admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add LDAP CLI parameters to SMB server (Phase 2.2)
Some checks failed
Test / build (push) Has been cancelled
Details
Test / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Warren
2026-06-22 04:13:10 +08:00
parent 912bc21929
commit 88590d3611
1 changed files with 85 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
markbase-core/src/cli/tools/smb_server.rs
View File

@@ -36,6 +36,45 @@ pub enum SmbServerCommand {
#[arg(long, default_value = "us-east-1")]
s3_region: String,
#[arg(long)]
ldap: bool,
#[arg(long)]
ldap_url: Option<String>,
#[arg(long)]
ldap_base_dn: Option<String>,
#[arg(long)]
ldap_bind_dn: Option<String>,
#[arg(long)]
ldap_bind_password: Option<String>,
#[arg(long)]
ldap_user_search_base: Option<String>,
#[arg(long)]
ldap_group_search_base: Option<String>,
#[arg(long)]
ldap_user_id_attr: Option<String>,
#[arg(long)]
ldap_user_filter: Option<String>,
#[arg(long)]
ldap_group_filter: Option<String>,
#[arg(long)]
ldap_home_dir_attr: Option<String>,
#[arg(long)]
ldap_home_dir_prefix: Option<String>,
#[arg(long)]
ldap_user_groups_attr: Option<String>,
},
}
@@ -63,8 +102,22 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
s3_access_key,
s3_secret_key,
s3_region,
ldap,
ldap_url,
ldap_base_dn,
ldap_bind_dn,
ldap_bind_password,
ldap_user_search_base,
ldap_group_search_base,
ldap_user_id_attr,
ldap_user_filter,
ldap_group_filter,
ldap_home_dir_attr,
ldap_home_dir_prefix,
ldap_user_groups_attr,
} => {
use std::path::PathBuf;
use std::sync::Arc;
use smb_server::{Access, Share, SmbServer};
use tracing_subscriber::EnvFilter;
@@ -111,6 +164,35 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
user
};
let ldap_provider: Option<Arc<crate::provider::ldap::LdapProvider>> = if ldap {
#[cfg(feature = "ldap")]
{
let config = crate::provider::ldap::LdapConfig {
ldap_url: ldap_url.unwrap_or_else(|| "ldap://localhost:389".to_string()),
base_dn: ldap_base_dn.unwrap_or_else(|| "dc=example,dc=com".to_string()),
bind_dn: ldap_bind_dn.unwrap_or_else(|| "cn=admin,dc=example,dc=com".to_string()),
bind_password: ldap_bind_password.unwrap_or_else(|| "admin".to_string()),
user_search_base: ldap_user_search_base.unwrap_or_else(|| "ou=users,dc=example,dc=com".to_string()),
group_search_base: ldap_group_search_base.unwrap_or_else(|| "ou=groups,dc=example,dc=com".to_string()),
user_filter: ldap_user_filter.unwrap_or_else(|| "(objectClass=person)".to_string()),
group_filter: ldap_group_filter.unwrap_or_else(|| "(objectClass=group)".to_string()),
user_id_attr: ldap_user_id_attr.unwrap_or_else(|| "uid".to_string()),
home_dir_attr: ldap_home_dir_attr.unwrap_or_else(|| "homeDirectory".to_string()),
home_dir_prefix: ldap_home_dir_prefix.unwrap_or_else(|| "/home".to_string()),
user_groups_attr: ldap_user_groups_attr.unwrap_or_else(|| "memberOf".to_string()),
};
log::info!("LDAP authentication enabled: url={}, search_base={}", config.ldap_url, config.user_search_base);
Some(Arc::new(crate::provider::ldap::LdapProvider::new(config)))
}
#[cfg(not(feature = "ldap"))]
{
log::warn!("LDAP authentication requested but ldap feature not enabled");
None
}
} else {
None
};
let mut builder = SmbServer::builder().listen(addr);
for (name, password) in &users {
@@ -128,6 +210,9 @@ pub async fn handle_smb_server_command(cmd: SmbServerCommand) -> anyhow::Result<
log::info!("SMB server listening on {}", addr);
log::info!("Share '{}' at root: {}", share_name, root);
log::info!("Users: {}", user_list.join(", "));
if ldap_provider.is_some() {
log::info!("LDAP authentication: enabled");
}
server.serve().await?;
}