diff --git a/Makefile b/Makefile index 1d0dd4d..903b10b 100644 --- a/Makefile +++ b/Makefile @@ -56,6 +56,29 @@ itest-stop: .PHONY: itest itest: itest-up itest-run itest-stop +# Run bootstrapped integration test for anonymous bind +.PHONY: itest-up-anon +itest-up-anon: + docker compose -f docker-compose.yml \ + -f itest/docker-compose.itest.yml \ + build + docker compose -f docker-compose.yml \ + -f itest/docker-compose.itest.yml \ + up -d vaultwarden ldap + +.PHONY: itest-run-anon +itest-run-anon: + docker compose -f docker-compose.yml \ + -f itest/docker-compose.itest.yml \ + run ldap_sync + +.PHONY: itest-stop-anon +itest-stop-anon: + docker compose stop + +.PHONY: itest-anon +itest: itest-up-anon itest-run-anon itest-stop-anon + # Run bootstrapped integration test using env for config .PHONY: itest-env itest-env: diff --git a/itest/docker-compose.itest-anon-env.yml b/itest/docker-compose.itest-anon-env.yml new file mode 100644 index 0000000..b9f216a --- /dev/null +++ b/itest/docker-compose.itest-anon-env.yml @@ -0,0 +1,20 @@ +--- +services: + ldap_sync: + environment: + CONFIG_PATH: "" + APP_VAULTWARDEN_URL: "http://vaultwarden:80" + APP_VAULTWARDEN_ADMIN_TOKEN: "admin" + APP_LDAP_HOST: "ldap" + # APP_LDAP_BIND_DN: "cn=admin,dc=example,dc=org" + # APP_LDAP_BIND_PASSWORD: "admin" + APP_LDAP_SEARCH_BASE_DN: "dc=example,dc=org" + APP_LDAP_SEARCH_FILTER: "(&(objectClass=*)(uid=*))" + APP_LDAP_SYNC_LOOP: "false" + + vaultwarden: {} + + ldap: + command: ["--copy-service"] + volumes: + - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif diff --git a/itest/docker-compose.itest-anon.yml b/itest/docker-compose.itest-anon.yml new file mode 100644 index 0000000..a7ef9de --- /dev/null +++ b/itest/docker-compose.itest-anon.yml @@ -0,0 +1,12 @@ +--- +services: + ldap_sync: + volumes: + - ./itest/config-anon.toml:/config.toml:ro + + vaultwarden: {} + + ldap: + command: ["--copy-service"] + volumes: + - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif diff --git a/src/main.rs b/src/main.rs index cb9a583..06aba66 100644 --- a/src/main.rs +++ b/src/main.rs @@ -85,10 +85,18 @@ fn ldap_client( let mut ldap = LdapConn::with_settings(settings, ldap_url.as_str()) .context("Failed to connect to LDAP server")?; - if bind_dn.is_some() && bind_pw.is_some() { - ldap.simple_bind(&bind_dn.unwrap(), &bind_pw.unwrap()) - .context("Could not bind to LDAP server")?; - } + match (bind_dn, bind_pw) { + (None, None) => println!("Anonymously binding"), + (Some(bind_dn), Some(bind_pw)) => { + println!("Attempting to bind"); + ldap.simple_bind(&bind_dn, &bind_pw) + .context("Could nott bind to LDAP server")?; + } + + // Invalid authentication paths + (None, Some(_)) => Err(anyhow::anyhow!("Unable to bind without username"))?, + (Some(_), None) => Err(anyhow::anyhow!("Unable to bind without username"))?, + }; Ok(ldap) }