Commit 2bfa2737 authored by Wade Fitzpatrick's avatar Wade Fitzpatrick

fix: use actual dn instead of an attribute

parent e1dc55a6
......@@ -23,9 +23,8 @@ class LdapLoader:
:type app: :class:`burpui.server.BUIServer`
""" = app
self.attr = 'uid' # default search attr
conf =['CFG']
defaults = {'host': 'localhost', 'port': None, 'encryption': None, 'binddn': None, 'bindpw': None, 'filter': None, 'base': None}
defaults = {'host': 'localhost', 'port': None, 'encryption': None, 'binddn': None, 'bindpw': None, 'filter': None, 'base': None, 'attr': 'uid'}
mapping = {'host': 'host', 'port': 'port', 'encryption': 'encryption', 'filt': 'filter', 'base': 'base', 'attr': 'searchattr', 'binddn': 'binddn', 'bindpw': 'bindpw'}
c = ConfigParser.ConfigParser(defaults)
with open(conf) as fp:
......@@ -79,26 +78,22 @@ class LdapLoader:
query = '{0}={1}'.format(self.attr, searchval)'filter: %s | base: %s', query, self.base)
r =, base_dn=self.base, attrs=['distinguishedname', 'cn', self.attr])
r =, base_dn=self.base, attrs=['cn', self.attr])
except Exception, e:'Ooops, LDAP lookup failed: {0}'.format(str(e)))
return None
for record in r:
if record[self.attr][0] == searchval:
if 'distinguishedname' in record:
dn = record['distinguishedname'][0]
dn = record['uid'][0]'Found DN: {0}'.format(dn))
return {'dn': dn, 'cn': record['cn'][0]}
if searchval in record[self.attr]:'Found DN: {0}'.format(record.dn))
return {'dn': record.dn, 'cn': record['cn'][0]}
def check(self, dn=None, passwd=None):
:func:`burpui.misc.auth.ldap.LdapLoader.check` authenticates a user against the
LDAP server.
:param dn: `distinguishedName` attribute of the user to authenticate as
:param dn: canonical `dn` of the user to authenticate as
:type dn: str
:param passwd: password of the user to authenticate as
......@@ -107,7 +102,7 @@ class LdapLoader:
:returns: True if bind was successful, otherwise False
l = simpleldap.Connection(, dn='uid={0},{1}'.format(dn, self.base), password=passwd)
l = simpleldap.Connection(, dn='{0}'.format(dn), password=passwd)'Bound as user: {0}'.format(dn))
except Exception, e:'Failed to authenticate user: {0}, {1}'.format(dn, str(e)))
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment