diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs index f9862e2a..2df7409b 100644 --- a/proxmox-ldap/src/lib.rs +++ b/proxmox-ldap/src/lib.rs @@ -193,6 +193,28 @@ impl Connection { Ok(()) } + /// Retrieves an attribute from the root DSE according to RFC 4512, Section 5.1 + /// https://www.rfc-editor.org/rfc/rfc4512#section-5.1 + pub async fn retrieve_root_dse_attr(&self, attr: &str) -> Result, Error> { + let mut ldap = self.create_connection().await?; + + let (entries, _res) = ldap + .search("", Scope::Base, "(objectClass=*)", &[attr]) + .await? + .success()?; + + if entries.len() > 1 { + bail!("found multiple root DSEs with attribute '{attr}'"); + } + + entries + .into_iter() + .next() + .map(SearchEntry::construct) + .and_then(|e| e.attrs.get(attr).cloned()) + .ok_or_else(|| format_err!("failed to retrieve root DSE attribute '{attr}'")) + } + /// Retrive port from LDAP configuration, otherwise use the correct default fn port_from_config(&self) -> u16 { self.config.port.unwrap_or_else(|| { diff --git a/proxmox-ldap/tests/assets/glauth.cfg b/proxmox-ldap/tests/assets/glauth.cfg index 72551692..8abbdc64 100644 --- a/proxmox-ldap/tests/assets/glauth.cfg +++ b/proxmox-ldap/tests/assets/glauth.cfg @@ -16,6 +16,7 @@ debug = true baseDN = "dc=example,dc=com" nameformat = "cn" groupformat = "ou" + anonymousdse = true # to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256 diff --git a/proxmox-ldap/tests/glauth.rs b/proxmox-ldap/tests/glauth.rs index 88875d20..74720c10 100644 --- a/proxmox-ldap/tests/glauth.rs +++ b/proxmox-ldap/tests/glauth.rs @@ -191,3 +191,19 @@ fn test_check_connection() -> Result<(), Error> { Ok(()) } + +#[test] +#[ignore] +fn test_retrieve_root_dse_attr() -> Result<(), Error> { + let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?; + + let connection = Connection::new(default_config()); + + let values = proxmox_async::runtime::block_on( + connection.retrieve_root_dse_attr("defaultNamingContext"), + )?; + + assert_eq!(values, vec!["dc=example,dc=com"]); + + Ok(()) +}