]>
git.proxmox.com Git - pmg-api.git/blob - PMG/API2/LDAP.pm
1 package PMG
::API2
::LDAP
;
8 use PVE
::Tools
qw(extract_param);
9 use HTTP
::Status
qw(:constants);
10 use Storable
qw(dclone);
11 use PVE
::JSONSchema
qw(get_standard_option);
19 use base
qw(PVE::RESTHandler);
21 __PACKAGE__-
>register_method ({
25 description
=> "List configured LDAP profiles.",
27 permissions
=> { check
=> [ 'admin' ] },
29 additionalProperties
=> 0,
37 profile
=> { type
=> 'string'},
38 disable
=> { type
=> 'boolean' },
39 server1
=> { type
=> 'string'},
40 server2
=> { type
=> 'string', optional
=> 1},
41 comment
=> { type
=> 'string', optional
=> 1},
42 gcount
=> { type
=> 'integer', optional
=> 1},
43 mcount
=> { type
=> 'integer', optional
=> 1},
44 ucount
=> { type
=> 'integer', optional
=> 1},
45 mode
=> { type
=> 'string'},
48 links
=> [ { rel
=> 'child', href
=> "{profile}" } ],
53 my $ldap_cfg = PMG
::LDAPConfig-
>new();
55 my $ldap_set = PMG
::LDAPSet-
>new_from_ldap_cfg($ldap_cfg, 1);
59 if (defined($ldap_cfg)) {
60 foreach my $profile (keys %{$ldap_cfg->{ids
}}) {
61 my $d = $ldap_cfg->{ids
}->{$profile};
64 disable
=> $d->{disable
} ?
1 : 0,
65 server1
=> $d->{server1
},
66 mode
=> $d->{mode
} // 'ldap',
68 $entry->{server2
} = $d->{server2
} if defined($d->{server2
});
69 $entry->{comment
} = $d->{comment
} if defined($d->{comment
});
71 if (my $d = $ldap_set->{$profile}) {
72 foreach my $k (qw(gcount mcount ucount)) {
74 $entry->{$k} = $v if defined($v);
85 my $forced_ldap_sync = sub {
86 my ($profile, $config) = @_;
88 my $ldapcache = PMG
::LDAPCache-
>new(
89 id
=> $profile, syncmode
=> 2, %$config);
91 die $ldapcache->{errors
} if $ldapcache->{errors
};
93 die "unable to find valid email addresses\n"
94 if !$ldapcache->{mcount
};
97 __PACKAGE__-
>register_method ({
102 permissions
=> { check
=> [ 'admin' ] },
104 description
=> "Add LDAP profile.",
105 parameters
=> PMG
::LDAPConfig-
>createSchema(1),
106 returns
=> { type
=> 'null' },
112 my $cfg = PMG
::LDAPConfig-
>new();
116 my $ids = $cfg->{ids
};
118 my $profile = extract_param
($param, 'profile');
119 my $type = $param->{type
};
121 die "LDAP profile '$profile' already exists\n"
124 my $config = PMG
::LDAPConfig-
>check_config($profile, $param, 1, 1);
126 $ids->{$profile} = $config;
128 $forced_ldap_sync->($profile, $config)
129 if !$config->{disable
};
134 PMG
::LDAPConfig
::lock_config
($code, "add LDAP profile failed");
139 __PACKAGE__-
>register_method ({
140 name
=> 'profile_index',
143 description
=> "Directory index",
148 additionalProperties
=> 0,
151 description
=> "Profile ID.",
152 type
=> 'string', format
=> 'pve-configid',
161 subdir
=> { type
=> 'string'},
164 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
170 { subdir
=> 'config' },
171 { subdir
=> 'sync' },
172 { subdir
=> 'users' },
173 { subdir
=> 'groups' },
177 __PACKAGE__-
>register_method ({
178 name
=> 'read_config',
179 path
=> '{profile}/config',
181 description
=> "Get LDAP profile configuration.",
183 permissions
=> { check
=> [ 'admin' ] },
185 additionalProperties
=> 0,
188 description
=> "Profile ID.",
189 type
=> 'string', format
=> 'pve-configid',
197 my $cfg = PMG
::LDAPConfig-
>new();
