attempt to do non anonymous ldap connect
This commit is contained in:
parent
c26f2623a8
commit
6ef8ace025
@ -254,6 +254,7 @@ pub struct LdapConfig {
|
|||||||
pub tls: bool,
|
pub tls: bool,
|
||||||
pub user_name_attr: String,
|
pub user_name_attr: String,
|
||||||
pub mail_attr: String,
|
pub mail_attr: String,
|
||||||
|
pub user: Option<(String, String)>,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_ldap_config() -> Option<LdapConfig> {
|
fn get_ldap_config() -> Option<LdapConfig> {
|
||||||
@ -269,16 +270,24 @@ fn get_ldap_config() -> Option<LdapConfig> {
|
|||||||
};
|
};
|
||||||
let user_name_attr = var("LDAP_USER_NAME_ATTR").unwrap_or_else(|_| "cn".to_owned());
|
let user_name_attr = var("LDAP_USER_NAME_ATTR").unwrap_or_else(|_| "cn".to_owned());
|
||||||
let mail_attr = var("LDAP_USER_MAIL_ATTR").unwrap_or_else(|_| "mail".to_owned());
|
let mail_attr = var("LDAP_USER_MAIL_ATTR").unwrap_or_else(|_| "mail".to_owned());
|
||||||
|
let user = var("LDAP_USER").ok();
|
||||||
|
let password = var("LDAP_PASSWORD").ok();
|
||||||
|
let user = match (user, password) {
|
||||||
|
(Some(user), Some(password)) => Some((user, password)),
|
||||||
|
(None, None) => None,
|
||||||
|
_ => panic!("Invalid LDAP configuration both or neither of LDAP_USER and LDAP_PASSWORD must be set")
|
||||||
|
};
|
||||||
Some(LdapConfig {
|
Some(LdapConfig {
|
||||||
addr,
|
addr,
|
||||||
base_dn,
|
base_dn,
|
||||||
tls,
|
tls,
|
||||||
user_name_attr,
|
user_name_attr,
|
||||||
mail_attr,
|
mail_attr,
|
||||||
|
user
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
(None, None) => None,
|
(None, None) => None,
|
||||||
(_, _) => {
|
_ => {
|
||||||
panic!("Invalid LDAP configuration : both LDAP_ADDR and LDAP_BASE_DN must be set")
|
panic!("Invalid LDAP configuration : both LDAP_ADDR and LDAP_BASE_DN must be set")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -293,6 +293,21 @@ impl User {
|
|||||||
bcrypt::hash(pass, 10).map_err(Error::from)
|
bcrypt::hash(pass, 10).map_err(Error::from)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn ldap_preconn(ldap_conn: &mut LdapConn) -> Result<()> {
|
||||||
|
let ldap = CONFIG.ldap.as_ref().unwrap();
|
||||||
|
|
||||||
|
if let Some((user, password)) = ldap.user.as_ref() {
|
||||||
|
let bind = ldap_conn
|
||||||
|
.simple_bind(user, password)
|
||||||
|
.map_err(|_| Error::NotFound)?;
|
||||||
|
|
||||||
|
if bind.success().is_err() {
|
||||||
|
return Err(Error::NotFound);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
fn ldap_register(conn: &Connection, name: &str, password: &str) -> Result<User> {
|
fn ldap_register(conn: &Connection, name: &str, password: &str) -> Result<User> {
|
||||||
if CONFIG.ldap.is_none() {
|
if CONFIG.ldap.is_none() {
|
||||||
return Err(Error::NotFound);
|
return Err(Error::NotFound);
|
||||||
@ -300,6 +315,9 @@ impl User {
|
|||||||
let ldap = CONFIG.ldap.as_ref().unwrap();
|
let ldap = CONFIG.ldap.as_ref().unwrap();
|
||||||
|
|
||||||
let mut ldap_conn = LdapConn::new(&ldap.addr).map_err(|_| Error::NotFound)?;
|
let mut ldap_conn = LdapConn::new(&ldap.addr).map_err(|_| Error::NotFound)?;
|
||||||
|
|
||||||
|
User::ldap_preconn(&mut ldap_conn)?;
|
||||||
|
|
||||||
let ldap_name = format!("{}={},{}", ldap.user_name_attr, name, ldap.base_dn);
|
let ldap_name = format!("{}={},{}", ldap.user_name_attr, name, ldap.base_dn);
|
||||||
let bind = ldap_conn
|
let bind = ldap_conn
|
||||||
.simple_bind(&ldap_name, password)
|
.simple_bind(&ldap_name, password)
|
||||||
@ -346,6 +364,9 @@ impl User {
|
|||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
};
|
};
|
||||||
|
if User::ldap_preconn(&mut conn).is_err() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
let name = format!(
|
let name = format!(
|
||||||
"{}={},{}",
|
"{}={},{}",
|
||||||
ldap.user_name_attr, &self.username, ldap.base_dn
|
ldap.user_name_attr, &self.username, ldap.base_dn
|
||||||
|
Loading…
Reference in New Issue
Block a user