import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import java.util.Date;
import java.util.TimeZone;
import java.util.Iterator;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.text.ParseException;
import java.io.UnsupportedEncodingException;
public class CheckBind
{
public static final int LENGTH = 42;
public static final int BITS = 336;
public static final int BITSOFFSET = 14;
public static Date date = new Date();
public static String locale = date.toString();
public static void main( String[] args )
{
if (args.length != 6) {
System.err.println("Usage: java CheckBind <host Name> "
+ "<port number> <login dn> <password> <user dn>"
+ "\n <user password>");
System.err.println("Example: java CheckBind Acme.com 389"
+ " \"cn=Admin,o=Acme\" secret\n"
+ " \"cn=JSmith,ou=sales,o=Acme\" userPWD");
System.exit(1);
}
int ldapVersion = LDAPConnection.LDAP_V3;
String ldapHost = args[0];
int ldapPort = Integer.parseInt(args[1]);
String loginDN = args[2];
String password = args[3];
String userDN = args[4];
String userPWD = args[5];
LDAPConnection lc = new LDAPConnection();
try {
lc.connect( ldapHost, ldapPort );
lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
System.out.println(" User DN: " + userDN );
System.out.println(" Current Time: " + locale);
System.out.println(" Checking bind restrictions...");
if ( GetBindInfo( lc, userDN, userPWD ) )
System.out.println(" User '" + userDN + "' can login now");
else
System.out.println(" User '"+userDN + "' can not login now");
lc.disconnect();
}
catch( LDAPException e ) {
System.err.println("CheckBind example failed");
System.err.println( "Error: " + e.toString() );
System.exit(1);
}
catch( UnsupportedEncodingException e ) {
System.out.println( "Error: " + e.toString() );
}
System.exit(0);
}
public static boolean GetBindInfo( LDAPConnection lc,
String userDN, String userPWD)
{
int i;
byte timeMap[] = new byte [0];
boolean checkResult = true, res;
String login = null, loginExpTime = null, pwdExpTime = null;
String locked = null, attrName;
String value;
LDAPAttribute attribute;
String returnAttrs[] = { "LoginDisabled",
"loginExpirationTime",
"passwordExpirationTime",
"loginAllowedTimeMap",
"lockedByIntruder"};
try {
System.out.print(" user's password: ");
attribute = new LDAPAttribute( "userPassword", userPWD );
if ( lc.compare( userDN, attribute ) )
System.out.println("password is correct");
else {
System.out.println("password is incorrect");
checkResult = false;
}
LDAPEntry entry = lc.read( userDN, returnAttrs );
LDAPAttributeSet attributeSet = entry.getAttributeSet();
Iterator allAttributes = attributeSet.iterator();
while(allAttributes.hasNext()) {
attribute = (LDAPAttribute)allAttributes.next();
attrName = attribute.getName();
if (attrName.equalsIgnoreCase( "loginAllowedTimeMap" )) {
timeMap = attribute.getByteValueArray()[0];
}
else if (attrName.equalsIgnoreCase( "LoginDisabled" )) {
if ( (value = attribute.getStringValue()) != null)
login = value;
}
else if (attrName.equalsIgnoreCase("loginExpirationTime")) {
if ( (value = attribute.getStringValue()) != null )
loginExpTime = value;
}
else if (attrName.equalsIgnoreCase("passwordExpirationTime")) {
if ( (value = attribute.getStringValue()) != null )
pwdExpTime = value;
}
else if (attrName.equalsIgnoreCase( "lockedByIntruder" )) {
if ( (value = attribute.getStringValue()) != null )
locked = value;
}
}
System.out.print(" Logindisabled: ");
if ( (login != null) && (login.length() != 0) ) {
if ( login.equalsIgnoreCase( "FALSE" ) )
System.out.println( login + " (enabled)" );
else {
System.out.println( login + " (disabled)" );
checkResult = false;
}
}
else
System.out.println("not present (no logindisabled set)");
System.out.print(" loginExpirationTime: ");
if ( (loginExpTime != null) && (loginExpTime.length() != 0) ) {
PrintLocalTime(loginExpTime);
