Skip to content

Improved ldap handling & docs; binds against AD

Wade Fitzpatrick requested to merge waddles/burp-ui:master into master

== New config options

  • adds port and encryption options for binding over SSL/TLS
  • adds 'searchattr' option, the LDAP attribute to search on, defaults to 'uid'

== LdapLoader.fetch() changes:

  • uses python format() to render the search attribute and search value into the search filter
  • if search filter is not specified, uses a simple attr=value search filter
  • returns DN and CN of the object if found

== LdapLoader.check() changes:

  • binds to the LDAP server using the DN found in fetch(). Previously it was trying to bind using 'uid' and the search base which would not work for non-POSIX accounts or objects found in sub-trees.

== LdapUser.init() changes:

  • records the DN of the user in order to re-bind as that object

== LdapUser.login() changes:

  • searches for the user again to prevent binding as a disabled user. In AD, a user may still be able to bind even though their userAccountControl attribute prevents them from logging in to a host. This check overrides the cached result in case the account was disabled since last login.
  • disables the user if it can no longer be found in LDAP.

== Overall improvements

  • better documentation of the classes and functions

= TODO

  • add better user documentation explaining the new config options and how search filter should be used properly.

Merge request reports