]>
Commit | Line | Data |
---|---|---|
a6e3ac60 DM |
1 | package PMG::LDAPConfig; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
49a16f65 | 5 | use MIME::Base64; |
a6e3ac60 DM |
6 | use Data::Dumper; |
7 | ||
8 | use PVE::Tools; | |
9 | use PVE::JSONSchema qw(get_standard_option); | |
10 | use PVE::INotify; | |
11 | use PVE::SectionConfig; | |
12 | ||
13 | use base qw(PVE::SectionConfig); | |
14 | ||
15 | my $defaultData = { | |
16 | propertyList => { | |
17 | type => { description => "Section type." }, | |
c2ef4490 | 18 | profile => { |
a6e3ac60 DM |
19 | description => "Secion ID.", |
20 | type => 'string', format => 'pve-configid', | |
21 | }, | |
2fdba966 DM |
22 | }, |
23 | }; | |
24 | ||
25 | sub properties { | |
26 | return { | |
1c4fa5b1 DM |
27 | disable => { |
28 | description => "Flag to disable/deactivate the entry.", | |
29 | type => 'boolean', | |
30 | optional => 1, | |
31 | }, | |
bfed5777 DM |
32 | comment => { |
33 | description => "Description.", | |
34 | type => 'string', | |
35 | optional => 1, | |
36 | maxLength => 4096, | |
37 | }, | |
a6e3ac60 DM |
38 | mode => { |
39 | description => "LDAP protocol mode ('ldap' or 'ldaps').", | |
40 | type => 'string', | |
41 | enum => ['ldap', 'ldaps'], | |
42 | default => 'ldap', | |
43 | }, | |
49a16f65 DM |
44 | server1 => { |
45 | description => "Server address.", | |
46 | type => 'string', format => 'address', | |
bfed5777 | 47 | maxLength => 256, |
49a16f65 DM |
48 | }, |
49 | server2 => { | |
50 | description => "Fallback server address. Userd when the first server is not available.", | |
51 | type => 'string', format => 'address', | |
bfed5777 | 52 | maxLength => 256, |
49a16f65 DM |
53 | }, |
54 | port => { | |
55 | description => "Specify the port to connect to.", | |
56 | type => 'integer', | |
57 | minimum => 1, | |
58 | maximum => 65535, | |
59 | }, | |
60 | binddn => { | |
61 | description => "Bind domain name.", | |
62 | type => 'string', | |
63 | }, | |
64 | bindpw => { | |
65 | description => "Bind password.", | |
66 | type => 'string', | |
67 | }, | |
68 | basedn => { | |
69 | description => "Base domain name.", | |
70 | type => 'string', | |
71 | }, | |
72 | groupbasedn => { | |
73 | description => "Base domain name for groups.", | |
74 | type => 'string', | |
75 | }, | |
76 | filter => { | |
77 | description => "LDAP filter.", | |
78 | type => 'string', | |
79 | }, | |
80 | accountattr => { | |
81 | description => "Account attribute name name.", | |
82 | type => 'string', | |
83 | pattern => '[a-zA-Z0-9]+', | |
84 | default => 'sAMAccountName', | |
85 | }, | |
86 | mailattr => { | |
87 | description => "List of mail attribute names.", | |
e1c64277 | 88 | type => 'string', format => 'string-list', |
49a16f65 DM |
89 | pattern => '[a-zA-Z0-9]+', |
90 | default => "mail, userPrincipalName, proxyAddresses, othermailbox", | |
91 | }, | |
2fdba966 DM |
92 | }; |
93 | } | |
a6e3ac60 DM |
94 | |
95 | sub options { | |
96 | return { | |
ff4776b6 | 97 | disable => { optional => 1 }, |
bfed5777 | 98 | comment => { optional => 1 }, |
49a16f65 DM |
99 | server1 => { optional => 0 }, |
100 | server2 => { optional => 1 }, | |
101 | port => { optional => 1 }, | |
a6e3ac60 | 102 | mode => { optional => 1 }, |
49a16f65 DM |
103 | binddn => { optional => 1 }, |
