attempt to add support for ldap

Blind attempt Don't create account for existing ldap that is unknown yet Include connection pooling
refactor login
11 changed files with 326 additions and 74 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1308,6 +1308,40 @@ name = "lazycell"
 version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"

+[[package]]
+name = "lber"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "nom 2.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "ldap3"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "lber 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "native-tls 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "nom 2.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-codec 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-tls 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-uds 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-uds-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "url 1.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "lettre"
 version = "0.9.0"
@ -1642,6 +1676,11 @@ name = "nodrop"
 version = "0.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"

+[[package]]
+name = "nom"
+version = "2.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "nom"
 version = "4.2.3"
@ -1994,6 +2033,7 @@ dependencies = [
 "heck 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "itertools 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ldap3 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "migrations_internals 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "openssl 0.10.22 (registry+https://github.com/rust-lang/crates.io-index)",
 "plume-api 0.3.0",
@ -2582,6 +2622,11 @@ dependencies = [
 "variance 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "scoped-tls"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "scopeguard"
 version = "0.1.2"
@ -2695,11 +2740,21 @@ name = "siphasher"
 version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"

+[[package]]
+name = "slab"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "slab"
 version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"

+[[package]]
+name = "smallvec"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "smallvec"
 version = "0.6.9"
@ -2880,6 +2935,11 @@ dependencies = [
 "unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "take"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "tantivy"
 version = "0.9.1"
@ -3051,6 +3111,24 @@ dependencies = [
 "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-core"
+version = "0.1.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mio 0.6.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "scoped-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-executor 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-reactor 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-timer 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "tokio-current-thread"
 version = "0.1.6"
@ -3089,6 +3167,23 @@ dependencies = [
 "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-proto"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand 0.3.23 (registry+https://github.com/rust-lang/crates.io-index)",
+ "slab 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "smallvec 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "take 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "tokio-reactor"
 version = "0.1.9"
@ -3107,6 +3202,14 @@ dependencies = [
 "tokio-sync 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-service"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "tokio-sync"
 version = "0.1.5"
@ -3156,6 +3259,16 @@ dependencies = [
 "tokio-executor 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-tls"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "native-tls 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "tokio-trace-core"
 version = "0.2.0"
@ -3178,6 +3291,22 @@ dependencies = [
 "tokio-reactor 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-uds"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.58 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mio 0.6.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mio-uds 0.6.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "tokio-uds"
 version = "0.2.5"
@ -3195,6 +3324,18 @@ dependencies = [
 "tokio-reactor 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

