[pmg-api.git] / PMG / LDAPConfig.pm

package PMG::LDAPConfig;

use strict;
use warnings;
use MIME::Base64;
use Data::Dumper;

use PVE::Tools;
use PVE::JSONSchema qw(get_standard_option);
use PVE::INotify;
use PVE::SectionConfig;

use base qw(PVE::SectionConfig);

my $defaultData = {
    propertyList => {
	type => { description => "Section type." },
	section => {
	    description => "Secion ID.",
	    type => 'string', format => 'pve-configid',
	},
	mode => {
	    description => "LDAP protocol mode ('ldap' or 'ldaps').",
	    type => 'string',
	    enum => ['ldap', 'ldaps'],
	    default => 'ldap',
	},
	server1 => {
	    description => "Server address.",
	    type => 'string', format => 'address',
	},
	server2 => {
	    description => "Fallback server address. Userd when the first server is not available.",
	    type => 'string', format => 'address',
	},
	port => {
	    description => "Specify the port to connect to.",
	    type => 'integer',
	    minimum => 1,
	    maximum => 65535,
	},
	binddn => {
	    description => "Bind domain name.",
	    type => 'string',
	},
	bindpw => {
	    description => "Bind password.",
	    type => 'string',
	},
	basedn => {
	    description => "Base domain name.",
	    type => 'string',
	},
	groupbasedn => {
	    description => "Base domain name for groups.",
	    type => 'string',
	},
	filter => {
	    description => "LDAP filter.",
	    type => 'string',
	},
	accountattr => {
	    description => "Account attribute name name.",
	    type => 'string',
	    pattern => '[a-zA-Z0-9]+',
	    default => 'sAMAccountName',
	},
	mailattr => {
	    description => "List of mail attribute names.",
	    type => 'string', format => 'string-list',
	    pattern => '[a-zA-Z0-9]+',
	    default => "mail, userPrincipalName, proxyAddresses, othermailbox",
	},
    },
};

sub options {
    return {
	server1 => {  optional => 0 },
	server2 => {  optional => 1 },
	port => { optional => 1 },
	mode => { optional => 1 },
	binddn => { optional => 1 },
	bindpw => { optional => 1 },
	basedn => { optional => 1 },
	groupbasedn => { optional => 1 },
	filter => { optional => 1 },
	accountattr => { optional => 1 },
	mailattr => { optional => 1 },
    };
}

sub type {
    return 'ldap';
}

sub private {
    return $defaultData;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    $value = decode_base64($value) if $key eq 'bindpw';

    return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    $value = encode_base64($value, '') if $key eq 'bindpw';

    return $value;
}

my $lockfile = "/var/lock/pmgldapconfig.lck";

sub lock_config {
    my ($code, $errmsg) = @_;

    my $p = PVE::Tools::lock_file($lockfile, undef, $code);
    if (my $err = $@) {
	$errmsg ? die "$errmsg: $err" : die $err;
    }
}


__PACKAGE__->register();
__PACKAGE__->init();

sub read_pmg_ldap_conf {
    my ($filename, $fh) = @_;

    local $/ = undef; # slurp mode

    my $raw = <$fh>;

    return __PACKAGE__->parse_config($filename, $raw);
}

sub write_pmg_ldap_conf {
    my ($filename, $fh, $cfg) = @_;

    my $raw = __PACKAGE__->write_config($filename, $cfg);

    chmod(0600, $fh);

    PVE::Tools::safe_print($filename, $fh, $raw);
}

PVE::INotify::register_file('pmg-ldap.conf', "/etc/proxmox/ldap.conf",
			    \&read_pmg_ldap_conf,
			    \&write_pmg_ldap_conf);