104 | bindpw => { optional => 1 }, | |
105 | basedn => { optional => 1 }, | |
106 | groupbasedn => { optional => 1 }, | |
107 | filter => { optional => 1 }, | |
108 | accountattr => { optional => 1 }, | |
109 | mailattr => { optional => 1 }, | |
a6e3ac60 DM |
110 | }; |
111 | } | |
112 | ||
113 | sub type { | |
114 | return 'ldap'; | |
115 | } | |
116 | ||
117 | sub private { | |
118 | return $defaultData; | |
119 | } | |
120 | ||
05b856e3 DM |
121 | sub parse_section_header { |
122 | my ($class, $line) = @_; | |
123 | ||
124 | if ($line =~ m/^(\S+):\s*(\S+)\s*$/) { | |
c2ef4490 | 125 | my ($type, $profileId) = ($1, $2); |
05b856e3 | 126 | my $errmsg = undef; # set if you want to skip whole section |
c2ef4490 | 127 | eval { PVE::JSONSchema::pve_verify_configid($profileId); }; |
05b856e3 DM |
128 | $errmsg = $@ if $@; |
129 | my $config = {}; # to return additional attributes | |
c2ef4490 | 130 | return ($type, $profileId, $errmsg, $config); |
05b856e3 DM |
131 | } |
132 | return undef; | |
133 | } | |
134 | ||
bfed5777 DM |
135 | sub parse_config { |
136 | my ($class, $filename, $raw) = @_; | |
137 | ||
138 | my $cfg = $class->SUPER::parse_config($filename, $raw); | |
139 | ||
c2ef4490 DM |
140 | foreach my $profile (keys %{$cfg->{ids}}) { |
141 | my $data = $cfg->{ids}->{$profile}; | |
bfed5777 DM |
142 | |
143 | $data->{comment} = PVE::Tools::decode_text($data->{comment}) | |
144 | if defined($data->{comment}); | |
145 | ||
146 | $data->{bindpw} = decode_base64($data->{bindpw}) | |
147 | if defined($data->{bindpw}); | |
148 | } | |
149 | ||
150 | return $cfg; | |
151 | } | |
152 | ||
153 | sub write_config { | |
154 | my ($class, $filename, $cfg) = @_; | |
155 | ||
c2ef4490 DM |
156 | foreach my $profile (keys %{$cfg->{ids}}) { |
157 | my $data = $cfg->{ids}->{$profile}; | |
bfed5777 DM |
158 | |
159 | $data->{comment} = PVE::Tools::encode_text($data->{comment}) | |
160 | if defined($data->{comment}); | |
161 | ||
162 | $data->{bindpw} = encode_base64($data->{bindpw}, '') | |
163 | if defined($data->{bindpw}); | |
164 | } | |
165 | ||
166 | $class->SUPER::write_config($filename, $cfg); | |
167 | } | |
168 | ||
e1c64277 DM |
169 | my $lockfile = "/var/lock/pmgldapconfig.lck"; |
170 | ||
171 | sub lock_config { | |
172 | my ($code, $errmsg) = @_; | |
173 | ||
174 | my $p = PVE::Tools::lock_file($lockfile, undef, $code); | |
175 | if (my $err = $@) { | |
176 | $errmsg ? die "$errmsg: $err" : die $err; | |
177 | } | |
178 | } | |
179 | ||
49a16f65 | 180 | |
a6e3ac60 DM |
181 | __PACKAGE__->register(); |
182 | __PACKAGE__->init(); | |
183 | ||
184 | sub read_pmg_ldap_conf { | |
185 | my ($filename, $fh) = @_; | |
186 | ||
187 | local $/ = undef; # slurp mode | |
188 | ||
189 | my $raw = <$fh>; | |
190 | ||
191 | return __PACKAGE__->parse_config($filename, $raw); | |
192 | } | |
193 | ||
194 | sub write_pmg_ldap_conf { | |
195 | my ($filename, $fh, $cfg) = @_; | |
196 | ||
197 | my $raw = __PACKAGE__->write_config($filename, $cfg); | |
198 | ||
d5121ced DM |
199 | chmod(0600, $fh); |
200 | ||
a6e3ac60 DM |
201 | PVE::Tools::safe_print($filename, $fh, $raw); |
202 | } | |
203 | ||
3278b571 | 204 | PVE::INotify::register_file('pmg-ldap.conf', "/etc/pmg/ldap.conf", |
a6e3ac60 DM |
205 | \&read_pmg_ldap_conf, |
206 | \&write_pmg_ldap_conf); | |
207 | ||
208 | ||
209 | 1; |