]>
Commit | Line | Data |
---|---|---|
a6e3ac60 DM |
1 | package PMG::LDAPConfig; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
49a16f65 | 5 | use MIME::Base64; |
a6e3ac60 DM |
6 | use Data::Dumper; |
7 | ||
8 | use PVE::Tools; | |
9 | use PVE::JSONSchema qw(get_standard_option); | |
10 | use PVE::INotify; | |
11 | use PVE::SectionConfig; | |
12 | ||
13 | use base qw(PVE::SectionConfig); | |
14 | ||
15 | my $defaultData = { | |
16 | propertyList => { | |
17 | type => { description => "Section type." }, | |
18 | section => { | |
19 | description => "Secion ID.", | |
20 | type => 'string', format => 'pve-configid', | |
21 | }, | |
22 | mode => { | |
23 | description => "LDAP protocol mode ('ldap' or 'ldaps').", | |
24 | type => 'string', | |
25 | enum => ['ldap', 'ldaps'], | |
26 | default => 'ldap', | |
27 | }, | |
49a16f65 DM |
28 | server1 => { |
29 | description => "Server address.", | |
30 | type => 'string', format => 'address', | |
31 | }, | |
32 | server2 => { | |
33 | description => "Fallback server address. Userd when the first server is not available.", | |
34 | type => 'string', format => 'address', | |
35 | }, | |
36 | port => { | |
37 | description => "Specify the port to connect to.", | |
38 | type => 'integer', | |
39 | minimum => 1, | |
40 | maximum => 65535, | |
41 | }, | |
42 | binddn => { | |
43 | description => "Bind domain name.", | |
44 | type => 'string', | |
45 | }, | |
46 | bindpw => { | |
47 | description => "Bind password.", | |
48 | type => 'string', | |
49 | }, | |
50 | basedn => { | |
51 | description => "Base domain name.", | |
52 | type => 'string', | |
53 | }, | |
54 | groupbasedn => { | |
55 | description => "Base domain name for groups.", | |
56 | type => 'string', | |
57 | }, | |
58 | filter => { | |
59 | description => "LDAP filter.", | |
60 | type => 'string', | |
61 | }, | |
62 | accountattr => { | |
63 | description => "Account attribute name name.", | |
64 | type => 'string', | |
65 | pattern => '[a-zA-Z0-9]+', | |
66 | default => 'sAMAccountName', | |
67 | }, | |
68 | mailattr => { | |
69 | description => "List of mail attribute names.", | |
e1c64277 | 70 | type => 'string', format => 'string-list', |
49a16f65 DM |
71 | pattern => '[a-zA-Z0-9]+', |
72 | default => "mail, userPrincipalName, proxyAddresses, othermailbox", | |
73 | }, | |
a6e3ac60 DM |
74 | }, |
75 | }; | |
76 | ||
77 | sub options { | |
78 | return { | |
49a16f65 DM |
79 | server1 => { optional => 0 }, |
80 | server2 => { optional => 1 }, | |
81 | port => { optional => 1 }, | |
a6e3ac60 | 82 | mode => { optional => 1 }, |
49a16f65 DM |
83 | binddn => { optional => 1 }, |
84 | bindpw => { optional => 1 }, | |
85 | basedn => { optional => 1 }, | |
86 | groupbasedn => { optional => 1 }, | |
87 | filter => { optional => 1 }, | |
88 | accountattr => { optional => 1 }, | |
89 | mailattr => { optional => 1 }, | |
a6e3ac60 DM |
90 | }; |
91 | } | |
92 | ||
93 | sub type { | |
94 | return 'ldap'; | |
95 | } | |
96 | ||
97 | sub private { | |
98 | return $defaultData; | |
99 | } | |
100 | ||
49a16f65 DM |
101 | sub decode_value { |
102 | my ($class, $type, $key, $value) = @_; | |
a6e3ac60 | 103 | |
49a16f65 DM |
104 | $value = decode_base64($value) if $key eq 'bindpw'; |
105 | ||
106 | return $value; | |
a6e3ac60 DM |
107 | } |
108 | ||
49a16f65 DM |
109 | sub encode_value { |
110 | my ($class, $type, $key, $value) = @_; | |
a6e3ac60 | 111 | |
49a16f65 | 112 | $value = encode_base64($value, '') if $key eq 'bindpw'; |
a6e3ac60 | 113 | |
49a16f65 | 114 | return $value; |
a6e3ac60 DM |
115 | } |
116 | ||
e1c64277 DM |
117 | my $lockfile = "/var/lock/pmgldapconfig.lck"; |
118 | ||
119 | sub lock_config { | |
120 | my ($code, $errmsg) = @_; | |
121 | ||
122 | my $p = PVE::Tools::lock_file($lockfile, undef, $code); | |
123 | if (my $err = $@) { | |
124 | $errmsg ? die "$errmsg: $err" : die $err; | |
125 | } | |
126 | } | |
127 | ||
49a16f65 | 128 | |
a6e3ac60 DM |
129 | __PACKAGE__->register(); |
130 | __PACKAGE__->init(); | |
131 | ||
132 | sub read_pmg_ldap_conf { | |
133 | my ($filename, $fh) = @_; | |
134 | ||
135 | local $/ = undef; # slurp mode | |
136 | ||
137 | my $raw = <$fh>; | |
138 | ||
139 | return __PACKAGE__->parse_config($filename, $raw); | |
140 | } | |
141 | ||
142 | sub write_pmg_ldap_conf { | |
143 | my ($filename, $fh, $cfg) = @_; | |
144 | ||
145 | my $raw = __PACKAGE__->write_config($filename, $cfg); | |
146 | ||
d5121ced DM |
147 | chmod(0600, $fh); |
148 | ||
a6e3ac60 DM |
149 | PVE::Tools::safe_print($filename, $fh, $raw); |
150 | } | |
151 | ||
152 | PVE::INotify::register_file('pmg-ldap.conf', "/etc/proxmox/ldap.conf", | |
153 | \&read_pmg_ldap_conf, | |
154 | \&write_pmg_ldap_conf); | |
155 | ||
156 | ||
157 | 1; |