+[[package]]
+name = "tokio-uds-proto"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "futures 0.1.27 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-uds 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "toml"
 version = "0.4.10"
@ -3659,6 +3800,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73"
 "checksum lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14"
 "checksum lazycell 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b294d6fa9ee409a054354afc4352b0b9ef7ca222c69b8812cbea9e7d2bf3783f"
+"checksum lber 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "aa172a35dd26774593b503d085735a189e322d16a2049b2739eb7f914b141b36"
+"checksum ldap3 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)" = "dae98945f9023ddb484ec9cd9faffddabf18174e1f08bab360848a36ab4f8a80"
 "checksum lettre 0.9.0 (git+https://github.com/lettre/lettre?rev=c988b1760ad8179d9e7f3fb8594d2b86cf2a0a49)" = "<none>"
 "checksum lettre_email 0.9.0 (git+https://github.com/lettre/lettre?rev=c988b1760ad8179d9e7f3fb8594d2b86cf2a0a49)" = "<none>"
 "checksum levenshtein_automata 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "73a004f877f468548d8d0ac4977456a249d8fabbdb8416c36db163dfc8f2e8ca"
@ -3694,6 +3837,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum new_debug_unreachable 1.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "f40f005c60db6e03bae699e414c58bf9aa7ea02a2d0b9bfbcf19286cc4c82b30"
 "checksum nix 0.14.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6c722bee1037d430d0f8e687bbdbf222f27cc6e4e68d5caf630857bb2b6dbdce"
 "checksum nodrop 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)" = "2f9667ddcc6cc8a43afc9b7917599d7216aa09c463919ea32c59ed6cac8bc945"
+"checksum nom 2.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cf51a729ecf40266a2368ad335a5fdde43471f545a967109cd62146ecf8b66ff"
 "checksum nom 4.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2ad2a91a8e869eeb30b9cb3119ae87773a8f4ae617f41b1eb9c154b2905f7bd6"
 "checksum notify 4.0.11 (registry+https://github.com/rust-lang/crates.io-index)" = "ceb1a496a81dd6125f68ce772b41b83efe89a54d21768ed6d0c33c95832604e6"
 "checksum num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "e83d528d2677f0518c570baf2b7abdcf0cd2d248860b68507bdcb3e91d4c0cea"
@ -3781,6 +3925,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum schannel 0.1.15 (registry+https://github.com/rust-lang/crates.io-index)" = "f2f6abf258d99c3c1c5c2131d99d064e94b7b3dd5f416483057f308fea253339"
 "checksum scheduled-thread-pool 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1a2ff3fc5223829be817806c6441279c676e454cc7da608faf03b0ccc09d3889"
 "checksum scoped-pool 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "817a3a15e704545ce59ed2b5c60a5d32bda4d7869befb8b36667b658a6c00b43"
+"checksum scoped-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "332ffa32bf586782a3efaeb58f127980944bbc8c4d6913a86107ac2a5ab24b28"
 "checksum scopeguard 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "59a076157c1e2dc561d8de585151ee6965d910dd4dcb5dabb7ae3e83981a6c57"
 "checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27"
 "checksum security-framework 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "eee63d0f4a9ec776eeb30e220f0bc1e092c3ad744b2a379e3993070364d3adc2"
@ -3795,7 +3940,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum sha1 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d"
 "checksum shrinkwraprs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7d5f047b90b2ca2d1526ff73d67cba61f86f4cf9a8afddc99dd96702ded8e684"
 "checksum siphasher 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "0b8de496cf83d4ed58b6be86c3a275b8602f6ffe98d3024a869e124147a9a3ac"
+"checksum slab 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "17b4fcaed89ab08ef143da37bc52adbcc04d4a69014f4c1208d6b51f0c47bc23"
 "checksum slab 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c111b5bd5695e56cffe5129854aa230b39c93a305372fdbb2668ca2394eea9f8"
+"checksum smallvec 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4c8cbcd6df1e117c2210e13ab5109635ad68a929fcbb8964dc965b76cb5ee013"
 "checksum smallvec 0.6.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c4488ae950c49d403731982257768f48fada354a5203fe81f9bb6f43ca9002be"
 "checksum snap 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)" = "95d697d63d44ad8b78b8d235bf85b34022a78af292c8918527c5f0cffdde7f43"
 "checksum stable_deref_trait 1.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "dba1a27d3efae4351c8051072d619e3ade2820635c3958d826bfea39d59b54c8"
