Compare commits
No commits in common. "3fecf86fd3eddfdeaf8d66731140a963471fb95a" and "c8d43028634fa10636d893e749217e075aad7d16" have entirely different histories.
3fecf86fd3
...
c8d4302863
4 changed files with 0 additions and 106 deletions
|
|
@ -1,12 +0,0 @@
|
||||||
[package]
|
|
||||||
name = "ldap"
|
|
||||||
version = { workspace = true }
|
|
||||||
edition = { workspace = true }
|
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
actix-web = "4"
|
|
||||||
serde = { version = "1", features = ["derive"] }
|
|
||||||
ldap3 = "0.10"
|
|
||||||
tokio = { version = "1", features = ["full"] }
|
|
||||||
env_logger = "0.10"
|
|
||||||
log = "0.4"
|
|
||||||
|
|
@ -1,63 +0,0 @@
|
||||||
use actix_web::{post, web, App, HttpResponse, HttpServer, Responder};
|
|
||||||
use ldap3::{LdapConn, Scope, SearchEntry};
|
|
||||||
use serde::Deserialize;
|
|
||||||
use std::env;
|
|
||||||
|
|
||||||
// Struct to deserialize login request payload
|
|
||||||
#[derive(Deserialize)]
|
|
||||||
struct LoginRequest {
|
|
||||||
username: String,
|
|
||||||
password: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
// HTTP POST endpoint for user login
|
|
||||||
#[post("/login")]
|
|
||||||
async fn login(credentials: web::Json<LoginRequest>) -> impl Responder {
|
|
||||||
// Authenticate user and return appropriate response
|
|
||||||
match authenticate_user(&credentials.username, &credentials.password) {
|
|
||||||
Ok(true) => HttpResponse::Ok().body("Login erfolgreich"), // Login successful
|
|
||||||
_ => HttpResponse::Unauthorized().body("Login fehlgeschlagen"), // Login failed
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Function to authenticate user against LDAP server
|
|
||||||
fn authenticate_user(username: &str, password: &str) -> Result<bool, Box<dyn std::error::Error>> {
|
|
||||||
// Get LDAP server and base DN from environment variables or use defaults
|
|
||||||
let ldap_server = env::var("LDAP_SERVER").unwrap_or("ldap://127.0.0.1:389".to_string());
|
|
||||||
let base_dn = env::var("LDAP_BASE_DN").unwrap_or("dc=schule,dc=local".to_string());
|
|
||||||
|
|
||||||
// Establish connection to LDAP server
|
|
||||||
let ldap = LdapConn::new(&ldap_server)?;
|
|
||||||
|
|
||||||
// Search for the user in the LDAP directory
|
|
||||||
let (rs, _res) = ldap.search(
|
|
||||||
&format!("ou=users,{}", base_dn), // Search under "ou=users"
|
|
||||||
Scope::Subtree, // Search all levels
|
|
||||||
&format!("(uid={})", username), // Filter by username
|
|
||||||
vec!["dn"], // Retrieve the distinguished name (DN)
|
|
||||||
)?.success()?;
|
|
||||||
|
|
||||||
// If user is found, attempt to authenticate with their DN and password
|
|
||||||
if let Some(entry) = rs.into_iter().next() {
|
|
||||||
let user_dn = SearchEntry::construct(entry).dn; // Extract user DN
|
|
||||||
|
|
||||||
// Reconnect and bind with user credentials
|
|
||||||
let user_ldap = LdapConn::new(&ldap_server)?;
|
|
||||||
let auth_result = user_ldap.simple_bind(&user_dn, password)?.success();
|
|
||||||
return Ok(auth_result.is_ok()); // Return true if authentication succeeds
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(false) // Return false if user is not found
|
|
||||||
}
|
|
||||||
|
|
||||||
// Main function to start the Actix Web server
|
|
||||||
#[actix_web::main]
|
|
||||||
async fn main() -> std::io::Result<()> {
|
|
||||||
env_logger::init(); // Initialize logger
|
|
||||||
|
|
||||||
// Start HTTP server and bind to localhost:8080
|
|
||||||
HttpServer::new(|| App::new().service(login))
|
|
||||||
.bind(("127.0.0.1", 8080))?
|
|
||||||
.run()
|
|
||||||
.await
|
|
||||||
}
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
||||||
dn: ou=users,dc=schule,dc=local
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: users
|
|
||||||
|
|
||||||
dn: uid=schueler1,ou=users,dc=schule,dc=local
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: posixAccount
|
|
||||||
objectClass: shadowAccount
|
|
||||||
cn: Schueler1
|
|
||||||
sn: Mustermann
|
|
||||||
uid: schueler1
|
|
||||||
uidNumber: 1001
|
|
||||||
gidNumber: 1001
|
|
||||||
homeDirectory: /home/schueler1
|
|
||||||
loginShell: /bin/bash
|
|
||||||
userPassword: {SSHA}JDJhJDEwJG5EUFZ6U0pOSmpUckhOajRQY0hWNS5DNEp4Q2Mwa1pQSTZWYVhXeVdDMkFUMkFMY1do
|
|
||||||
|
|
||||||
dn: uid=schueler2,ou=users,dc=schule,dc=local
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: posixAccount
|
|
||||||
objectClass: shadowAccount
|
|
||||||
cn: Schueler2
|
|
||||||
sn: Beispiel
|
|
||||||
uid: schueler2
|
|
||||||
uidNumber: 1002
|
|
||||||
gidNumber: 1002
|
|
||||||
homeDirectory: /home/schueler2
|
|
||||||
loginShell: /bin/bash
|
|
||||||
userPassword: {SSHA}JDJhJDEwJEpNVTRzNUk4Z3dQclA1M2o1bU5FZWZKeTRHTlVndXZ0Q0VhblBuNlZXUENyaFZ4Q3NmS2lH
|
|
||||||
|
|
@ -36,8 +36,6 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- openldap_data:/var/lib/ldap
|
- openldap_data:/var/lib/ldap
|
||||||
- openldap_config:/etc/ldap/slapd.d
|
- openldap_config:/etc/ldap/slapd.d
|
||||||
- users.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/users.ldif
|
|
||||||
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "ldapsearch", "-x", "-H", "ldap://localhost", "-b", "dc=Schule,dc=intern"]
|
test: ["CMD", "ldapsearch", "-x", "-H", "ldap://localhost", "-b", "dc=Schule,dc=intern"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue