updated the ldap bind functions to provide for anonymous binds

This commit is contained in:
Shaun See Tow 2024-10-26 14:12:46 +08:00 committed by Ian
parent 978d4a2c49
commit 03fe018d4c
2 changed files with 11 additions and 8 deletions

View File

@ -70,8 +70,8 @@ pub struct Config {
ldap_port: Option<u16>, ldap_port: Option<u16>,
ldap_no_tls_verify: Option<bool>, ldap_no_tls_verify: Option<bool>,
// LDAP auth config // LDAP auth config
ldap_bind_dn: String, ldap_bind_dn: Option<String>,
ldap_bind_password: Pass, ldap_bind_password: Option<Pass>,
// LDAP search config // LDAP search config
ldap_search_base_dn: String, ldap_search_base_dn: String,
ldap_search_filter: String, ldap_search_filter: String,
@ -155,11 +155,11 @@ impl Config {
} }
} }
pub fn get_ldap_bind_dn(&self) -> String { pub fn get_ldap_bind_dn(&self) -> Option<String> {
self.ldap_bind_dn.clone() self.ldap_bind_dn.clone()
} }
pub fn get_ldap_bind_password(&self) -> String { pub fn get_ldap_bind_password(&self) -> Option<String> {
self.ldap_bind_password.clone() self.ldap_bind_password.clone()
} }

View File

@ -74,8 +74,8 @@ fn get_existing_users(client: &mut vw_admin::Client) -> Result<HashSet<String>,
/// Creates an LDAP connection, authenticating if necessary /// Creates an LDAP connection, authenticating if necessary
fn ldap_client( fn ldap_client(
ldap_url: String, ldap_url: String,
bind_dn: String, bind_dn: Option<String>,
bind_pw: String, bind_pw: Option<String>,
no_tls_verify: bool, no_tls_verify: bool,
starttls: bool, starttls: bool,
) -> Result<LdapConn, AnyError> { ) -> Result<LdapConn, AnyError> {
@ -84,8 +84,11 @@ fn ldap_client(
.set_no_tls_verify(no_tls_verify); .set_no_tls_verify(no_tls_verify);
let mut ldap = LdapConn::with_settings(settings, ldap_url.as_str()) let mut ldap = LdapConn::with_settings(settings, ldap_url.as_str())
.context("Failed to connect to LDAP server")?; .context("Failed to connect to LDAP server")?;
ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str())
if bind_dn.is_some() && bind_pw.is_some() {
ldap.simple_bind(&bind_dn.unwrap(), &bind_pw.unwrap())
.context("Could not bind to LDAP server")?; .context("Could not bind to LDAP server")?;
}
Ok(ldap) Ok(ldap)
} }