added test configurations

Makefile

@@ -56,6 +56,29 @@ itest-stop:
 .PHONY: itest
 itest: itest-up itest-run itest-stop
 
+# Run bootstrapped integration test for anonymous bind
+.PHONY: itest-up-anon
+itest-up-anon:
+	docker compose -f docker-compose.yml \
+		-f itest/docker-compose.itest.yml \
+		build
+	docker compose -f docker-compose.yml \
+		-f itest/docker-compose.itest.yml \
+		up -d vaultwarden ldap
+
+.PHONY: itest-run-anon
+itest-run-anon:
+	docker compose -f docker-compose.yml \
+		-f itest/docker-compose.itest.yml \
+		run ldap_sync
+
+.PHONY: itest-stop-anon
+itest-stop-anon:
+	docker compose stop
+
+.PHONY: itest-anon
+itest: itest-up-anon itest-run-anon itest-stop-anon
+
 # Run bootstrapped integration test using env for config
 .PHONY: itest-env
 itest-env:

itest/docker-compose.itest-anon-env.yml

@@ -0,0 +1,20 @@
+---
+services:
+  ldap_sync:
+    environment:
+      CONFIG_PATH: ""
+      APP_VAULTWARDEN_URL: "http://vaultwarden:80"
+      APP_VAULTWARDEN_ADMIN_TOKEN: "admin"
+      APP_LDAP_HOST: "ldap"
+      # APP_LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
+      # APP_LDAP_BIND_PASSWORD: "admin"
+      APP_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
+      APP_LDAP_SEARCH_FILTER: "(&(objectClass=*)(uid=*))"
+      APP_LDAP_SYNC_LOOP: "false"
+
+  vaultwarden: {}
+
+  ldap:
+    command: ["--copy-service"]
+    volumes:
+      - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif

itest/docker-compose.itest-anon.yml

@@ -0,0 +1,12 @@
+---
+services:
+  ldap_sync:
+    volumes:
+      - ./itest/config-anon.toml:/config.toml:ro
+
+  vaultwarden: {}
+
+  ldap:
+    command: ["--copy-service"]
+    volumes:
+      - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif

src/main.rs

@@ -85,10 +85,18 @@ fn ldap_client(
     let mut ldap = LdapConn::with_settings(settings, ldap_url.as_str())
         .context("Failed to connect to LDAP server")?;
 
-    if bind_dn.is_some() && bind_pw.is_some() {
+    match (bind_dn, bind_pw) {
-        ldap.simple_bind(&bind_dn.unwrap(), &bind_pw.unwrap())
+        (None, None) => println!("Anonymously binding"),
-            .context("Could not bind to LDAP server")?;
+        (Some(bind_dn), Some(bind_pw)) => {
-    }
+            println!("Attempting to bind");
+            ldap.simple_bind(&bind_dn, &bind_pw)
+                .context("Could nott bind to LDAP server")?;
+        }
+
+        // Invalid authentication paths
+        (None, Some(_)) => Err(anyhow::anyhow!("Unable to bind without username"))?,
+        (Some(_), None) => Err(anyhow::anyhow!("Unable to bind without username"))?,
+    };
 
     Ok(ldap)
 }