diff --git a/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php b/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
index 104265f88050102f383a0c658231109d26282eee..7e420604acdff98de7ed97acf61b54cb33bd1a03 100755
--- a/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
+++ b/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
@@ -11,6 +11,7 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
private $orgmeta = NULL;
+ private $cli = array();
/**
* @param $location Must be of class Configuration..
@@ -20,6 +21,11 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$this->orgmeta = $orgmeta;
}
+
+ public function getCLI() {
+ return $this->cli;
+ }
+
/**
* Perform a test of the LDAP. Used by the LDAP status page.
@@ -63,6 +69,11 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
if (!empty($url['port'])) $port = $url['port'];
$tester->log('ldapstatus Url parse [' . $hostname . '] => [' . $url['host'] . ']:[' . $port . ']' );
+
+ $this->cli[] = array('Ping LDAP host', 'ping ' . $url['host']);
+ $this->cli[] = array('Traceroute LDAP host', 'traceroute ' . $url['host']);
+ $this->cli[] = array('TCPtraceroute connection', 'tcptraceroute ' . $url['host'] . ' ' . $port);
+ $this->cli[] = array('Check certificate', 'openssl s_client -host ' . $url['host'] . ' -port ' . $port);
$tester->tick('ping');
@@ -105,7 +116,7 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
return $result;
}
-
+ $cliAdminBind = '';
// Do an admin bind before searching?
if ($this->location->hasValue('adminUser')) {
try {
@@ -114,7 +125,13 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$this->adminBind($this->location->getString('adminUser'), $this->location->getString('adminPassword'));
$result['adminBind'] = array(TRUE,$tester->tack('connect'));
$result['adminBind']['time'] = $tester->tack('connect', FALSE);
-
+
+ $cliAdminBind = "-D '" . $this->location->getString('adminUser') . "' -W ";
+ $this->cli[] = array('Bind as admin (and read user base)',
+ "ldapsearch -H " . $hostname . " -b '" . $this->location->getValue('searchbase') . "' " .
+ "-s base -V -x " .
+ $cliAdminBind
+ );
} catch (Exception $e) {
$tester->log('ldapstatus: Connect error() [' . $hostname . ']: ' . $e->getMessage());
@@ -122,6 +139,11 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$result['time'] = $tester->tack('all', FALSE);
return $result;
}
+ } else {
+ $this->cli[] = array('Bind as anonymous (and read user base)',
+ "ldapsearch -H " . $hostname . " -b '" . $this->location->getValue('searchbase') . "' " .
+ "-s base -V -x "
+ );
}
try {
@@ -131,7 +153,7 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$userDN = $this->searchForUser($username);
$result['ldapSearchBogus'] = array(TRUE,$tester->tack('ldapSearchBogus'));
$result['ldapSearchBogus']['time'] = $tester->tack('ldapSearchBogus', FALSE);
-
+
} catch (SimpleSAML_Error_UserNotFound $e) {
$result['ldapSearchBogus'] = array(TRUE,$tester->tack('ldapSearchBogus'));
@@ -159,6 +181,26 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$userDN = $this->searchForUser($this->location->getValue('testUser'));
$result['ldapSearchTestUser'] = array(TRUE,$tester->tack('ldapSearchTestUser'));
$result['ldapSearchTestUser']['time'] = $tester->tack('ldapSearchTestUser', FALSE);
+
+ $this->cli[] = array('Search for test user',
+ "ldapsearch -H " . $hostname . " -b '" . $this->location->getValue('searchbase') . "' " .
+ "-s sub -V -x " .
+ $cliAdminBind . " '(|(eduPersonPrincipalName=" . $this->location->getValue('testUser') . "))'"
+ );
+
+ $this->cli[] = array('Read test user attributes (user bind)',
+ "ldapsearch -H " . $hostname . " -b '" . $userDN . "' " .
+ "-s base -V -x " .
+ "-D '" . $userDN . "' -W "
+ );
+
+ $this->cli[] = array('Read test user attributes (as admin/anonymous)',
+ "ldapsearch -H " . $hostname . " -b '" . $userDN . "' " .
+ "-s base -V -x " .