res = CompareTime(loginExpTime);
if ( res )
System.out.println( "" );
else {
System.out.println( " (login expired)" );
checkResult = false;
}
}
else
System.out.println("not present (no expiration set)");
System.out.print(" passwordExpirationTime: ");
if ( (pwdExpTime != null) && (pwdExpTime.length() != 0) ) {
PrintLocalTime(pwdExpTime);
res = CompareTime(pwdExpTime);
if ( res )
System.out.println( "" );
else {
System.out.println( " (password expired)" );
checkResult = false;
}
}
else
System.out.println("not present (no expiration set)");
System.out.print(" LoginAllowedTimeMap: ");
if ( (timeMap != null) &&
(timeMap.length != 0) &&
(timeMap.length == LENGTH)) {
res = getTimeRestriction( timeMap, locale);
if ( res ) {
System.out.println( res + " (login time is restricted)");
checkResult = false;
}
else {
System.out.println( res + " (no restriction)");
}
}
else
System.out.println("not present (no time restriction set)");
System.out.print(" lockedByIntruder: ");
if ( (locked != null) && (locked.length() != 0) ) {
if ( locked.equalsIgnoreCase( "FALSE" ) )
System.out.println( locked + " (not locked)" );
else {
System.out.println( locked + " (locked)");
checkResult = false;
}
}
else
System.out.println("not present (no lock set)");
}
catch( LDAPException e ) {
System.out.println( "\n Error: " + e.toString() );
System.exit(1);
}
return checkResult;
}
public static void PrintLocalTime( String UTCTime )
{
Date date = null;
DateFormat formatter = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
TimeZone tz = TimeZone.getTimeZone("UTC");
formatter.setTimeZone(tz);
try {
date = formatter.parse( UTCTime );
}
catch(ParseException pe) {
System.out.println( "\n Error: " + pe.toString() );
}
System.out.print(date);
}
public static boolean CompareTime( String UTCTime )
{
Date date = null, currentDate = new Date();
DateFormat formatter = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
TimeZone tz = TimeZone.getTimeZone("UTC");
formatter.setTimeZone(tz);
try {
date = formatter.parse( UTCTime );
}
catch(ParseException pe) {
System.out.println( "\n Error: " + pe.toString() );
}
return date.after(currentDate);
}
public static boolean getTimeRestriction( byte[] tm, String localTime )
{
int i, temp, index = 0;
boolean flags[] = new boolean[BITS];
boolean temp1[] = new boolean [BITSOFFSET];
for ( i = 0; i < LENGTH; i++ ) {
if ( (tm[i] & 0x01) != 0 )
flags[ i * 8 + 0 ]= true;
if ( (tm[i] & 0x02) != 0 )
flags[ i * 8 + 1 ]= true;
if ( (tm[i] & 0x04) != 0 )
flags[ i * 8 + 2 ]= true;
if ( (tm[i] & 0x08) != 0 )
flags[ i * 8 + 3 ]= true;
if ( (tm[i] & 0x10) != 0 )
flags[ i * 8 + 4 ]= true;
if ( (tm[i] & 0x20) != 0 )
flags[ i * 8 + 5 ]= true;
if ( (tm[i] & 0x40) != 0 )
flags[ i * 8 + 6 ]= true;
if ( (tm[i] & 0x80) != 0 )
flags[ i * 8 + 7 ]= true;
}
for ( i = 0; i < BITSOFFSET; i++ )
temp1[i] = flags[i];
for ( i = BITSOFFSET; i < BITS; i++ )
flags[i-BITSOFFSET] = flags[i];
for ( i = 0; i < BITSOFFSET; i++ )
flags[BITS-BITSOFFSET+i] = temp1[i];
String weekDay = localTime.substring( 0, 3 );
String clock = localTime.substring(
localTime.indexOf((int)':') - 2,
localTime.indexOf((int)':') + 3 );
int hour = Integer.parseInt( clock.substring( 0, 2 ));
int minute = Integer.parseInt( clock.substring( 3 ));
int clockIndex = hour * 2 + minute / 30;
if ( weekDay.equalsIgnoreCase( "Sun" ))
index = 0 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Mon" ))
index = 1 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Tue" ))
index = 2 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Wed" ))
index = 3 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Thu" ))
index = 4 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Fri" ))
index = 5 * 48 + clockIndex;
else if ( weekDay.equalsIgnoreCase( "Sat" ))
index = 6 * 48 + clockIndex;
return !flags[index];
}
}