From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 33AA993E57 for ; Mon, 9 Jan 2023 11:53:19 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1C9902BDE4 for ; Mon, 9 Jan 2023 11:52:49 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 9 Jan 2023 11:52:47 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B62AA44CB4 for ; Mon, 9 Jan 2023 11:52:47 +0100 (CET) Message-ID: <04b0fcbc-295d-783e-ca19-19d03b191ece@proxmox.com> Date: Mon, 9 Jan 2023 11:52:46 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Content-Language: en-US To: Wolfgang Bumiller Cc: pbs-devel@lists.proxmox.com References: <20230103142308.656240-1-l.wagner@proxmox.com> <20230103142308.656240-6-l.wagner@proxmox.com> <20230104132337.dj6nua4u7cgywcsq@casey.proxmox.com> From: Lukas Wagner In-Reply-To: <20230104132337.dj6nua4u7cgywcsq@casey.proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.176 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup 05/17] auth: add LDAP module X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2023 10:53:19 -0000 On 1/4/23 14:23, Wolfgang Bumiller wrote: >> +#[derive(PartialEq, Eq)] >> +/// LDAP connection security >> +pub enum LdapConnectionMode { > Is there any particular reason to not just reuse the API type? > >> + /// unencrypted connection >> + Ldap, >> + /// upgrade to TLS via STARTTLS >> + StartTls, >> + /// TLS via LDAPS >> + Ldaps, >> +} >> + >> +/// Configuration for LDAP connections >> +pub struct LdapConfig { > Same here, you could just reference the api config? > As mentioned in the commit message, the main rationale behind this decision was decoupling this module from the rest of the system. I did this with the thought in mind that `src/server/ldap.rs` could be promoted to be its own crate, in case the we want to reuse the implementation somewhere else. Our `proxmox-openid` crate seems to do the same thing, configuration-wise: It provides its own configuration structs, and in the products using it, e.g. PBS, there are adapters in place that map API-type -> OpenID-Config. Maybe premature optmization^Wrefactoring, but at the time of writing this code it seemed a good choice to me. -- - Lukas