I am trying to set up a Proxy with StartTLS Authentication.
I used the first Python Proxy Recipe from the official ldaptor documentation setting up a Proxy listening on localhost:12345 and passing the requests to an LDAP server listening on localhost:389.
Here the code:
#! /usr/bin/env python
from ldaptor.protocols import pureldap
from ldaptor.protocols.ldap.ldapclient import LDAPClient
from ldaptor.protocols.ldap.ldapconnector import connectToLDAPEndpoint
from ldaptor.protocols.ldap.proxybase import ProxyBase
from twisted.internet import defer, protocol, reactor
from twisted.python import log
from functools import partial
import sys
class LoggingProxy(ProxyBase):
"""
A simple example of using `ProxyBase` to log requests and responses.
"""
def handleProxiedResponse(self, response, request, controls):
"""
Log the representation of the responses received.
"""
log.msg("Request => " + repr(request))
log.msg("Response => " + repr(response))
return defer.succeed(response)
def ldapBindRequestRepr(self):
l=[]
l.append('version={0}'.format(self.version))
l.append('dn={0}'.format(repr(self.dn)))
l.append('auth=****')
if self.tag!=self.__class__.tag:
l.append('tag={0}'.format(self.tag))
l.append('sasl={0}'.format(repr(self.sasl)))
return self.__class__.__name__+'('+', '.join(l)+')'
pureldap.LDAPBindRequest.__repr__ = ldapBindRequestRepr
if __name__ == '__main__':
"""
Demonstration LDAP proxy; listens on localhost:12345 and
passes all requests to localhost:389.
"""
log.startLogging(sys.stderr)
factory = protocol.ServerFactory()
proxiedEndpointStr = 'tcp:host=localhost:port=389'
use_tls = True
clientConnector = partial(
connectToLDAPEndpoint,
reactor,
proxiedEndpointStr,
LDAPClient)
def buildProtocol():
proto = LoggingProxy()
proto.clientConnector = clientConnector
proto.use_tls = use_tls
return proto
factory.protocol = buildProtocol
reactor.listenTCP(12345, factory)
reactor.run()
This works so far and also leads to the expected result when using Apache Directory Studio:
2020-10-06 13:19:37+0200 [-] Log opened.
2020-10-06 13:19:37+0200 [-] ServerFactory starting on 12345
2020-10-06 13:19:37+0200 [-] Starting factory <twisted.internet.protocol.ServerFactory object at 0x7fc557ee23a0>
2020-10-06 13:24:40+0200 [-] Starting factory <twisted.internet.endpoints.connectProtocol.<locals>.OneShotFactory object at 0x7fc557ef3f10>
2020-10-06 13:24:40+0200 [LDAPClient,client] Request => LDAPBindRequest(version=3, dn=b'cn=Administrator,dc=dept,dc=office,dc=company,dc=de', auth=****, sasl=False)
2020-10-06 13:24:40+0200 [LDAPClient,client] Response => LDAPBindResponse(resultCode=0)
2020-10-06 13:24:40+0200 [-] Stopping factory <twisted.internet.endpoints.connectProtocol.<locals>.OneShotFactory object at 0x7fc557ef3f10>
However, when I want to change the authentication method in Apache Directory Studio from "no authentication" to "StartTLS", I get the following error with my python script:
2020-10-06 13:25:43+0200 [-] Log opened.
2020-10-06 13:25:43+0200 [-] ServerFactory starting on 12345
2020-10-06 13:25:43+0200 [-] Starting factory <twisted.internet.protocol.ServerFactory object at 0x7f3a47a34fa0>
2020-10-06 13:25:51+0200 [-] Starting factory <twisted.internet.endpoints.connectProtocol.<locals>.OneShotFactory object at 0x7f3a47a43790>
2020-10-06 13:25:52+0200 [LoggingProxy,0,127.0.0.1] StartTLS not implemented. Responding with 'unavailable' (52): LDAPStartTLSResponse()
2020-10-06 13:25:52+0200 [-] Stopping factory <twisted.internet.endpoints.connectProtocol.<locals>.OneShotFactory object at 0x7f3a47a43790>
I am a newbie in this field so I do not know what to change in the code. I have already set use_tls to True.
Can someone please help?
Thanks in advance!