Implement base Avalon LDAP authentication utility

.gitignore

@@ -0,0 +1 @@
+*.key

ldaputil.py

@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+# avalon-bbs ldaputil.py
+# Copyright (C) 2026 The Avalon Team <avalon@icolotl.com>
+
+# This program is free software: you can redistribute it and/or modify it under 
+# the terms of the GNU Affero General Public License as published by the Free 
+# Software Foundation, either version 3 of the License, or (at your option) any 
+# later version.
+
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY 
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 
+# PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License along 
+# with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from getpass import getpass
+
+from ldap3 import Server, Connection
+from ldap3.utils.conv import escape_filter_chars
+from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult
+
+SEARCH_DN = "cn=Search,dc=icolotl,dc=com"
+with open("search.key", encoding="utf-8") as file:
+    SEARCH_KEY = file.read().strip()
+
+def authenticate(username, password):
+    """Attempt to authenticate against the Avalon LDAP Database."""
+    server = Server("127.0.0.1")
+    try:
+        with Connection(server, user=SEARCH_DN, password=SEARCH_KEY, raise_exceptions=True) as conn:
+            conn.search("ou=People,dc=icolotl,dc=com", f"(&(objectclass=person)(uid={escape_filter_chars(username)}))")
+            if len(conn.entries) != 1:
+                return False
+            USER_DN = conn.entries[0].entry_dn
+        with Connection(server, user=USER_DN, password=password, raise_exceptions=True):
+            return True
+    except (LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult):
+        return False