@ -3816,6 +3963,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum syn 0.15.34 (registry+https://github.com/rust-lang/crates.io-index)" = "a1393e4a97a19c01e900df2aec855a29f71cf02c402e2f443b8d2747c25c5dbe"
 "checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6"
 "checksum synstructure 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)" = "02353edf96d6e4dc81aea2d8490a7e9db177bf8acb0e951c24940bf866cb313f"
+"checksum take 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b157868d8ac1f56b64604539990685fa7611d8fa9e5476cf0c02cf34d32917c5"
 "checksum tantivy 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "67a63475a55950ad47573f881d912b8fab7f1f53a9cc2e036185efc92b471402"
 "checksum tantivy-fst 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "16b22af5ff09b8897093287642a5aaee6f30eb496526ef83a8dd0f4c636ac367"
 "checksum tempdir 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)" = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8"
@ -3828,18 +3976,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum tokio 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)" = "ec2ffcf4bcfc641413fa0f1427bf8f91dfc78f56a6559cbf50e04837ae442a87"
 "checksum tokio-buf 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fb220f46c53859a4b7ec083e41dec9778ff0b1851c0942b211edb89e0ccdc46"
 "checksum tokio-codec 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5c501eceaf96f0e1793cf26beb63da3d11c738c4a943fdf3746d81d64684c39f"
+"checksum tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)" = "aeeffbbb94209023feaef3c196a41cbcdafa06b4a6f893f68779bb5e53796f71"
 "checksum tokio-current-thread 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "d16217cad7f1b840c5a97dfb3c43b0c871fef423a6e8d2118c604e843662a443"
 "checksum tokio-executor 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "83ea44c6c0773cc034771693711c35c677b4b5a4b21b9e7071704c54de7d555e"
 "checksum tokio-fs 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "3fe6dc22b08d6993916647d108a1a7d15b9cd29c4f4496c62b92c45b5041b7af"
 "checksum tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "5090db468dad16e1a7a54c8c67280c5e4b544f3d3e018f0b913b400261f85926"
+"checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389"
 "checksum tokio-reactor 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "6af16bfac7e112bea8b0442542161bfc41cbfa4466b580bdda7d18cb88b911ce"
+"checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162"
 "checksum tokio-sync 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "5b2f843ffdf8d6e1f90bddd48da43f99ab071660cd92b7ec560ef3cdfd7a409a"
 "checksum tokio-tcp 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1d14b10654be682ac43efee27401d792507e30fd8d26389e1da3b185de2e4119"
 "checksum tokio-threadpool 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)" = "72558af20be886ea124595ea0f806dd5703b8958e4705429dd58b3d8231f72f2"
 "checksum tokio-timer 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "f2106812d500ed25a4f38235b9cae8f78a09edf43203e16e59c3b769a342a60e"
+"checksum tokio-tls 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "354b8cd83825b3c20217a9dc174d6a0c67441a2fae5c41bcb1ea6679f6ae0f7c"
 "checksum tokio-trace-core 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a9c8a256d6956f7cb5e2bdfe8b1e8022f1a09206c6c2b1ba00f3b746b260c613"
 "checksum tokio-udp 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "66268575b80f4a4a710ef83d087fdfeeabdce9b74c797535fbac18a2cb906e92"
+"checksum tokio-uds 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "65ae5d255ce739e8537221ed2942e0445f4b3b813daebac1c0050ddaaa3587f9"
 "checksum tokio-uds 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)" = "037ffc3ba0e12a0ab4aca92e5234e0dedeb48fddf6ccd260f1f150a36a9f2445"
+"checksum tokio-uds-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "93842f83f760d2a48eb54225f819d05549e69c481f56be4a1b1f51decf99da5b"
 "checksum toml 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)" = "758664fc71a3a69038656bee8b6be6477d2a6c315a6b81f7081f591bffa4111f"
 "checksum traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "efd1f82c56340fdf16f2a953d7bda4f8fdffba13d93b00844c25572110b26079"
 "checksum try-lock 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e604eb7b43c06650e854be16a2a03155743d3752dd1c943f6829e26b7a36e382"
--- a/plume-cli/src/users.rs
+++ b/plume-cli/src/users.rs
@ -109,16 +109,8 @@ fn new<'a>(args: &ArgMatches<'a>, conn: &Connection) {
            rpassword::read_password().expect("Couldn't read your password.")
        });

