To run ldapserver.py first install all python pkgs:
# you may have to install python-dev

virtualenv --python=/usr/bin/python2 ldapTutorial
. ldapTutorial/bin/activate
pip2 install -r requirements.txt 

# deactivate when finished with the ldapTutorial

Note: ldapserver.py uses python2

Start the ldapserver:
python2 ldapserver.py

Run LDAPClient.class by:
java LDAPClient <uid>

A valid uid given that the entry has attribute objectclass:Person
will return its phone number.

TODO: Complete ldapinject.py that prints some attributes and their values of the given uids
by using the exploitable LDAPClient.

To begin try running the LDAPClient manually and try to
construct the password for uid bob by following slide 11.

Hint: LDAPClient is ldap injectable. Generate a list of possible
attributes and match them 1 character at a time, ending with a wildcard until the complete
string is constructed. If LDAPClient returns a phone number, then you know that the query is true.

For example: To get sn=Doe we can first search sn=a* which is false, until we reach sn=D*, which is true.
Repeat this for the second letter to get sn=Do* etc.. This is called blind ldap injection.

For the purpose of this exercise a list of attributes will be provided.
For the solution it is safe to assume all values are case insensitive letters only!!

**********
I have also configured a vm that can be found at dh2020pc02:/virtual/csc427ldap
that has everything configured for the lab.
user:root
pass:password
**********