |
sub ldapAddSimple { | |
my ($conn, $dn, $objectclass) = @_; | |
my $explodedDn = ldap_explode_dn($dn); | |
ldapAdd($conn, $dn, | |
objectClass => $objectclass, | |
%{$explodedDn->[0]}, | |
); | |
} | |
sub generateEntries { | |
my ($conn) = @_; | |
my $startTime = time(); | |
my $entryNum = 0; | |
my $entryIndex = $startIndex; | |
for (; $entryNum < $numEntries; $entryNum++) { | |
my $name = sprintf($defaultNameFormat, $entryIndex); | |
my $readableName; | |
my %personAttrs = (); | |
if (!$noPersonAttrs) { | |
my $sn = randomName(); | |
my $givenName = randomName(); | |
my $cn = sprintf("%s %s (%08d)", $givenName, $sn, $entryIndex); | |
my $password = sprintf($defaultPasswordFormat, $entryIndex); | |
%personAttrs = ( | |
'cn' => $cn, | |
'sn' => $sn, | |
'givenName' => $givenName, | |
'userPassword' => hashPassword($password), | |
); | |
$readableName = "$givenName $sn"; | |
} | |
my $dn = "$defaultNamingAttribute=$name,$peopleContainer,$suffix"; | |
my %entryData = ( | |
'objectClass' => $defaultObjectClasses, | |
$defaultNamingAttribute => $name, | |
%personAttrs, | |
); | |
if ($verbose) { | |
print "Adding entry $entryIndex: $dn"; | |
print " ($readableName)" if $readableName; | |
print "\n"; | |
} | |
ldapAdd($conn, $dn, %entryData); | |
if (!$quiet && $entryNum != 0 && ( $entryNum % $displayCountAfter == 0 )) { | |
my $nowTime = time(); | |
my $durSec = $nowTime - $startTime; | |
my $etaSec = ($durSec*($numEntries-$entryNum))/$entryNum; | |
my $rate = "INF"; | |
if ($durSec != 0) { | |
$rate = $entryNum/$durSec; | |
} | |
my $etaEnd = localtime($nowTime + $etaSec); | |
print "$entryIndex: Added $entryNum entries in $durSec seconds ($rate entries per second). ETA in $etaSec sec ($etaEnd)\n"; | |
} | |
$entryIndex++; | |
} | |
my $stopTime = time(); | |
my $durSec = $stopTime - $startTime; | |
if (!$quiet) { | |
my $rate; | |
if ($durSec) { | |
$rate = $entryNum/$durSec; | |
} else { | |
$rate = "more than ".$entryNum; | |
} | |
print "Added $entryNum entries in $durSec seconds ($rate entries per second).\n"; | |
} | |
} | |
##### UTIL functions | |
sub randomName { | |
my $numsyl = int(rand(2)) + 2; | |
my $out = ""; | |
for (1..$numsyl) { | |
$out .= $consonants[rand(@consonants)]; | |
$out .= $vowels[rand(@vowels)]; | |
if (rand(2) > 1) { | |
$out .= $consonants[rand(@consonants)]; | |
} | |
} | |
return ucfirst($out); | |
} | |
sub hashPassword { | |
my ($clearPassword) = @_; | |
if (!$passwordHash || uc($passwordHash) eq 'NONE') { | |
return $clearPassword; | |
} elsif (uc($passwordHash) eq 'SSHA') { | |
my $salt = generateSalt(); | |
my $hash = "{SSHA}".encode_base64(sha1($clearPassword.$salt).$salt, ""); | |
return $hash; | |
} else { | |
die ("Unknown password hash algorithm '$passwordHash'\n"); | |
} | |
} | |
sub generateSalt { | |
return join('',map {$saltChars[rand(64)]} (1..4)); | |
} | |
####### LDAP functions | |
sub ldapConnect { | |
my $conn; | |
if ($uri) { | |
$conn = Net::LDAP->new($uri) or die("Error connecting to $uri: ".$@."\n"); | |
} else { | |
$conn = Net::LDAP->new($hostname, | |
port => $port, | |
) or die("Error connecting to $hostname:$port: ".$@."\n"); | |
