From d7e4f701b42d3045a2345dd74b442e484071c8d8 Mon Sep 17 00:00:00 2001
From: Morgana <morgana@icolotl.com>
Date: Wed, 14 Jan 2026 14:52:17 -0600
Subject: [PATCH] Implement base Avalon LDAP authentication utility

---
 .gitignore  |  1 +
 ldaputil.py | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 ldaputil.py

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..931261a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.key
\ No newline at end of file
diff --git a/ldaputil.py b/ldaputil.py
new file mode 100644
index 0000000..a3bd1ea
--- /dev/null
+++ b/ldaputil.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+# avalon-bbs ldaputil.py
+# Copyright (C) 2026 The Avalon Team <avalon@icolotl.com>
+
+# This program is free software: you can redistribute it and/or modify it under 
+# the terms of the GNU Affero General Public License as published by the Free 
+# Software Foundation, either version 3 of the License, or (at your option) any 
+# later version.
+
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY 
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 
+# PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License along 
+# with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from getpass import getpass
+
+from ldap3 import Server, Connection
+from ldap3.utils.conv import escape_filter_chars
+from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult
+
+SEARCH_DN = "cn=Search,dc=icolotl,dc=com"
+with open("search.key", encoding="utf-8") as file:
+    SEARCH_KEY = file.read().strip()
+
+def authenticate(username, password):
+    """Attempt to authenticate against the Avalon LDAP Database."""
+    server = Server("127.0.0.1")
+    try:
+        with Connection(server, user=SEARCH_DN, password=SEARCH_KEY, raise_exceptions=True) as conn:
+            conn.search("ou=People,dc=icolotl,dc=com", f"(&(objectclass=person)(uid={escape_filter_chars(username)}))")
+            if len(conn.entries) != 1:
+                return False
+            USER_DN = conn.entries[0].entry_dn
+        with Connection(server, user=USER_DN, password=password, raise_exceptions=True):
+            return True
+    except (LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult):
+        return False
\ No newline at end of file