Add basic LDAP bind functionality

app/ldap/controllers/Users.controller.js

@@ -0,0 +1,59 @@
+const LDAPController = require('./LDAPController')
+const LDAP = require('ldapjs')
+
+class UsersController extends LDAPController {
+    static get services() {
+        return [...super.services, 'output', 'ldap_server', 'models']
+    }
+
+    async search_people(req, res, next) {
+        global.ireq = req
+    }
+
+    async bind(req, res, next) {
+        const auth_dn = this.ldap_server.auth_dn()
+
+        // Make sure the DN is valid
+        if ( !req.dn.childOf(auth_dn) ) {
+            return next(new LDAP.InvalidCredentialsError())
+        }
+
+        // Get the user
+        const user = await this.get_user_from_dn(req.dn)
+        if ( !user ) {
+            return next(new LDAP.InvalidCredentialsError())
+        }
+
+        // Make sure the password matches the user record
+        if ( !await user.check_password(req.credentials) ) {
+            return next(new LDAP.InvalidCredentialsError())
+        }
+
+        // Make sure the user has permission to bind
+        if ( !user.can('ldap:bind') ) {
+            return next(new LDAP.InsufficientAccessRightsError())
+        }
+
+        this.output.success(`Successfully bound user ${user.uid} as DN: ${req.dn.format({skipSpace: true})}.`)
+        return res.end()
+    }
+
+    get_uid_from_dn(dn) {
+        const uid_field = this.ldap_server.config.schema.auth.user_id
+
+        try {
+            if ( typeof dn === 'string' ) dn = LDAP.parseDN(dn)
+            return dn.rdns[0].attrs[uid_field].value
+        } catch (e) {}
+    }
+
+    async get_user_from_dn(dn) {
+        const uid = this.get_uid_from_dn(dn)
+        if ( uid ) {
+            const User = this.models.get('auth:User')
+            return User.findOne({uid})
+        }
+    }
+}
+
+module.exports = exports = UsersController