From 9f70910283b5e96ba9530c5b54999e8ccf833c9c Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 1 Aug 2022 08:28:37 +0200 Subject: [PATCH 1/4] docs: Update the docker config template to add smtp_encryption --- lldap_config.docker_template.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lldap_config.docker_template.toml b/lldap_config.docker_template.toml index c579b8a..1479efc 100644 --- a/lldap_config.docker_template.toml +++ b/lldap_config.docker_template.toml @@ -101,8 +101,8 @@ key_file = "/data/private_key" #server="smtp.gmail.com" ## The SMTP port. #port=587 -## Whether to connect with TLS. -#tls_required=true +## How the connection is encrypted, either "TLS" or "STARTTLS". +#smtp_encryption = "TLS" ## The SMTP user, usually your email address. #user="sender@gmail.com" ## The SMTP password. From 897704fab3fb1ba2204f7959b7db498555b98dac Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 1 Aug 2022 08:35:44 +0200 Subject: [PATCH 2/4] server: Fix extra error message when DB doesn't exist Fixes #270 --- server/src/domain/sql_tables.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/server/src/domain/sql_tables.rs b/server/src/domain/sql_tables.rs index d7f7ca9..989e604 100644 --- a/server/src/domain/sql_tables.rs +++ b/server/src/domain/sql_tables.rs @@ -77,11 +77,10 @@ async fn column_exists(pool: &Pool, table_name: &str, column_name: &str) -> sqlx "SELECT COUNT(*) AS col_count FROM pragma_table_info('{}') WHERE name = '{}'", table_name, column_name ); - Ok(sqlx::query(&query) - .fetch_one(pool) - .await? - .get::("col_count") - > 0) + match sqlx::query(&query).fetch_one(pool).await { + Err(_) => Ok(false), + Ok(row) => Ok(row.get::("col_count") > 0), + } } pub async fn create_group(group_name: &str, pool: &Pool) -> sqlx::Result<()> { From 36eed1e09151e75d5546952d046ef5cf2929da15 Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 1 Aug 2022 08:45:55 +0200 Subject: [PATCH 3/4] README: Document the build process, add systemd service Fixes #269. --- README.md | 25 +++++++++++++++++++++---- example_configs/lldap.service | 22 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 example_configs/lldap.service diff --git a/README.md b/README.md index 325fe9c..8343f1e 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,20 @@ front-end. ### From source +To compile the project, you'll need: + +* npm, curl: `sudo apt install curl npm` +* Rust/Cargo: [rustup.rs](https://rustup.rs/) + +Then you can compile the server (and the migration tool if you want): + +```shell +cargo build --release -p lldap -p migration-tool +``` + +The resulting binaries will be in `./target/release/`. Alternatively, you can +just run `cargo run -- run` to run the server. + To bring up the server, you'll need to compile the frontend. In addition to cargo, you'll need: @@ -172,10 +186,13 @@ cargo, you'll need: Then you can build the frontend files with `./app/build.sh` (you'll need to run this after every front-end change to update the WASM package served). -To bring up the server, just run `cargo run`. The default config is in -`src/infra/configuration.rs`, but you can override it by creating an -`lldap_config.toml`, setting environment variables or passing arguments to -`cargo run`. +The default config is in `src/infra/configuration.rs`, but you can override it +by creating an `lldap_config.toml`, setting environment variables or passing +arguments to `cargo run`. Have a look at the docker template: +`lldap_config.docker_template.toml`. + +You can also install it as a systemd service, see +[lldap.service](example_configs/lldap.service). ### Cross-compilation diff --git a/example_configs/lldap.service b/example_configs/lldap.service new file mode 100644 index 0000000..0313172 --- /dev/null +++ b/example_configs/lldap.service @@ -0,0 +1,22 @@ +[Unit] +Description=Nitnelave LLDAP +Documentation=https://github.com/nitnelave/lldap + +# Only sqlite +After=network.target + +[Service] +# The user/group LLDAP is run under. The working directory (see below) should allow write and read access to this user/group. +User=root +Group=root + +# The location of the compiled binary +ExecStart=/opt/nitnelave/lldap \ + run + +# Only allow writes to the following directory and set it to the working directory (user and password data are stored here). +WorkingDirectory=/opt/nitnelave/ +ReadWriteDirectories=/opt/nitnelave/ + +[Install] +WantedBy=multi-user.target From c108921dcf37115f1e11a93c549c94a4034b6aef Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 1 Aug 2022 13:55:20 +0200 Subject: [PATCH 4/4] server: Add a log message when search is restricted Fixes #264. --- server/src/infra/ldap_handler.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/src/infra/ldap_handler.rs b/server/src/infra/ldap_handler.rs index b80b0bf..3e0b6e1 100644 --- a/server/src/infra/ldap_handler.rs +++ b/server/src/infra/ldap_handler.rs @@ -15,7 +15,7 @@ use ldap3_server::proto::{ LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult, LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope, }; -use tracing::{debug, instrument, warn}; +use tracing::{debug, info, instrument, warn}; #[derive(Debug, PartialEq, Eq, Clone)] struct LdapDn(String); @@ -738,6 +738,7 @@ impl LdapHandler filters, Some(u) => { + info!("Unpriviledged search, limiting results"); UserRequestFilter::And(vec![filters, UserRequestFilter::UserId((*u).clone())]) } }; @@ -802,6 +803,7 @@ impl LdapHandler filter, Some(u) => { + info!("Unpriviledged search, limiting results"); GroupRequestFilter::And(vec![filter, GroupRequestFilter::Member((*u).clone())]) } };