-    NewUser::new_local(
-        conn,
-        username,
-        display_name,
-        admin,
-        &bio,
-        email,
-        User::hash_pass(&password).expect("Couldn't hash password"),
-    )
-    .expect("Couldn't save new user");
+    NewUser::new_local(conn, username, display_name, admin, &bio, email, &password)
+        .expect("Couldn't save new user");
 }

 fn reset_password<'a>(args: &ArgMatches<'a>, conn: &Connection) {
--- a/plume-models/Cargo.toml
+++ b/plume-models/Cargo.toml
@ -12,6 +12,7 @@ guid-create = "0.1"
 heck = "0.3.0"
 itertools = "0.8.0"
 lazy_static = "*"
+ldap3 = "0.6.1"
 migrations_internals= "1.4.0"
 openssl = "0.10.22"
 rocket = "0.4.0"
--- a/plume-models/src/config.rs
+++ b/plume-models/src/config.rs
@ -14,6 +14,7 @@ pub struct Config {
    pub search_index: String,
    pub rocket: Result<RocketConfig, RocketError>,
    pub logo: LogoConfig,
+    pub ldap: LdapConfig,
 }

 #[derive(Debug, Clone)]
@ -184,6 +185,27 @@ impl Default for LogoConfig {
    }
 }

+#[derive(Debug, Clone)]
+pub struct LdapConfig {
+    pub url: Option<String>,
+    pub bind_dn: Option<String>,
+}
+
+impl Default for LdapConfig {
+    fn default() -> Self {
+        let url = var("LDAP_URL").ok();
+        let bind_dn = var("LDAP_BIND_DN").ok();
+        if url.is_some() ^ bind_dn.is_some() {
+            panic!(
+                r#"Invalid configuration :
+You must provide both LDAP_URL and LDAP_BIND_DN, or neither"#
+            );
+        } else {
+            LdapConfig { url, bind_dn }
+        }
+    }
+}
+
 lazy_static! {
    pub static ref CONFIG: Config = Config {
        base_url: var("BASE_URL").unwrap_or_else(|_| format!(
@ -199,5 +221,6 @@ lazy_static! {
        search_index: var("SEARCH_INDEX").unwrap_or_else(|_| "search_index".to_owned()),
        rocket: get_rocket_config(),
        logo: LogoConfig::default(),
+        ldap: LdapConfig::default(),
    };
 }
--- a/plume-models/src/ldap.rs
+++ b/plume-models/src/ldap.rs
@ -0,0 +1,80 @@
+use crate::CONFIG;
+use ldap3::LdapConn;
+use std::io;
+use std::sync::{mpsc, Mutex};
+use std::thread;
+
+type Message = (String, String, mpsc::Sender<io::Result<bool>>);
+pub struct Ldap {
+    channel: mpsc::Sender<Message>,
+}
+
+impl Ldap {
+    pub fn get_shared() -> Self {
+        Ldap {
+            channel: CHANNEL.lock().unwrap().clone(),
+        }
+    }
+
+    pub fn connect(&self, username: String, password: String) -> LdapResult {
+        let (s, r) = mpsc::channel();
+        self.channel.send((username, password, s)).unwrap(); //we know the remote end was not closed
+        LdapResult { channel: r }
+    }
+}
+
+pub struct LdapResult {
+    channel: mpsc::Receiver<io::Result<bool>>,
+}
+
+impl LdapResult {
+    pub fn get(self) -> io::Result<bool> {
+        self.channel.recv().unwrap() //we know some message must have been send, be it an error
+    }
+}
+
+/// This function loop indefinitelly, handling requests
+fn handle(url: &str, bind_dn: &str, channel: mpsc::Receiver<Message>) {
+    let mut conn = LdapConn::new(url).expect("Error connecting to ldap server");
+    for (user, password, channel) in channel.iter() {
+        let res = conn
+            .simple_bind(&format!("uid={},{}", user, bind_dn), &password)
+            .map(|r| r.rc == 0);
+        let err = res.is_err();
+        channel.send(res).ok(); //we can't assume the other end did not drop it's handle
+        let err = conn.unbind().is_err() || err;
+        if err {
+            if let Ok(c) = LdapConn::new(url) {
+                conn = c;
+            }
+        }
+    }
+}
+
+fn ignore(channel: mpsc::Receiver<Message>) {
+    for (_user, _password, channel) in channel.iter() {
+        channel.send(Ok(false)).ok();
+    }
+}
+
+lazy_static! {
+    static ref CHANNEL: Mutex<mpsc::Sender<Message>> = {
+        let (s, r) = mpsc::channel();
+
+        let builder = thread::Builder::new().name("ldap_handler".into());
+        builder
+            .spawn(move || {
+                if CONFIG.ldap.url.is_some() && CONFIG.ldap.bind_dn.is_some() {
+                    handle(
+                        CONFIG.ldap.url.as_ref().unwrap(),
+                        CONFIG.ldap.bind_dn.as_ref().unwrap(),
+                        r,
+                    )
+                } else {
+                    ignore(r);
+                }
+            })
+            .unwrap();
+        Mutex::new(s)
+    };
+}
--- a/plume-models/src/lib.rs
+++ b/plume-models/src/lib.rs
@ -15,6 +15,7 @@ extern crate heck;
 extern crate itertools;
 #[macro_use]
 extern crate lazy_static;
+extern crate ldap3;
 extern crate migrations_internals;
 extern crate openssl;
 extern crate plume_api;
@ -363,6 +364,7 @@ pub mod follows;
 pub mod headers;
 pub mod inbox;
 pub mod instance;
+pub mod ldap;
 pub mod likes;
 pub mod medias;
 pub mod mentions;
--- a/plume-models/src/users.rs
+++ b/plume-models/src/users.rs
@ -41,6 +41,7 @@ use blogs::Blog;
 use db_conn::DbConn;
 use follows::Follow;
 use instance::*;
+use ldap::Ldap;
 use medias::Media;
 use post_authors::PostAuthor;
 use posts::Post;
@ -333,17 +334,41 @@ impl User {
        })
    }

-    pub fn hash_pass(pass: &str) -> Result<String> {
+    fn hash_pass(pass: &str) -> Result<String> {
        bcrypt::hash(pass, 10).map_err(Error::from)
    }

-    pub fn auth(&self, pass: &str) -> bool {
+    fn auth(&self, pass: &str) -> bool {
        self.hashed_password
            .clone()
            .map(|hashed| bcrypt::verify(pass, hashed.as_ref()).unwrap_or(false))
            .unwrap_or(false)
    }

+    pub fn connect(rocket: &PlumeRocket, name: &str, password: &str) -> Result<Self> {
+        let user = User::find_by_email(&*rocket.conn, &name)
+            .or_else(|_| User::find_by_fqn(&rocket, &name));
+        match user {
+            Ok(user) => {
+                let ldap_conn = Ldap::get_shared().connect(name.to_owned(), password.to_owned());
+                let local_conn = user.auth(password);
+                let ldap_conn = ldap_conn.get().unwrap_or(false);
+                if ldap_conn && local_conn {
+                    user.clear_password(&rocket.conn).ok();
+                }
+                if ldap_conn || local_conn {
+                    Ok(user)
+                } else {
+                    Err(Error::NotFound)
+                }
+            }
+            Err(_) => {
+                User::get(&rocket.conn, 1)?.auth(password);
+                Err(Error::NotFound)
+            }
+        }
+    }
+
    pub fn reset_password(&self, conn: &Connection, pass: &str) -> Result<()> {
        diesel::update(self)
            .set(users::hashed_password.eq(User::hash_pass(pass)?))
@ -351,6 +376,13 @@ impl User {
        Ok(())
    }

+    fn clear_password(&self, conn: &Connection) -> Result<()> {
+        diesel::update(self)
+            .set(users::hashed_password.eq::<Option<String>>(None))
+            .execute(conn)?;
+        Ok(())
+    }
+
    pub fn get_local_page(conn: &Connection, (min, max): (i32, i32)) -> Result<Vec<User>> {
        users::table
            .filter(users::instance_id.eq(Instance::get_local()?.id))
@ -923,7 +955,7 @@ impl NewUser {
        is_admin: bool,
        summary: &str,
        email: String,
-        password: String,
+        password: &str,
    ) -> Result<User> {
        let (pub_key, priv_key) = gen_keypair();
        User::insert(
@ -935,7 +967,7 @@ impl NewUser {
                summary: summary.to_owned(),
                summary_html: SafeString::new(&utils::md_to_html(&summary, None, false, None).0),
                email: Some(email),
-                hashed_password: Some(password),
+                hashed_password: Some(User::hash_pass(password)?),
                instance_id: Instance::get_local()?.id,
                ap_url: String::new(),
                public_key: String::from_utf8(pub_key).or(Err(Error::Signature))?,
@ -964,7 +996,7 @@ pub(crate) mod tests {
            true,
            "Hello there, I'm the admin",
            "admin@example.com".to_owned(),
-            "invalid_admin_password".to_owned(),
+            "invalid_admin_password",
        )
        .unwrap();
        let user = NewUser::new_local(
@ -974,7 +1006,7 @@ pub(crate) mod tests {
            false,
            "Hello there, I'm no one",
            "user@example.com".to_owned(),
-            "invalid_user_password".to_owned(),
+            "invalid_user_password",
        )
        .unwrap();
        let other = NewUser::new_local(
@ -984,7 +1016,7 @@ pub(crate) mod tests {
            false,
            "Hello there, I'm someone else",
            "other@example.com".to_owned(),
-            "invalid_other_password".to_owned(),
+            "invalid_other_password",
        )
        .unwrap();
        vec![admin, user, other]
@ -1003,7 +1035,7 @@ pub(crate) mod tests {
                false,
                "Hello I'm a test",
                "test@example.com".to_owned(),
-                User::hash_pass("test_password").unwrap(),
+                "test_password",
            )
            .unwrap();

@ -1109,7 +1141,7 @@ pub(crate) mod tests {
                false,
                "Hello I'm a test",
                "test@example.com".to_owned(),
-                User::hash_pass("test_password").unwrap(),
+                "test_password",
            )
            .unwrap();

