axess-core 0.2.0

Core implementation for the axess library. Session state machine, multi-factor authentication engine, Cedar Policy evaluation, and pluggable storage backends. Use the `axess` facade crate unless you need direct access to internals.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

//! Orchestrator-side LDAP code: `HealthCheck` impl for
//! [`LdapProviderConfig`]. The verifier itself, the configuration
//! struct, and the mock implementation live in [`axess_factors::ldap`].

use crate::health::{HealthCheck, HealthStatus};
use axess_factors::ldap::LdapProviderConfig;

impl HealthCheck for LdapProviderConfig {
    fn check(
        &self,
    ) -> std::pin::Pin<Box<dyn std::future::Future<Output = HealthStatus> + Send + '_>> {
        Box::pin(async {
            // Attempt a TCP connection to verify the LDAP server is reachable.
            // This does not authenticate; it only checks connectivity.
            match tokio::time::timeout(
                self.connection_timeout,
                ldap3::LdapConnAsync::new(&self.url),
            )
            .await
            {
                Ok(Ok((conn, mut ldap))) => {
                    tokio::spawn(async move { conn.drive().await });
                    if let Err(err) = ldap.unbind().await {
                        tracing::trace!(
                            target: "axess::federation::ldap",
                            ?err,
                            "ldap unbind on health-check teardown failed",
                        );
                    }
                    HealthStatus::Healthy
                }
                Ok(Err(e)) => HealthStatus::Unhealthy(format!("LDAP connection failed: {e}")),
                Err(_) => HealthStatus::Unhealthy(format!(
                    "LDAP connection timeout ({}s)",
                    self.connection_timeout.as_secs()
                )),
            }
        })
    }
}