} | |
return $conn; | |
} | |
sub ldapBind { | |
my ($conn,$die) = @_; | |
my $resp; | |
my $desc; | |
if ($bindDn) { | |
$desc = "$bindDn (simple bind)"; | |
$resp = $conn->bind($bindDn, | |
password => $bindPassword, | |
); | |
} elsif ($bindSaslMechanism) { | |
$desc = "(SASL $bindSaslMechanism)"; | |
$resp = $conn->bind($bindDn, | |
sasl => Authen::SASL->new( | |
mechanism => $bindSaslMechanism, | |
), | |
); | |
} else { | |
$desc = "(anonymous bind)"; | |
$resp = $conn->bind(); | |
} | |
if ($die && $resp->code) { | |
die("Error binding as $desc: ".$resp->error." (".$resp->code.")\n"); | |
} | |
return ($resp,$desc); | |
} | |
sub ldapConnectBind { | |
if ($outFilename) { | |
open my $outFile, '>', $outFilename or die("Cannot open output file $outFilename: $!\n"); | |
return $outFile; | |
} | |
my $conn = ldapConnect(); | |
ldapBind($conn,1); | |
return $conn; | |
} | |
sub ldapAdd { | |
my ($conn,$dn,%attrs) = @_; | |
my $entry = Net::LDAP::Entry->new($dn, %attrs); | |
if ($outFilename) { | |
print $conn $entry->ldif(); | |
return; | |
} | |
if (!$notReally) { | |
my $resp = $conn->add($entry); | |
if ($resp->code) { | |
if ($continuous) { | |
print STDERR "Error adding $dn: ".$resp->error." (".$resp->code.")\n"; | |
} else { | |
die("Error adding $dn: ".$resp->error." (".$resp->code.")\n"); | |
} | |
} | |
} else { | |
print "Would add entry:"; | |
print $entry->ldif; | |
print "\n"; | |
} | |
} | |
sub ldapDisconnect { | |
my ($conn) = @_; | |
if ($outFilename) { | |
close $conn; | |
return; | |
} | |
my $resp = $conn->unbind; | |
if ($resp->code) { | |
die("Unbind: ERROR: ".$resp->error." (".$resp->code.")\n"); | |
} | |
$conn->disconnect; | |
} | |
### USAGE and DOCUMENTATION | |
sub usage { | |
pod2usage(-verbose => 2); | |
exit(1); | |
} | |
sub man { | |
pod2usage(-verbose => 3); | |
exit(0); | |
} | |
__END__ | |
=head1 NAME | |
ldapgenerate - LDAP entry generator | |
=head1 SYNOPSIS | |
ldapgenerate [options] numentries | |
=head1 OPTIONS | |
=over 8 | |
=item [ B<-h> | B<--hostname> ] I<hostname> | |
Specifies hostname of the LDAP server. | |
=item [ B<-p> | B<--port> ] I<portnumber> | |
Specifies port number of the LDAP server. Defaults to 389. | |
=item [ B<-H> | B<--uri> ] I<URI> | |
Specifies complete URI for LDAP server connection. ldap://, ldaps:// and ldapi:// URIs can be used. | |
Defaults to C<ldapi:///> | |
=item [ B<-D> | B<--bindDn> ] I<DN> | |
Specifies DN which will be used for LDAP Bind operation. | |
=item [ B<-w> | B<--bindPassword> ] I<password> | |
Specifies password which will be used for LDAP Bind operation. | |
=item [ B<-Y> | B<--saslMechanism> ] I<mech> | |
Specifies a SASL mechanism to used for LDAP Bind operation. | |
=item [ B<-v> | B<--verbose> ] | |
Increases verbosity. | |
=item B<--help> | |
Displays help message. | |
=back | |
=head1 DESCRIPTION | |
TODO | |
=head1 EXAMPLES | |
ldapgenerate -h myserver.example.com -D "uid=admin,ou=people,dc=example,dc=com" -w secret 100 | |
slapdconf -Y EXTERNAL 1000 | |
=head1 NOTES | |
This is still work in progress. Please feel free to contribute. | |
=head1 AUTHOR | |
Radovan Semancik | |
=cut |