--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@ -62,30 +62,20 @@ pub fn oauth(
    let conn = &*rockets.conn;
    let app = App::find_by_client_id(conn, &query.client_id)?;
    if app.client_secret == query.client_secret {
-        if let Ok(user) = User::find_by_fqn(&rockets, &query.username) {
-            if user.auth(&query.password) {
-                let token = ApiToken::insert(
-                    conn,
-                    NewApiToken {
-                        app_id: app.id,
-                        user_id: user.id,
-                        value: random_hex(),
-                        scopes: query.scopes.clone(),
-                    },
-                )?;
-                Ok(Json(json!({
-                    "token": token.value
-                })))
-            } else {
-                Ok(Json(json!({
-                    "error": "Invalid credentials"
-                })))
-            }
+        if let Ok(user) = User::connect(&rockets, &query.username, &query.password) {
+            let token = ApiToken::insert(
+                conn,
+                NewApiToken {
+                    app_id: app.id,
+                    user_id: user.id,
+                    value: random_hex(),
+                    scopes: query.scopes.clone(),
+                },
+            )?;
+            Ok(Json(json!({
+                "token": token.value
+            })))
        } else {
-            // Making fake password verification to avoid different
-            // response times that would make it possible to know
-            // if a username is registered or not.
-            User::get(conn, 1)?.auth(&query.password);
            Ok(Json(json!({
                "error": "Invalid credentials"
            })))
--- a/src/main.rs
+++ b/src/main.rs
@ -44,6 +44,7 @@ use diesel::r2d2::ConnectionManager;
 use plume_models::{
    db_conn::{DbPool, PragmaForeignKey},
    instance::Instance,
+    ldap::Ldap,
    migrations::IMPORTED_MIGRATIONS,
    search::{Searcher as UnmanagedSearcher, SearcherError},
    Connection, Error, CONFIG,
@ -81,6 +82,7 @@ fn init_pool() -> Option<DbPool> {
        e => e.map(|_| ()).unwrap(),
    }

+    let _ = Ldap::get_shared(); // force initialization of lazy static
    let manager = ConnectionManager::<Connection>::new(CONFIG.database_url.as_str());
    let pool = DbPool::builder()
        .connection_customizer(Box::new(PragmaForeignKey))
--- a/src/routes/session.rs
+++ b/src/routes/session.rs
@ -33,53 +33,29 @@ pub fn new(m: Option<String>, rockets: PlumeRocket) -> Ructe {
    ))
 }

-#[derive(Default, FromForm, Validate)]
+#[derive(Default, FromForm)]
 pub struct LoginForm {
-    #[validate(length(min = "1", message = "We need an email, or a username to identify you"))]
    pub email_or_name: String,
-    #[validate(length(min = "1", message = "Your password can't be empty"))]
    pub password: String,
 }

 #[post("/login", data = "<form>")]
 pub fn create(
    form: LenientForm<LoginForm>,
-    mut cookies: Cookies,
    rockets: PlumeRocket,
+    mut cookies: Cookies,
 ) -> RespondOrRedirect {
    let conn = &*rockets.conn;
-    let user = User::find_by_email(&*conn, &form.email_or_name)
-        .or_else(|_| User::find_by_fqn(&rockets, &form.email_or_name));
-    let mut errors = match form.validate() {
-        Ok(_) => ValidationErrors::new(),
-        Err(e) => e,
-    };

-    let user_id = if let Ok(user) = user {
-        if !user.auth(&form.password) {
-            let mut err = ValidationError::new("invalid_login");
-            err.message = Some(Cow::from("Invalid username, or password"));
-            errors.add("email_or_name", err);
-            String::new()
-        } else {
-            user.id.to_string()
-        }
+    let user_id = if let Ok(user) = User::connect(&rockets, &form.email_or_name, &form.password) {
+        user.id.to_string()
    } else {
-        // Fake password verification, only to avoid different login times
-        // that could be used to see if an email adress is registered or not
-        User::get(&*conn, 1)
-            .map(|u| u.auth(&form.password))
-            .expect("No user is registered");
-
+        let mut errors = ValidationErrors::new();
        let mut err = ValidationError::new("invalid_login");
        err.message = Some(Cow::from("Invalid username, or password"));
        errors.add("email_or_name", err);
-        String::new()
-    };
-
-    if !errors.is_empty() {
        return render!(session::login(&rockets.to_context(), None, &*form, errors)).into();
-    }
+    };

    cookies.add_private(
        Cookie::build(AUTH_COOKIE, user_id)
@ -111,7 +87,7 @@ pub fn create(
            &(conn, &rockets.intl.catalog, None, None),
            None,
            &*form,
-            errors
+            ValidationErrors::new()
        ))
        .into()
    }
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@ -520,7 +520,7 @@ pub fn create(
                false,
                "",
                form.email.to_string(),
-                User::hash_pass(&form.password).map_err(to_validation)?,
+                &form.password,
            )
            .map_err(to_validation)?;
            Ok(Flash::success(