Created
October 7, 2025 21:42
-
-
Save lkmhaqer/2a5282a30bbdf3aa500c7d478c924d6d to your computer and use it in GitHub Desktop.
A little script to check user and password combinations against an lldap server. Useful for checking consistency when migrating or performing data destroying tasks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| file: ldap_health_test.py | |
| author: Charles van Niman <[email protected]> | |
| Test the health of an ldap server based on a set of given credentials. We want | |
| to know that user/pass consistenancy has been maintained after migrating or | |
| working on the ldap service. | |
| This script looks for a file called ".test_creds" where each line is a | |
| username:password combination that is tested. For example: | |
| testuser1:a_good_password | |
| testuser2:myPassword | |
| testuser3:hunter2 | |
| """ | |
| import ldap | |
| LDAP_SERVER = "ldap://devbox.cvn:3890" | |
| BASE_DN = "ou=people,dc=phukish,dc=cvn" | |
| class bcolors: | |
| """http://stackoverflow.com/q/287871""" | |
| HEADER = '\033[95m' | |
| OKBLUE = '\033[94m' | |
| OKCYAN = '\033[96m' | |
| OKGREEN = '\033[92m' | |
| WARNING = '\033[93m' | |
| FAIL = '\033[91m' | |
| ENDC = '\033[0m' | |
| BOLD = '\033[1m' | |
| UNDERLINE = '\033[4m' | |
| RESET = '\033[0m' | |
| class TestUser(object): | |
| """A fancy dict""" | |
| def __init__(self, username, password): | |
| self.username = username | |
| self.password = password | |
| def load_creds(file): | |
| """Return a list of TestUsers from a file""" | |
| user_list = [] | |
| with open(file) as f: | |
| for line in f: | |
| parsed_line = line.rstrip().split(':') | |
| user_list.append(TestUser(parsed_line[0], parsed_line[1])) | |
| return user_list | |
| def validate_ldap_credentials(ldap_server, base_dn, username, password): | |
| """ | |
| Validate LDAP credentials by attempting to bind with the provided username and password. | |
| Args: | |
| ldap_server (str): LDAP server URL (e.g., 'ldap://localhost:389') | |
| base_dn (str): Base DN for the LDAP search | |
| username (str): Username to validate | |
| password (str): Password to validate | |
| Returns: | |
| bool: True if credentials are valid, False otherwise | |
| """ | |
| user_dn = f"cn={username},{base_dn}" | |
| try: | |
| conn = ldap.initialize(ldap_server) | |
| conn.simple_bind_s(user_dn, password) | |
| conn.unbind_s() | |
| return True | |
| except ldap.INVALID_CREDENTIALS: | |
| print("Invalid username or password") | |
| return False | |
| except ldap.LDAPError as e: | |
| print(f"LDAP error: {e}") | |
| return False | |
| except Exception as e: | |
| print(f"Unexpected error: {e}") | |
| return False | |
| if __name__ == "__main__": | |
| test_users = load_creds('.test_creds') | |
| print(f"Testing {bcolors.OKGREEN}valid{bcolors.RESET} users") | |
| for user in test_users: | |
| is_valid = validate_ldap_credentials(LDAP_SERVER, BASE_DN, user.username, user.password) | |
| status_color = bcolors.OKGREEN if is_valid else bcolors.FAIL | |
| print(f"Credentials for {user.username} work: {status_color}{is_valid}{bcolors.RESET}") | |
| print(f"\nTesting {bcolors.FAIL}invalid{bcolors.RESET} users, we expect this to fail") | |
| is_valid = validate_ldap_credentials(LDAP_SERVER, BASE_DN, 'FakeUser', 'Not-a-real-password') | |
| status_color = bcolors.OKGREEN if is_valid else bcolors.FAIL | |
| print(f"Credentials for 'FakeUser' work: {status_color}{is_valid}{bcolors.RESET}") | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment