Add LDAP CLI parameters to SMB server (Phase 2.2)
This commit is contained in:
Warren
@@ -36,6 +36,45 @@ pub enum SmbServerCommand {
|
|||||||
|
|
||||||
#[arg(long, default_value = "us-east-1")]
|
#[arg(long, default_value = "us-east-1")]
|
||||||
s3_region: String,
|
s3_region: String,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap: bool,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_url: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_base_dn: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_bind_dn: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_bind_password: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_user_search_base: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_group_search_base: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_user_id_attr: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_user_filter: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_group_filter: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_home_dir_attr: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_home_dir_prefix: Option<String>,
|
||||||
|
|
||||||
|
#[arg(long)]
|
||||||
|
ldap_user_groups_attr: Option<String>,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -63,8 +102,22 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
|
|||||||
s3_access_key,
|
s3_access_key,
|
||||||
s3_secret_key,
|
s3_secret_key,
|
||||||
s3_region,
|
s3_region,
|
||||||
|
ldap,
|
||||||
|
ldap_url,
|
||||||
|
ldap_base_dn,
|
||||||
|
ldap_bind_dn,
|
||||||
|
ldap_bind_password,
|
||||||
|
ldap_user_search_base,
|
||||||
|
ldap_group_search_base,
|
||||||
|
ldap_user_id_attr,
|
||||||
|
ldap_user_filter,
|
||||||
|
ldap_group_filter,
|
||||||
|
ldap_home_dir_attr,
|
||||||
|
ldap_home_dir_prefix,
|
||||||
|
ldap_user_groups_attr,
|
||||||
} => {
|
} => {
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
use std::sync::Arc;
|
||||||
|
|
||||||
use smb_server::{Access, Share, SmbServer};
|
use smb_server::{Access, Share, SmbServer};
|
||||||
use tracing_subscriber::EnvFilter;
|
use tracing_subscriber::EnvFilter;
|
||||||
@@ -111,6 +164,35 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
|
|||||||
user
|
user
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let ldap_provider: Option<Arc<crate::provider::ldap::LdapProvider>> = if ldap {
|
||||||
|
#[cfg(feature = "ldap")]
|
||||||
|
{
|
||||||
|
let config = crate::provider::ldap::LdapConfig {
|
||||||
|
ldap_url: ldap_url.unwrap_or_else(|| "ldap://localhost:389".to_string()),
|
||||||
|
base_dn: ldap_base_dn.unwrap_or_else(|| "dc=example,dc=com".to_string()),
|
||||||
|
bind_dn: ldap_bind_dn.unwrap_or_else(|| "cn=admin,dc=example,dc=com".to_string()),
|
||||||
|
bind_password: ldap_bind_password.unwrap_or_else(|| "admin".to_string()),
|
||||||
|
user_search_base: ldap_user_search_base.unwrap_or_else(|| "ou=users,dc=example,dc=com".to_string()),
|
||||||
|
group_search_base: ldap_group_search_base.unwrap_or_else(|| "ou=groups,dc=example,dc=com".to_string()),
|
||||||
|
user_filter: ldap_user_filter.unwrap_or_else(|| "(objectClass=person)".to_string()),
|
||||||
|
group_filter: ldap_group_filter.unwrap_or_else(|| "(objectClass=group)".to_string()),
|
||||||
|
user_id_attr: ldap_user_id_attr.unwrap_or_else(|| "uid".to_string()),
|
||||||
|
home_dir_attr: ldap_home_dir_attr.unwrap_or_else(|| "homeDirectory".to_string()),
|
||||||
|
home_dir_prefix: ldap_home_dir_prefix.unwrap_or_else(|| "/home".to_string()),
|
||||||
|
user_groups_attr: ldap_user_groups_attr.unwrap_or_else(|| "memberOf".to_string()),
|
||||||
|
};
|
||||||
|
log::info!("LDAP authentication enabled: url={}, search_base={}", config.ldap_url, config.user_search_base);
|
||||||
|
Some(Arc::new(crate::provider::ldap::LdapProvider::new(config)))
|
||||||
|
}
|
||||||
|
#[cfg(not(feature = "ldap"))]
|
||||||
|
{
|
||||||
|
log::warn!("LDAP authentication requested but ldap feature not enabled");
|
||||||
|
None
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
};
|
||||||
|
|
||||||
let mut builder = SmbServer::builder().listen(addr);
|
let mut builder = SmbServer::builder().listen(addr);
|
||||||
|
|
||||||
for (name, password) in &users {
|
for (name, password) in &users {
|
||||||
@@ -128,6 +210,9 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
|
|||||||
log::info!("SMB server listening on {}", addr);
|
log::info!("SMB server listening on {}", addr);
|
||||||
log::info!("Share '{}' at root: {}", share_name, root);
|
log::info!("Share '{}' at root: {}", share_name, root);
|
||||||
log::info!("Users: {}", user_list.join(", "));
|
log::info!("Users: {}", user_list.join(", "));
|
||||||
|
if ldap_provider.is_some() {
|
||||||
|
log::info!("LDAP authentication: enabled");
|
||||||
|
}
|
||||||
|
|
||||||
server.serve().await?;
|
server.serve().await?;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user