gandc/lldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
901 Commits 7 Branches 10 Tags
11d766b2ba58065d1c7f1ca65001cea6572fd44d
Commit Graph

295 Commits

Author SHA1 Message Date
Valentin Tolmer
56eee6908e server: Add a way to print raw logs 
If the variable LLDAP_RAW_LOG is set, the logs will be both formatted with tracing_forest and printed raw
 2024-10-10 21:27:36 +02:00
Valentin Tolmer
17bcd7645b app: Clean up code, don't error on admin empty email 2024-10-05 23:10:40 +02:00
Austin Alvarado
dcba3d17dc app: Add support for user-created attributes 
Note: This PR doesn't handle errors around Jpeg files very well.

Co-authored-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>
Co-authored-by: Austin Alvarado <pixelrazor@gmail.com>
 2024-09-30 23:53:14 +02:00
Valentin Tolmer
1f3f73585b server: Add logging for password resets, add name for successful opaque logins 2024-09-26 22:51:34 +02:00
Valentin Tolmer
0c6a92a8fa server: Clarify logging of login attempts and failures 2024-09-26 20:43:19 +02:00
Valentin Tolmer
10a820f2a2 server: detect anonymous binds and return a correct error 2024-09-11 22:19:58 +02:00
Valentin Tolmer
01f97f5ed4 server: clean up the expected keys 2024-09-10 23:25:33 +02:00
Valentin Tolmer
f14aa2284c server: Detect unknown env variables (e.g. due to typos) 2024-09-08 21:45:36 +02:00
Valentin Tolmer
65e2103365 server: Simplify the debug print of various structs 
And use derive_more more liberally to simplify the impls
 2024-09-08 00:43:58 +02:00
Valentin Tolmer
5db0072cfa server: clarify SMTP error message 
SMTP docs for many email providers use SSL to mean SSL/TLS, and TLS to mean STARTTLS, causing endless confusion. This should hopefully help.
 2024-09-07 23:50:43 +02:00
Valentin Tolmer
1d8d3eb73f server: Fix attribute name 2024-09-07 22:27:20 +02:00
Valentin Tolmer
6cf0f6df06 server: map email and display_name from attributes into user fields 2024-08-28 00:25:23 +02:00
Valentin Tolmer
b1384818d2 server: Add a is_readonly attribute to the schema 2024-08-27 23:04:24 +02:00
Valentin Tolmer
3ec44a58be server: Allow password reset every time the server starts 2024-08-26 12:53:25 +02:00
Valentin Tolmer
2c79a40a73 server: Mask the details of SMTP errors, sleep when failing to send an email 2024-08-21 16:19:13 +02:00
Valentin Tolmer
dc26f97117 server: Fix compilation on Windows 2024-08-18 20:12:03 +02:00
Valentin Tolmer
09c5d9f925 server: Fix implementation of attribute present filter 
Instead of just doing a schema check, this actually looks for users that have a value for this attribute.
 2024-08-16 23:56:02 +02:00
Valentin Tolmer
ee7f9c9f41 server: Update ldap3_proto dependency 2024-08-16 23:47:06 +02:00
Valentin Tolmer
fa9c503de7 server: Add support for memberOf with plain user names, relax hard errors 
This should help when the client sends some invalid-looking queries as part of a bigger filter
 2024-08-16 23:21:20 +02:00
Bojidar Marinov
049a360506 server: Lookup first_name/last_name in the right list of attributes (#943) 
Note the std::mem::take(&mut user.attributes) further up that zeroes out user.attributes
 2024-07-31 23:55:07 +02:00
Valentin Tolmer
6f46ffd1e4 clippy: new fixes 2024-06-16 12:18:46 +02:00
Valentin Tolmer
22623bfab1 server: Fix user search for multiple memberOf 2024-03-18 22:02:12 +01:00
Valentin Tolmer
13720c101c server: silence clippy warnings 2024-02-27 08:22:58 +01:00
Valentin Tolmer
a1eb708cf3 server: Add missing unique indices on lowercase email/group names, fix memberof lookup 2024-02-26 10:53:51 +01:00
Valentin Tolmer
5c5b87d5af app,server: Switch /reset/step1 to a POST request 
Otherwise, caching can become an issue. Also, it's not an idempotent request.
 2024-02-09 00:20:31 +01:00
Valentin Tolmer
96f5b31e0c server: Add graphQL methods to manage custom LDAP object classes 2024-02-06 22:39:05 +01:00
Valentin Tolmer
4955b7fac1 server: Add support for the custom LDAP object classes in LDAP filters 2024-02-06 22:39:05 +01:00
Valentin Tolmer
646fe32645 server: Add support for custom LDAP object classes for users and groups 2024-02-05 22:51:02 +01:00
Valentin Tolmer
1c65cd115e server: Fix panic due to database collation 
When the database's collation is not "C", the DB order is not the same as the
Rust order. As such, asserting that the elements are in increasing order fails.
However, since both queries get the order from the database, they should be in
the same order.

