IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes the following cargo doc warning:
warning: this URL is not a hyperlink
--> proxmox-ldap/src/lib.rs:199:9
|
199 | /// https://www.rfc-editor.org/rfc/rfc4512#section-5.1
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use an automatic link instead: `<https://www.rfc-editor.org/rfc/rfc4512#section-5.1>`
|
= note: bare URLs are not automatically turned into clickable links
= note: `#[warn(rustdoc::bare_urls)]` on by default
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
The root DSE holds common attributes about the LDAP server itself.
Needed to e.g. support Active Directory-based LDAP servers to retrieve
the base DN from the server itself, based on an valid bind.
See also RFC 4512, Section 5.1 [0] for more information about this
special object.
[0] https://www.rfc-editor.org/rfc/rfc4512#section-5.1
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
The `attrs` parameter of `Ldap::search()` is an `impl AsRef<[impl
AsRef<str>]>` anyway, so replace `vec![..]` with `&[..]`.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
this should avoid most common size limitations. the search should also
complete quicker as fewer results need to be computed. note that this
way a configuration may be accepted, but the related sync job can
fail due to and exceeded size limit warning for some ldap servers
(such as 2.5.14+dfsg-0ubuntu0.22.04.2).
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
this function checks if a given connection could work. it uses the
current config to connect to an ldap directory and perform a search
with the provided base_dn. this enables us to verify a connection
before storing it in a more meaningful way than with a regex.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
by using the default empty string if no password was provided,
unauthenticated binds were possible. to bring pbs in-line with pve,
switch to throwing an error in this case instead. however, this will
break any pre-existing setup that relied on this behavior.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit adds integration tests to ensure that the crate works as intended.
The tests are executed against a real LDAP server, namely `glauth`. `glauth` was
chosen because it ships as a single, statically compiled binary and can
be configured with a single configuration file.
The tests are written as off-the-shelf unit tests. However, they are
#[ignored] by default, as they have some special requirements:
* They required the GLAUTH_BIN environment variable to be set,
pointing to the location of the `glauth` binary. `glauth` will be
started and stopped automatically by the test suite.
* Tests have to be executed sequentially (`--test-threads 1`),
otherwise multiple instances of the glauth server might bind to the
same port.
The `run_integration_tests.sh` checks whether GLAUTH_BIN is set, or if
not, attempts to find `glauth` on PATH. The script also ensures that the
tests are run sequentially.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
This commit adds the search_entities function, which allows to search for
LDAP entities given certain provided criteria.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
In the LDAP world, authentication is done using the bind operation, where
users are authenticated with the tuple (dn, password). Since we only know
the user's username, it is first necessary to look up the user's
domain (dn).
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>