46 lines
1.6 KiB
Rust
46 lines
1.6 KiB
Rust
use ldap3::{LdapConn, Scope, SearchEntry};
|
|
|
|
/// Authenticates a user against an LDAP server.
|
|
///
|
|
/// # Arguments
|
|
/// * `ldap_server` - The LDAP server URL.
|
|
/// * `base_dn` - The base DN for the LDAP directory.
|
|
/// * `username` - The username to authenticate.
|
|
/// * `password` - The password for the user.
|
|
///
|
|
/// # Returns
|
|
/// * `Ok(true)` if authentication is successful.
|
|
/// * `Ok(false)` if authentication fails.
|
|
/// * `Err` if an error occurs during the process.
|
|
pub fn authenticate_user(
|
|
ldap_server: &str,
|
|
base_dn: &str,
|
|
username: &str,
|
|
password: &str,
|
|
) -> Result<bool, Box<dyn std::error::Error>> {
|
|
// Establish connection to LDAP server
|
|
let ldap = LdapConn::new(ldap_server)?;
|
|
|
|
// Search for the user in the LDAP directory
|
|
let (rs, _res) = ldap
|
|
.search(
|
|
&format!("ou=users,{}", base_dn), // Search under "ou=users"
|
|
Scope::Subtree, // Search all levels
|
|
&format!("(uid={})", username), // Filter by username
|
|
vec!["dn"], // Retrieve the distinguished name (DN)
|
|
)?
|
|
.success()?;
|
|
|
|
// If user is found, attempt to authenticate with their DN and password
|
|
if let Some(entry) = rs.into_iter().next() {
|
|
let user_dn = SearchEntry::construct(entry).dn; // Extract user DN
|
|
|
|
// Reconnect and bind with user credentials
|
|
let user_ldap = LdapConn::new(ldap_server)?;
|
|
let auth_result = user_ldap.simple_bind(&user_dn, password)?.success();
|
|
return Ok(auth_result.is_ok()); // Return true if authentication succeeds
|
|
}
|
|
|
|
Ok(false) // Return false if user is not found
|
|
}
|
|
|