With too many users, the query had a giant filter `IN (u1, u2, u3,
...)`. In PostgreSQL, we can pass the users as an array instead, but that
doesn't work with SQLite. Instead, we repeat the filter from the
previous query to get the same users/groups, as a subquery.
 2024-02-02 15:39:16 +01:00
Austin Alvarado
93f3057b8f server: remove debug print 2024-01-25 22:35:42 +01:00
Valentin Tolmer
d4b3b4649e server: Clean up main, make more functions async 2024-01-24 00:04:43 +01:00
Valentin Tolmer
c2eed8909a server: Only call expand_attributes at most once per request 2024-01-23 00:17:08 +01:00
Valentin Tolmer
b82a2d5705 server: Treat the database password as a secret 2024-01-22 23:12:33 +01:00
Valentin Tolmer
addd453287 server: don't error on global searches if only one side fails 2024-01-22 22:30:54 +01:00
Valentin Tolmer
e308a5e9a1 server: Add the attribute schema to the attributes in graphql 
And make sure that we only request the schema once per top-level query
 2024-01-21 23:25:57 +01:00
Valentin Tolmer
bd0a58b476 server: clean up the attributes, relax the substring filter conditions 
This consolidates both user and group attributes in their map_{user,group}_attribute as the only point of parsing. It adds support for custom attribute filters for groups, and makes a SubString filter on an unknown attribute resolve to just false.
 2024-01-17 23:44:25 +01:00
Valentin Tolmer
6f905b1ca9 server: update ldap3_proto dependency 
This will fix the issue with some unhandled controls, this time for sure
 2024-01-16 17:52:15 +01:00
Valentin Tolmer
2ea17c04ba server: Move the definition of UserId down to lldap_auth 2024-01-15 23:48:59 +01:00
Valentin Tolmer
9f8364ca1a server: Fix private key reset functionality 2024-01-14 22:54:13 +01:00
Valentin Tolmer
8b7852bf1c chore: clippy warnings 2024-01-13 18:32:58 +01:00
Valentin Tolmer
c4be7f5b6f server: Serialize attribute values when searching 
This should fix #763 and allow filtering by custom attribute values.
 2024-01-13 13:37:46 +01:00
Valentin Tolmer
337101edea server: update ldap3_proto dependency 
This will fix the issue with some unhandled controls
 2024-01-08 16:10:11 +01:00
Valentin Tolmer
dc140f1675 server: exit with non-zero code when running into errors starting 2024-01-06 00:43:41 +01:00
Valentin Tolmer
708d927e90 server: add a unique index to the memberships 2024-01-03 12:40:24 +01:00
Valentin Tolmer
0d48b7f8c9 server: add support for entryDN 2023-12-31 08:27:25 +01:00
Valentin Tolmer
f2b1e73929 server: Add a check for a changing private key 
This checks that the private key used to encode the passwords has not
changed since last successful startup, leading to a corruption of all
the passwords. Lots of common scenario are covered, with various
combinations of key in a file or from a seed, set in the config file or
in an env variable or through CLI, and so on.
 2023-12-29 15:37:52 +01:00
Valentin Tolmer
ff0ea51121 server: Add an option to force reset the admin password 2023-12-22 08:27:35 +01:00
Valentin Tolmer
2c54ad895d chore: clippy 2023-12-15 23:37:25 +01:00
Valentin Tolmer
272c84c574 server: make attributes names, group names and emails case insensitive 
In addition, group names and emails keep their casing
 2023-12-15 23:21:22 +01:00
MinerSebas
70d85524db app: make it possible to serve lldap behind a sub-path 2023-12-07 18:21:49 +01:00