Summary
urlx already has a complete pure-Rust LDAP implementation (crates/liburlx/src/protocol/ldap.rs, ~1000 lines) with ASN.1 BER encoding, RFC 4516 URL parsing, anonymous/simple bind, search with filters, and LDAPS (TLS) support. However, there is no integration test coverage against a real LDAP server, and a few features are missing compared to curl.
Current State
The existing implementation supports:
What Needs to Be Done
1. Integration tests with a real LDAP server
- Add Rust integration tests that stand up a lightweight LDAP server (e.g., via Docker or an in-process test server) and verify:
- Anonymous bind + search
- Authenticated bind + search
- Filter expressions (equality, substring, AND/OR/NOT)
- Scope variations (base, one, sub)
- Attribute selection
- LDAPS (TLS) connections
- Error cases (bad credentials, non-existent base DN, invalid filter)
2. Missing features (compared to curl)
- STARTTLS: upgrade plain
ldap:// connection to TLS via the LDAP extended operation (OID 1.3.6.1.4.1.1466.20037). Currently only ldaps:// (implicit TLS on port 636) is supported.
- Proper error code mapping: curl maps LDAP errors to specific CURLcode values (e.g., CURLE_LDAP_CANNOT_BIND=38, CURLE_LDAP_SEARCH_FAILED=39). Verify these are returned correctly.
3. Output format verification
- Verify output format matches curl's LDAP output (DN lines, attribute formatting, base64 for binary values)
- Test with multi-valued attributes and binary attribute values
Acceptance Criteria — Curl Tests
The curl test suite has limited LDAP functional tests (no dedicated LDAP test server in the test infrastructure). The following tests already pass but should be verified as part of this work:
| Test |
Description |
Status |
| 445 |
Refuse tunneling protocols through HTTP proxy (includes LDAP URL) |
Already passes |
| 1462 |
Help category listing (includes LDAP) |
Already passes |
There are no dedicated LDAP protocol-level tests in curl's test suite (tests 1-1400) because curl's test infrastructure lacks an LDAP server. The primary acceptance criteria is therefore:
- New Rust integration tests covering the scenarios listed above
- No regressions in the existing 1,302 passing curl tests
- STARTTL support added
Reference
- Existing implementation:
crates/liburlx/src/protocol/ldap.rs
- curl's LDAP:
vendor/curl/lib/ldap.c (Windows/system LDAP) and vendor/curl/lib/openldap.c (OpenLDAP state machine)
- RFC 4511 (LDAPv3 protocol), RFC 4516 (LDAP URL format), RFC 4515 (LDAP filter syntax)
Summary
urlx already has a complete pure-Rust LDAP implementation (
crates/liburlx/src/protocol/ldap.rs, ~1000 lines) with ASN.1 BER encoding, RFC 4516 URL parsing, anonymous/simple bind, search with filters, and LDAPS (TLS) support. However, there is no integration test coverage against a real LDAP server, and a few features are missing compared to curl.Current State
The existing implementation supports:
ldap://host:port/dn?attrs?scope?filter?extensions)ldaps://)ldapandldapsin--versionProtocols outputeasy.rsWhat Needs to Be Done
1. Integration tests with a real LDAP server
2. Missing features (compared to curl)
ldap://connection to TLS via the LDAP extended operation (OID 1.3.6.1.4.1.1466.20037). Currently onlyldaps://(implicit TLS on port 636) is supported.3. Output format verification
Acceptance Criteria — Curl Tests
The curl test suite has limited LDAP functional tests (no dedicated LDAP test server in the test infrastructure). The following tests already pass but should be verified as part of this work:
There are no dedicated LDAP protocol-level tests in curl's test suite (tests 1-1400) because curl's test infrastructure lacks an LDAP server. The primary acceptance criteria is therefore:
Reference
crates/liburlx/src/protocol/ldap.rsvendor/curl/lib/ldap.c(Windows/system LDAP) andvendor/curl/lib/openldap.c(OpenLDAP state machine)