ldap: add an option to silence unknown fields in the config

2022-05-30 19:51:14 +02:00
parent a0b0b455ed
commit 1efab58d0c
4 changed files with 127 additions and 29 deletions
--- a/server/src/infra/ldap_server.rs
+++ b/server/src/infra/ldap_server.rs
@@ -70,6 +70,8 @@ async fn handle_ldap_stream<Stream, Backend>(
    stream: Stream,
    backend_handler: Backend,
    ldap_base_dn: String,
+    ignored_user_attributes: Vec<String>,
+    ignored_group_attributes: Vec<String>,
 ) -> Result<Stream>
 where
    Backend: BackendHandler + LoginHandler + OpaqueHandler + 'static,
@@ -81,7 +83,12 @@ where
    let mut requests = FramedRead::new(r, LdapCodec);
    let mut resp = FramedWrite::new(w, LdapCodec);

-    let mut session = LdapHandler::new(backend_handler, ldap_base_dn);
+    let mut session = LdapHandler::new(
+        backend_handler,
+        ldap_base_dn,
+        ignored_user_attributes,
+        ignored_group_attributes,
+    );

    while let Some(msg) = requests.next().await {
        if !handle_incoming_message(msg, &mut resp, &mut session)
@@ -110,7 +117,12 @@ pub fn build_ldap_server<Backend>(
 where
    Backend: BackendHandler + LoginHandler + OpaqueHandler + 'static,
 {
-    let context = (backend_handler, config.ldap_base_dn.clone());
+    let context = (
+        backend_handler,
+        config.ldap_base_dn.clone(),
+        config.ignored_user_attributes.clone(),
+        config.ignored_group_attributes.clone(),
+    );

    let context_for_tls = context.clone();

@@ -119,8 +131,15 @@ where
        fn_service(move |stream: TcpStream| {
            let context = context.clone();
            async move {
-                let (handler, base_dn) = context;
-                handle_ldap_stream(stream, handler, base_dn).await
+                let (handler, base_dn, ignored_user_attributes, ignored_group_attributes) = context;
+                handle_ldap_stream(
+                    stream,
+                    handler,
+                    base_dn,
+                    ignored_user_attributes,
+                    ignored_group_attributes,
+                )
+                .await
            }
        })
        .map_err(|err: anyhow::Error| error!("[LDAP] Service Error: {:#}", err))
@@ -139,9 +158,19 @@ where
            fn_service(move |stream: TcpStream| {
                let tls_context = tls_context.clone();
                async move {
-                    let ((handler, base_dn), tls_acceptor) = tls_context;
+                    let (
+                        (handler, base_dn, ignored_user_attributes, ignored_group_attributes),
+                        tls_acceptor,
+                    ) = tls_context;
                    let tls_stream = tls_acceptor.accept(stream).await?;
-                    handle_ldap_stream(tls_stream, handler, base_dn).await
+                    handle_ldap_stream(
+                        tls_stream,
+                        handler,
+                        base_dn,
+                        ignored_user_attributes,
+                        ignored_group_attributes,
+                    )
+                    .await
                }
            })
            .map_err(|err: anyhow::Error| error!("[LDAPS] Service Error: {:#}", err))