+ $cliAdminBind
+ );
+
+
} catch (Exception $e) {
$tester->log('LDAP Search test account:' . $e->getMessage());
$result['ldapSearchTestUser'] = array(FALSE,$e->getMessage());
@@ -197,7 +239,7 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
$result['getTestOrg'] = array(TRUE,$tester->tack('getTestOrg'));
$result['getTestOrg']['time'] = $tester->tack('getTestOrg', FALSE);
} catch(Exception $e) {
- $tester->log('LDAP Test user attributes failed:' . $e->getMessage());
+ $tester->log('LDAP Test user attributes failed: ' . $e->getMessage());
$result['getTestOrg'] = array(FALSE,$e->getMessage());
}
}
diff --git a/modules/ldapstatus/templates/ldapsinglehost.php b/modules/ldapstatus/templates/ldapsinglehost.php
index 4dc3f46cc2cf1194315d146c0fa4caa7f6a6bd55..e1785a3aa506af6f76939475435ee9de58234ba3 100644
--- a/modules/ldapstatus/templates/ldapsinglehost.php
+++ b/modules/ldapstatus/templates/ldapsinglehost.php
@@ -41,10 +41,6 @@ $this->includeAtTemplateBase('includes/header.php');
?>
-<?php
-
-echo('<h2>LDAP status for ' . $this->getTranslation($this->data['org']['description']) . '</h2>');
-?>
<p style="text-align: right; margin-bottom: 1em;">[ <a href="?">return to list of all organizations</a> ]</p>
@@ -129,6 +125,8 @@ if (array_key_exists('secretURL', $this->data)) {
echo('<li><a href="#access">Access URL</a></li>');
}
+ echo('<li><a href="#cli">Command line</a></li>');
+
echo ('</ul>');
echo '<div id="ldaptests" class="tabset_content">';
@@ -140,7 +138,7 @@ echo '<div id="ldaptests" class="tabset_content">';
-<div id="ldapstatus">
+<div id="ldapstatus" >
<?php
if ($ok) {
@@ -170,10 +168,20 @@ presentRes('configMeta', 'Contact information registered', 'Checking for additio
?>
</div><!-- end ldap status -->
-
</div><!-- end ldap test tab -->
+
<?php
+
+echo '<div id="cli" class="tabset_content">';
+foreach($this->data['cli'] AS $clientry) {
+ echo('<p>' . $clientry[0] . '</p>');
+ echo('<pre>' . $clientry[1] . '</pre>');
+}
+echo '</div>';
+
+
+
echo '<div id="debug" class="tabset_content">';
#echo('<h3><a href="#">Debug log</a></h3>');
diff --git a/modules/ldapstatus/www/index.php b/modules/ldapstatus/www/index.php
index bc8883f3b98e2eb89885e8d87bdf7a28d4ff9d2e..8f743d3cc3ca462d224339262a672fbceaa30f59 100644
--- a/modules/ldapstatus/www/index.php
+++ b/modules/ldapstatus/www/index.php
@@ -12,6 +12,7 @@ $orgs = $ldapconfig->getValue('organizations');
$locationTemplate = $ldapconfig->getValue('locationTemplate');
+
$isAdmin = FALSE;
$secretURL = NULL;
if (array_key_exists('orgtest', $_REQUEST)) {
@@ -66,25 +67,7 @@ if (array_key_exists('orgtest', $_REQUEST)) {
// If authsource is not defined, init admin login.
SimpleSAML_Utilities::requireAdmin();
}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-// SimpleSAML_Utilities::requireAdmin();
$isAdmin = TRUE;
}
@@ -162,7 +145,7 @@ $maxtime = $ldapStatusConfig->getValue('maxExecutionTime', 15);
if (array_key_exists('orgtest', $_REQUEST)) {
#$old_error_handler = set_error_handler("myErrorHandler");
-
+ $cli = array();
$locindex = 0;
if (array_key_exists('locindex', $_REQUEST)) $locindex = $_REQUEST['locindex'];
@@ -178,8 +161,8 @@ if (array_key_exists('orgtest', $_REQUEST)) {
$res = $tester->test();
+ // Machine readable output
if(array_key_exists('output', $_REQUEST) && $_REQUEST['output'] === 'text') {
-
$ok = TRUE;
foreach ($res AS $tag => $resEntry) {
if ($tag == 'time') continue;
@@ -187,24 +170,15 @@ if (array_key_exists('orgtest', $_REQUEST)) {
$ok = FALSE;
echo("Error (" . $tag . ") : " . $resEntry[1] . "\n");
}
- }
-
- if ($ok) {
- echo('OOOKKK');
- }
-
- // print_r($res);
- // print_r($orgs[$_REQUEST['orgtest']]);
-
+ }
+ if ($ok) echo('OOOKKK');
exit;
-
-
}
$t = new SimpleSAML_XHTML_Template($config, 'ldapstatus:ldapsinglehost.php');
-
$t->data['res'] = $res;
+ $t->data['cli'] = $tester->getCLI();
$t->data['org'] = $orgs[$_REQUEST['orgtest']];
$t->data['debugLog'] = SimpleSAML_Logger::getCapturedLog();
if ($isAdmin) $t->data['secretURL'] = $secretURL;