Skip to content

feat(ldap): add STARTTLS support, error code mapping, and integration tests#137

Merged
jonwiggins merged 2 commits intomainfrom
optio/task-3049ae72-ad16-408b-a84b-e692d0592e9f
Mar 28, 2026
Merged

feat(ldap): add STARTTLS support, error code mapping, and integration tests#137
jonwiggins merged 2 commits intomainfrom
optio/task-3049ae72-ad16-408b-a84b-e692d0592e9f

Conversation

@jonwiggins
Copy link
Copy Markdown
Owner

@jonwiggins jonwiggins commented Mar 28, 2026

Summary

  • STARTTLS support: Add LDAP Extended Operation (OID 1.3.6.1.4.1.1466.20037) to upgrade plain ldap:// connections to TLS, following the same UseSsl pattern as SMTP/IMAP/POP3. Supports both --ssl-reqd (required, fail if unavailable) and --ssl (opportunistic, fall back to plain) modes.
  • Proper error code mapping: Add CURLE_LDAP_CANNOT_BIND (38) for bind failures and LdapBind error variant, instead of reusing CURLE_LDAP_SEARCH_FAILED (39). Use dedicated LdapSearch error for search failures.
  • 26 integration tests: Stand up a mock LDAP server speaking the BER wire protocol over TCP, covering:
    • Anonymous bind + search
    • Authenticated bind + search
    • Multiple entries and multi-valued attributes
    • Binary attribute values (base64 encoded)
    • All three search scopes (base, one, sub)
    • Filter expressions (equality, presence, substring, AND/OR/NOT)
    • LDAPS (implicit TLS)
    • STARTTLS required / try / fallback modes
    • Error paths (bind failure, search failure, connection refused)
    • Output format verification (matches curl's DN/attribute format)

Test plan

  • All 26 new LDAP integration tests pass
  • All 345 existing lib tests pass (no regressions)
  • All 270 FFI tests pass
  • All 8 doc tests pass
  • cargo clippy passes with zero errors
  • cargo fmt --check passes

🤖 Generated with Claude Code

Optio Agent and others added 2 commits March 28, 2026 16:04
@claude
feat(ldap): add STARTTLS support, error code mapping, and integration…
e052631 
… tests

Add STARTTLS (RFC 4511 Extended Operation) support to upgrade plain
ldap:// connections to TLS, with both required (--ssl-reqd) and
opportunistic (--ssl) modes following the same pattern as SMTP/IMAP/POP3.

Add proper CURLE_LDAP_CANNOT_BIND (38) error code for bind failures
instead of reusing CURLE_LDAP_SEARCH_FAILED (39), and use dedicated
LdapBind/LdapSearch error variants for correct FFI mapping.

Add 26 integration tests with a mock BER-speaking LDAP server covering:
anonymous/authenticated bind, multiple entries, multi-valued attributes,
binary base64 encoding, all three scopes, filter types (equality,
presence, substring, AND/OR/NOT), LDAPS implicit TLS, STARTTLS
required/try/fallback modes, error paths, and output format verification.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix(ldap): suppress clippy/warning lints in integration tests for CI
a92cad3 
CI uses RUSTFLAGS="-D warnings" which promotes warnings to errors.
Add allows for doc_markdown, redundant_closure_for_method_calls,
used_underscore_binding, and unused_results in test code.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jonwiggins jonwiggins merged commit 265756e into main Mar 28, 2026
7 checks passed
@jonwiggins jonwiggins mentioned this pull request Mar 28, 2026
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonwiggins