LDAP in C/Go : Error code 53 "Server is unwilling to perfom" when trying to set unicodePwd

huangapple go评论89阅读模式
英文:

LDAP in C/Go : Error code 53 "Server is unwilling to perfom" when trying to set unicodePwd

问题

所以我正在使用Go编写一个程序,借助于CGo进行C绑定,并且我正在使用ldap执行搜索、添加和修改操作。我已经成功完成了所有这些操作,但是现在我正在尝试在unicodePwd mod_type中设置密码,但是我似乎无法解决错误53:服务器不愿执行。

我知道很多原因都可能导致这个错误,所以:
我正在使用ldaps进行连接。
我为测试目的硬编码了一个由10个字符组成的密码,以及以双引号开头和结尾,并且将其转换为UTF-16LE、Base64编码。
密码包含小写字母、大写字母和标点符号。

以下是我的一些代码示例,我现在只是在测试,所以代码质量很差:

设置选项:C.ldap_set_option(l, LDAP_OPT_PROTOCOL_VERSION, unsafe.Pointer(&version)) C.ldap_set_option(l, LDAP_OPT_REFERRALS, unsafe.Pointer(&v))

初始化:C.ldap_initialize(&l, C.CString("ldaps://**.**.**.**:636"))

绑定:rc := C.ldap_simple_bind_s(l, C.CString("CN=Administrator,CN=Users,DC=intra,DC=localdomain,DC=com"), C.CString("**********"))

现在是重要的部分,添加一个带有密码的用户:

add_user(l, "ldaps://**.**.**.**", "636", "CN=Administrator,CN=Users,DC=intra,DC=localdomain,DC=com", "OU=*******,DC=intra,DC=localdomain,DC=com")

func add_user(l *C.LDAP, host string, port string, login string, container string) {

var mods [5]*C.LDAPModStr
var modClass, modCN, modSN, modPass C.LDAPModStr
var vclass [5]*C.char
var vcn [4]*C.char
var vsn [2]*C.char
var vpass [2]*C.char
modClass.mod_op = 0
modClass.mod_type = C.CString("objectclass")
vclass[0] = C.CString("top")
vclass[1] = C.CString("person")
vclass[2] = C.CString("organizationalPerson")
vclass[3] = C.CString("User")
vclass[4] = nil
modClass.mod_vals = &vclass[0]

modCN.mod_op = 0
modCN.mod_type = C.CString("cn")
vcn[0] = C.CString("john")
vcn[1] = nil
modCN.mod_vals = &vcn[0]

modSN.mod_op = 0
modSN.mod_type = C.CString("sn")
vsn[0] = C.CString("mclane")
vsn[1] = nil
modSN.mod_vals = &vsn[0]

modPass.mod_op = 0
modPass.mod_type = C.CString("unicodePwd")
vpass[0] = C.CString("IgBTAHcAZQBlAHQATgBlAHcAUAB3AGQAMQAyADMAIQAiAA==")
vpass[1] = nil
modPass.mod_vals = &vpass[0]

mods[0] = &modClass
mods[1] = &modCN
mods[2] = &modSN
mods[3] = &modPass
mods[4] = nil

dn := "cn=john,OU=*********,DC=intra,DC=localdomain,DC=com"

rc := C._ldap_add(l, C.CString(dn), &mods[0])

if rc != LDAP_SUCCESS {
	er := C.ldap_err2string(rc)
	fmt.Println("ADD ERROR")
	fmt.Println(rc)
	fmt.Println(C.GoString(er))
}

哦,这是LDAPModStr类型的定义:

typedef struct ldapmod_str {
	int	 mod_op;
	char	  *mod_type;
	char    **mod_vals;} LDAPModStr;

以及_ldap_add函数:

int _ldap_add(LDAP *ld, char* dn, LDAPModStr **attrs){
	
			return ldap_add_ext_s(ld, dn, (LDAPMod **)attrs, NULL, NULL);
		}

我可能漏掉了一些显而易见的东西,因为我对GO和LDAP都比较新手,但如果你能帮我解决这个问题,我将非常感激。我不知道这是否相关,但程序连接到运行在同一台计算机的虚拟机上的Windows Server 2012 R2的Active Directory。另外,我在这里还是新手,如果你觉得更容易,我可以在这里发布我的所有代码,但我认为只发布重要的步骤可能更好一些。

英文:

So i'm coding a program in Go, with C bindings thanks to CGo, and i'm using ldap to perform search, add and modify operations. I could manage to do all that, but now im trying to set a password in the unicodePwd mod_type and i can't seem to get around the Error 53: Server is unwilling to perfom.

