Improved ldap handling & docs; binds against AD (!1) · Merge requests · Benjamin "Ziirish" SANS / burp-ui · GitLab

Wade Fitzpatrick requested to merge waddles/burp-ui:master into master Jun 10, 2015

== New config options

adds port and encryption options for binding over SSL/TLS
adds 'searchattr' option, the LDAP attribute to search on, defaults to 'uid'

== LdapLoader.fetch() changes:

uses python format() to render the search attribute and search value into the search filter
if search filter is not specified, uses a simple attr=value search filter
returns DN and CN of the object if found

== LdapLoader.check() changes:

binds to the LDAP server using the DN found in fetch(). Previously it was trying to bind using 'uid' and the search base which would not work for non-POSIX accounts or objects found in sub-trees.

== LdapUser.init() changes:

records the DN of the user in order to re-bind as that object

== LdapUser.login() changes:

searches for the user again to prevent binding as a disabled user. In AD, a user may still be able to bind even though their userAccountControl attribute prevents them from logging in to a host. This check overrides the cached result in case the account was disabled since last login.
disables the user if it can no longer be found in LDAP.

== Overall improvements

better documentation of the classes and functions

= TODO

add better user documentation explaining the new config options and how search filter should be used properly.