support for startTLS ?

[NoxInmortus]

Hello,

I wish to connect this image to an OpenLDAP which is only supporting startTLS connections (on port 389).

I did not see any option for that use case.

Tried to play with those options

ldap_scheme = ldap/ldaps
ldap_ssl = true/false
ldap_port = 389

But it always fails and my openldap logs TLS confidentiality required.

[ViViDboarder]

I've got a branch that I think will fix this, but I'm hesitant to merge before verifying. Are you familiar enough with Rust to compile the branch and test? I can also upload a pre-release build for you to test with. Are you using the Docker image or a binary?

[NoxInmortus]

Hello @ViViDboarder

Well thanks for that quick answer !

Unfortunately i'm not familiar with Rust and i'm using the Docker image. I can build the image myself if required

[ViViDboarder]

Oh, that's perfect. If you check out the branch starttls, you should be able to build the image and give it a go.

Based on the example I can see in the upstream libraryldap3, it looks like you'll want to leave ldap_ssl = false and enable the new ldap_starttls = true. If the certs are not in the trusted store, you may need to also enable ldap_no_tls_verify = true.

If this works, I'll merge in and tag v0.3.0.

[NoxInmortus]

Yay!

thread 'main' panicked at 'broken pipe', src/main.rs:22:9
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/libunwind.rs:86
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:78
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:59
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1076
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1537
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:62
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:49
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:198
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:217
  10: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:526
  11: rust_begin_unwind
             at src/libstd/panicking.rs:437
  12: std::panicking::begin_panic_fmt
             at src/libstd/panicking.rs:391
  13: bitwarden_rs_ldap::main
  14: std::rt::lang_start::{{closure}}
  15: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:52
  16: std::panicking::try::do_call
             at src/libstd/panicking.rs:348
  17: std::panicking::try
             at src/libstd/panicking.rs:325
  18: std::panic::catch_unwind
             at src/libstd/panic.rs:394
  19: std::rt::lang_start_internal
             at src/libstd/rt.rs:51
  20: main
  21: __libc_start_main
  22: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Try to invite user: user1@domain.com
Try to invite user: user2@domain.com
Try to invite user: user3@domain.com
Sent invites to 3 user(s).

Working great, idk about that rust backtrace but working great

edit: @ViViDboarder Received email and was able to create my account with the invitation, all good for me

[ViViDboarder]

Awesome! That stack trace is probably from a previous run on the container. I'll merge.

[ViViDboarder]

I forgot to tag the release, but just did that now. New tagged build should be on Docker Hub soon, but the startTLS patch has been on :latest since December.