I know a lot of stuff can cause this error so:
I'm connected with ldaps.
I hard-coded for testing purpose a password made of 10 characters, with double quotes at the beginning and the end, and got that in UTF-16LE, Base64.
The password hase lowercase letters, uppercase letters and punctuations symbols.

Here are some samples of my code, im just testing stuff right now so the coding is really bad:

Setting options :C.ldap_set_option(l, LDAP_OPT_PROTOCOL_VERSION, unsafe.Pointer(&version))
C.ldap_set_option(l, LDAP_OPT_REFERRALS, unsafe.Pointer(&v))

Initialization:C.ldap_initialize(&l, C.CString("ldaps://**.**.**.**:636"))

Binding:rc := C.ldap_simple_bind_s(l, C.CString("CN=Administrator,CN=Users,DC=intra,DC=localdomain,DC=com"), C.CString("**********"))

And now the important part, adding a user with a password :

add_user(l, "ldaps://**.**.**.**", "636", "CN=Administrator,CN=Users,DC=intra,DC=localdomain,DC=com", "OU=*******,DC=intra,DC=localdomain,DC=com")

func add_user(l *C.LDAP, host string, port string, login string, container string) {

var mods [5]*C.LDAPModStr
var modClass, modCN, modSN, modPass C.LDAPModStr
var vclass [5]*C.char
var vcn [4]*C.char
var vsn [2]*C.char
var vpass [2]*C.char
modClass.mod_op = 0
modClass.mod_type = C.CString("objectclass")
vclass[0] = C.CString("top")
vclass[1] = C.CString("person")
vclass[2] = C.CString("organizationalPerson")
vclass[3] = C.CString("User")
vclass[4] = nil
modClass.mod_vals = &vclass[0]

modCN.mod_op = 0
modCN.mod_type = C.CString("cn")
vcn[0] = C.CString("john")
vcn[1] = nil
modCN.mod_vals = &vcn[0]

modSN.mod_op = 0
modSN.mod_type = C.CString("sn")
vsn[0] = C.CString("mclane")
vsn[1] = nil
modSN.mod_vals = &vsn[0]

modPass.mod_op = 0
modPass.mod_type = C.CString("unicodePwd")
vpass[0] = C.CString("IgBTAHcAZQBlAHQATgBlAHcAUAB3AGQAMQAyADMAIQAiAA==")
vpass[1] = nil
modPass.mod_vals = &vpass[0]

mods[0] = &modClass
mods[1] = &modCN
mods[2] = &modSN
mods[3] = &modPass
mods[4] = nil

dn := "cn=john,OU=*********,DC=intra,DC=localdomain,DC=com"

rc := C._ldap_add(l, C.CString(dn), &mods[0])

if rc != LDAP_SUCCESS {
	er := C.ldap_err2string(rc)
	fmt.Println("ADD ERROR")
	fmt.Println(rc)
	fmt.Println(C.GoString(er))
}

Oh, and heres the definition of the type LDAPModStr:

typedef struct ldapmod_str {
	int	 mod_op;
	char	  *mod_type;
	char    **mod_vals;} LDAPModStr;

And _ldap_add :

int _ldap_add(LDAP *ld, char* dn, LDAPModStr **attrs){
	
			return ldap_add_ext_s(ld, dn, (LDAPMod **)attrs, NULL, NULL);
		}

I'm probably missing something obvious here, since i'm kinda new to GO and LDAP, but if you could help me solve this i would really be grateful. I dont know if this is relevant but the programs connects to the Active Directory of Windows Server 2012 R2, which is running on the same computer in a virtual machine. Also i'm kinda new here, i can post all of my code here if its easier for you, but i thought posting just important steps was maybe better.

答案1

得分: 1

我不知道是否有人会感兴趣,但是在@kostix的帮助下,我找到了一个解决方案,想和大家分享一下:在C语言中使用CGO的扩展修改操作无法生效,但是使用正确编码的go-ldap进行简单的修改操作,我成功地在Windows AD上更改了用户密码。

英文:

I don't know if anybody would be interested but i found a solution with the help of @kostix and i thought i'd share: the extended modify operations in C (using CGO) didn't work, but a simple modify operation using go-ldap with the correct encoding allowed me to change a user password on windows AD.

huangapple
  • 本文由 发表于 2015年10月13日 17:01:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/33098380.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定