1;
Commit	Line	Data
a6e3ac60 DM	1	package PMG::LDAPConfig;
	2
	3	use strict;
	4	use warnings;
49a16f65	5	use MIME::Base64;
a6e3ac60 DM	6	use Data::Dumper;
	7
	8	use PVE::Tools;
	9	use PVE::JSONSchema qw(get_standard_option);
	10	use PVE::INotify;
	11	use PVE::SectionConfig;
	12
	13	use base qw(PVE::SectionConfig);
	14
	15	my $defaultData = {
	16	propertyList => {
	17	type => { description => "Section type." },
	18	section => {
	19	description => "Secion ID.",
	20	type => 'string', format => 'pve-configid',
	21	},
	22	mode => {
	23	description => "LDAP protocol mode ('ldap' or 'ldaps').",
	24	type => 'string',
	25	enum => ['ldap', 'ldaps'],
	26	default => 'ldap',
	27	},
49a16f65 DM	28	server1 => {
	29	description => "Server address.",
	30	type => 'string', format => 'address',
	31	},
	32	server2 => {
	33	description => "Fallback server address. Userd when the first server is not available.",
	34	type => 'string', format => 'address',
	35	},
	36	port => {
	37	description => "Specify the port to connect to.",
	38	type => 'integer',
	39	minimum => 1,
	40	maximum => 65535,
	41	},
	42	binddn => {
	43	description => "Bind domain name.",
	44	type => 'string',
	45	},
	46	bindpw => {
	47	description => "Bind password.",
	48	type => 'string',
	49	},
	50	basedn => {
	51	description => "Base domain name.",
	52	type => 'string',
	53	},
	54	groupbasedn => {
	55	description => "Base domain name for groups.",
	56	type => 'string',
	57	},
	58	filter => {
	59	description => "LDAP filter.",
	60	type => 'string',
	61	},
	62	accountattr => {
	63	description => "Account attribute name name.",
	64	type => 'string',
	65	pattern => '[a-zA-Z0-9]+',
	66	default => 'sAMAccountName',
	67	},
	68	mailattr => {
	69	description => "List of mail attribute names.",
e1c64277	70	type => 'string', format => 'string-list',
49a16f65 DM	71	pattern => '[a-zA-Z0-9]+',
	72	default => "mail, userPrincipalName, proxyAddresses, othermailbox",
	73	},
a6e3ac60 DM	74	},
	75	};
	76
	77	sub options {
	78	return {
49a16f65 DM	79	server1 => { optional => 0 },
	80	server2 => { optional => 1 },
	81	port => { optional => 1 },
a6e3ac60	82	mode => { optional => 1 },
49a16f65 DM	83	binddn => { optional => 1 },
	84	bindpw => { optional => 1 },
	85	basedn => { optional => 1 },
	86	groupbasedn => { optional => 1 },
	87	filter => { optional => 1 },
	88	accountattr => { optional => 1 },
	89	mailattr => { optional => 1 },
a6e3ac60 DM	90	};
	91	}
	92
	93	sub type {
	94	return 'ldap';
	95	}
	96
	97	sub private {
	98	return $defaultData;
	99	}
	100
49a16f65 DM	101	sub decode_value {
49a16f65 DM	102	my ($class, $type, $key, $value) = @_;
a6e3ac60	103
49a16f65 DM	104	$value = decode_base64($value) if $key eq 'bindpw';
	105
	106	return $value;
a6e3ac60 DM	107	}
a6e3ac60 DM	108
49a16f65 DM	109	sub encode_value {
49a16f65 DM	110	my ($class, $type, $key, $value) = @_;
a6e3ac60	111
49a16f65	112	$value = encode_base64($value, '') if $key eq 'bindpw';
a6e3ac60	113
49a16f65	114	return $value;
a6e3ac60 DM	115	}
a6e3ac60 DM	116
e1c64277 DM	117	my $lockfile = "/var/lock/pmgldapconfig.lck";
	118
	119	sub lock_config {
	120	my ($code, $errmsg) = @_;
	121
	122	my $p = PVE::Tools::lock_file($lockfile, undef, $code);
	123	if (my $err = $@) {
	124	$errmsg ? die "$errmsg: $err" : die $err;
	125	}
	126	}
	127
49a16f65	128
a6e3ac60 DM	129	__PACKAGE__->register();
	130	__PACKAGE__->init();
	131
	132	sub read_pmg_ldap_conf {
	133	my ($filename, $fh) = @_;
	134
	135	local $/ = undef; # slurp mode
	136
	137	my $raw = <$fh>;
	138
	139	return __PACKAGE__->parse_config($filename, $raw);
	140	}
	141
	142	sub write_pmg_ldap_conf {
	143	my ($filename, $fh, $cfg) = @_;
	144
	145	my $raw = __PACKAGE__->write_config($filename, $cfg);
	146
d5121ced DM	147	chmod(0600, $fh);
d5121ced DM	148
a6e3ac60 DM	149	PVE::Tools::safe_print($filename, $fh, $raw);
	150	}
	151
	152	PVE::INotify::register_file('pmg-ldap.conf', "/etc/proxmox/ldap.conf",
	153	\&read_pmg_ldap_conf,
	154	\&write_pmg_ldap_conf);
	155
	156
	157	1;