From 402fff84fddf84bfac78029e40af12edf8de7386 Mon Sep 17 00:00:00 2001
From: Ian <ViViDboarder@gmail.com>
Date: Sun, 27 Dec 2020 10:50:10 -0500
Subject: [PATCH 1/2] Add support for starttls

Fixes #18
---
 src/config.rs | 5 +++++
 src/main.rs   | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/config.rs b/src/config.rs
index eccc035..2dbcfbe 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -43,6 +43,7 @@ pub struct Config {
     ldap_host: String,
     ldap_scheme: Option<String>,
     ldap_ssl: Option<bool>,
+    ldap_starttls: Option<bool>,
     ldap_port: Option<u16>,
     ldap_no_tls_verify: Option<bool>,
     // LDAP auth config
@@ -110,6 +111,10 @@ impl Config {
         self.ldap_ssl.unwrap_or(false)
     }
 
+    pub fn get_ldap_starttls(&self) -> bool {
+        self.ldap_starttls.unwrap_or(false)
+    }
+
     pub fn get_ldap_no_tls_verify(&self) -> bool {
         self.ldap_no_tls_verify.unwrap_or(false)
     }
diff --git a/src/main.rs b/src/main.rs
index 74d9866..61643ba 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -66,8 +66,11 @@ fn ldap_client(
     bind_dn: String,
     bind_pw: String,
     no_tls_verify: bool,
+    starttls: bool,
 ) -> Result<LdapConn, Box<dyn Error>> {
-    let settings = LdapConnSettings::new().set_no_tls_verify(no_tls_verify);
+    let settings = LdapConnSettings::new()
+        .set_starttls(starttls)
+        .set_no_tls_verify(no_tls_verify);
     let ldap = LdapConn::with_settings(settings, ldap_url.as_str())?;
     match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) {
         _ => {}
@@ -83,6 +86,7 @@ fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn E
         config.get_ldap_bind_dn(),
         config.get_ldap_bind_password(),
         config.get_ldap_no_tls_verify(),
+        config.get_ldap_starttls(),
     );
 
     if ldap.is_err() {

From b47d279ca9e7ca7041ee7bb9591a7ab78a21fb27 Mon Sep 17 00:00:00 2001
From: ViViDboarder <ViViDboarder@gmail.com>
Date: Sun, 27 Dec 2020 11:19:14 -0500
Subject: [PATCH 2/2] Update readme with starttls documentation

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f51fe9a..b39362b 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,8 @@ Configuration values are as follows:
 |`bitwarden_root_cert_file`|String|Optional|Path to an additional der-encoded root certificate to trust. Eg. `root.cert`. If using Docker see `docker-compose.yml` for how to expose it. Defaults to `empty`|
 |`ldap_host`|String||The hostname or IP address for your ldap server|
 |`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings|
-|`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used. Defaults to `false`|
+|`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used and if we should connect with `ldaps`. Defaults to `false`|
+|`ldap_starttls`|Boolean|Optional|Indicates if the connection should be done using StartTLS|
 |`ldap_no_tls_verify`|Boolean|Optional|Indicates if certificate should be verified when using SSL. Defaults to `true`|
 |`ldap_port`|Integer|Optional|Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings|
 |`ldap_bind_dn`|String||The dn for the bind user that will connect to LDAP. Eg. `cn=admin,dc=example,dc=org`|