studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Provide better generated config defaults for ldap section.

Browse Source 
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-09-23 04:56:02 +00:00
parent 5467c9e486
commit bffb7f89c8
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/core/config/mod.rs
View File

@@ -2157,6 +2157,8 @@ pub struct LdapConfig {
/// Root of the searches. /// Root of the searches.
/// ///
/// example: "ou=users,dc=example,dc=org" /// example: "ou=users,dc=example,dc=org"
///
/// default:
#[serde(default)] #[serde(default)]
pub base_dn: String, pub base_dn: String,
@@ -2170,6 +2172,8 @@ pub struct LdapConfig {
/// ///
/// example: "cn=ldap-reader,dc=example,dc=org" or /// example: "cn=ldap-reader,dc=example,dc=org" or
/// "cn={username},ou=users,dc=example,dc=org" /// "cn={username},ou=users,dc=example,dc=org"
///
/// default: ""
#[serde(default)] #[serde(default)]
pub bind_dn: Option<String>, pub bind_dn: Option<String>,
@@ -2177,6 +2181,8 @@ pub struct LdapConfig {
/// `bind_dn`. /// `bind_dn`.
/// ///
/// The server must be able to access the file, and it must not be empty. /// The server must be able to access the file, and it must not be empty.
///
/// default: ""
#[serde(default)] #[serde(default)]
pub bind_password_file: Option<PathBuf>, pub bind_password_file: Option<PathBuf>,
@@ -2220,6 +2226,8 @@ pub struct LdapConfig {
/// Defaults to `base_dn` if empty. /// Defaults to `base_dn` if empty.
/// ///
/// example: "ou=admins,dc=example,dc=org" /// example: "ou=admins,dc=example,dc=org"
///
/// default:
#[serde(default)] #[serde(default)]
pub admin_base_dn: String, pub admin_base_dn: String,
@@ -2232,6 +2240,8 @@ pub struct LdapConfig {
/// entered username for more complex filters. /// entered username for more complex filters.
/// ///
/// example: "(objectClass=tuwunelAdmin)" or "(uid={username})" /// example: "(objectClass=tuwunelAdmin)" or "(uid={username})"
///
/// default:
#[serde(default)] #[serde(default)]
pub admin_filter: String, pub admin_filter: String,
} }

10
tuwunel-example.toml
View File

@@ -1841,7 +1841,7 @@
# #
# example: "ou=users,dc=example,dc=org" # example: "ou=users,dc=example,dc=org"
# #
#base_dn = false #base_dn =
# Bind DN if anonymous search is not enabled. # Bind DN if anonymous search is not enabled.
# #
@@ -1854,14 +1854,14 @@
# example: "cn=ldap-reader,dc=example,dc=org" or # example: "cn=ldap-reader,dc=example,dc=org" or
# "cn={username},ou=users,dc=example,dc=org" # "cn={username},ou=users,dc=example,dc=org"
# #
#bind_dn = false #bind_dn = ""
# Path to a file on the system that contains the password for the # Path to a file on the system that contains the password for the
# `bind_dn`. # `bind_dn`.
# #
# The server must be able to access the file, and it must not be empty. # The server must be able to access the file, and it must not be empty.
# #
#bind_password_file = false #bind_password_file = ""
# Search filter to limit user searches. # Search filter to limit user searches.
# #
@@ -1896,7 +1896,7 @@
# #
# example: "ou=admins,dc=example,dc=org" # example: "ou=admins,dc=example,dc=org"
# #
#admin_base_dn = false #admin_base_dn =
# The LDAP search filter to find administrative users for tuwunel. # The LDAP search filter to find administrative users for tuwunel.
# #
@@ -1908,7 +1908,7 @@
# #
# example: "(objectClass=tuwunelAdmin)" or "(uid={username})" # example: "(objectClass=tuwunelAdmin)" or "(uid={username})"
# #
#admin_filter = false #admin_filter =
#[global.jwt] #[global.jwt]