diff --git a/markbase-core/src/cli/tools/smb_server.rs b/markbase-core/src/cli/tools/smb_server.rs index 42b35ce..7c0c75b 100644 --- a/markbase-core/src/cli/tools/smb_server.rs +++ b/markbase-core/src/cli/tools/smb_server.rs @@ -36,6 +36,45 @@ pub enum SmbServerCommand { #[arg(long, default_value = "us-east-1")] s3_region: String, + + #[arg(long)] + ldap: bool, + + #[arg(long)] + ldap_url: Option, + + #[arg(long)] + ldap_base_dn: Option, + + #[arg(long)] + ldap_bind_dn: Option, + + #[arg(long)] + ldap_bind_password: Option, + + #[arg(long)] + ldap_user_search_base: Option, + + #[arg(long)] + ldap_group_search_base: Option, + + #[arg(long)] + ldap_user_id_attr: Option, + + #[arg(long)] + ldap_user_filter: Option, + + #[arg(long)] + ldap_group_filter: Option, + + #[arg(long)] + ldap_home_dir_attr: Option, + + #[arg(long)] + ldap_home_dir_prefix: Option, + + #[arg(long)] + ldap_user_groups_attr: Option, }, } @@ -63,8 +102,22 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result< s3_access_key, s3_secret_key, s3_region, + ldap, + ldap_url, + ldap_base_dn, + ldap_bind_dn, + ldap_bind_password, + ldap_user_search_base, + ldap_group_search_base, + ldap_user_id_attr, + ldap_user_filter, + ldap_group_filter, + ldap_home_dir_attr, + ldap_home_dir_prefix, + ldap_user_groups_attr, } => { use std::path::PathBuf; + use std::sync::Arc; use smb_server::{Access, Share, SmbServer}; use tracing_subscriber::EnvFilter; @@ -111,6 +164,35 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result< user }; + let ldap_provider: Option> = if ldap { + #[cfg(feature = "ldap")] + { + let config = crate::provider::ldap::LdapConfig { + ldap_url: ldap_url.unwrap_or_else(|| "ldap://localhost:389".to_string()), + base_dn: ldap_base_dn.unwrap_or_else(|| "dc=example,dc=com".to_string()), + bind_dn: ldap_bind_dn.unwrap_or_else(|| "cn=admin,dc=example,dc=com".to_string()), + bind_password: ldap_bind_password.unwrap_or_else(|| "admin".to_string()), + user_search_base: ldap_user_search_base.unwrap_or_else(|| "ou=users,dc=example,dc=com".to_string()), + group_search_base: ldap_group_search_base.unwrap_or_else(|| "ou=groups,dc=example,dc=com".to_string()), + user_filter: ldap_user_filter.unwrap_or_else(|| "(objectClass=person)".to_string()), + group_filter: ldap_group_filter.unwrap_or_else(|| "(objectClass=group)".to_string()), + user_id_attr: ldap_user_id_attr.unwrap_or_else(|| "uid".to_string()), + home_dir_attr: ldap_home_dir_attr.unwrap_or_else(|| "homeDirectory".to_string()), + home_dir_prefix: ldap_home_dir_prefix.unwrap_or_else(|| "/home".to_string()), + user_groups_attr: ldap_user_groups_attr.unwrap_or_else(|| "memberOf".to_string()), + }; + log::info!("LDAP authentication enabled: url={}, search_base={}", config.ldap_url, config.user_search_base); + Some(Arc::new(crate::provider::ldap::LdapProvider::new(config))) + } + #[cfg(not(feature = "ldap"))] + { + log::warn!("LDAP authentication requested but ldap feature not enabled"); + None + } + } else { + None + }; + let mut builder = SmbServer::builder().listen(addr); for (name, password) in &users { @@ -128,6 +210,9 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result< log::info!("SMB server listening on {}", addr); log::info!("Share '{}' at root: {}", share_name, root); log::info!("Users: {}", user_list.join(", ")); + if ldap_provider.is_some() { + log::info!("LDAP authentication: enabled"); + } server.serve().await?; }