199 my $profile = $param->{profile
};
201 my $data = $cfg->{ids
}->{$profile};
202 die "LDAP profile '$profile' does not exist\n" if !$data;
204 $data->{digest
} = $cfg->{digest
};
209 __PACKAGE__-
>register_method ({
210 name
=> 'update_config',
211 path
=> '{profile}/config',
213 description
=> "Update LDAP profile settings.",
214 permissions
=> { check
=> [ 'admin' ] },
217 parameters
=> PMG
::LDAPConfig-
>updateSchema(),
218 returns
=> { type
=> 'null' },
224 my $cfg = PMG
::LDAPConfig-
>new();
225 my $ids = $cfg->{ids
};
227 my $digest = extract_param
($param, 'digest');
228 PVE
::SectionConfig
::assert_if_modified
($cfg, $digest);
230 my $profile = extract_param
($param, 'profile');
232 die "LDAP profile '$profile' does not exist\n"
233 if !$ids->{$profile};
235 my $delete_str = extract_param
($param, 'delete');
236 die "no options specified\n"
237 if !$delete_str && !scalar(keys %$param);
239 foreach my $opt (PVE
::Tools
::split_list
($delete_str)) {
240 delete $ids->{$profile}->{$opt};
243 my $config = PMG
::LDAPConfig-
>check_config($profile, $param, 0, 1);
245 foreach my $p (keys %$config) {
246 $ids->{$profile}->{$p} = $config->{$p};
249 $forced_ldap_sync->($profile, $config)
250 if !$config->{disable
};
255 PMG
::LDAPConfig
::lock_config
($code, "update LDAP profile failed");
260 __PACKAGE__-
>register_method ({
261 name
=> 'sync_profile',
262 path
=> '{profile}/sync',
264 description
=> "Synchronice LDAP users to local database.",
265 permissions
=> { check
=> [ 'admin' ] },
269 additionalProperties
=> 0,
272 description
=> "Profile ID.",
273 type
=> 'string', format
=> 'pve-configid',
277 returns
=> { type
=> 'null' },
281 my $cfg = PMG
::LDAPConfig-
>new();
282 my $ids = $cfg->{ids
};
284 my $profile = extract_param
($param, 'profile');
286 die "LDAP profile '$profile' does not exist\n"
287 if !$ids->{$profile};
289 my $config = $ids->{$profile};
291 if ($config->{disable
}) {
292 die "LDAP profile '$profile' is disabled\n";
294 $forced_ldap_sync->($profile, $config)
300 __PACKAGE__-
>register_method ({
304 description
=> "Delete an LDAP profile",
305 permissions
=> { check
=> [ 'admin' ] },
309 additionalProperties
=> 0,
312 description
=> "Profile ID.",
313 type
=> 'string', format
=> 'pve-configid',
317 returns
=> { type
=> 'null' },
323 my $cfg = PMG
::LDAPConfig-
>new();
324 my $ids = $cfg->{ids
};
326 my $profile = $param->{profile
};
328 die "LDAP profile '$profile' does not exist\n"
329 if !$ids->{$profile};
331 delete $ids->{$profile};
333 PMG
::LDAPCache-
>delete($profile);
338 PMG
::LDAPConfig
::lock_config
($code, "delete LDAP profile failed");
343 __PACKAGE__-
>register_method ({
344 name
=> 'profile_list_users',
345 path
=> '{profile}/users',
347 description
=> "List LDAP users.",
348 permissions
=> { check
=> [ 'admin' ] },
352 additionalProperties
=> 0,
355 description
=> "Profile ID.",
356 type
=> 'string', format
=> 'pve-configid',
365 dn
=> { type
=> 'string'},
366 account
=> { type
=> 'string'},
367 pmail
=> { type
=> 'string'},
370 links
=> [ { rel
=> 'child', href
=> "{pmail}" } ],
375 my $cfg = PMG
::LDAPConfig-
>new();
376 my $ids = $cfg->{ids
};
378 my $profile = $param->{profile
};
380 die "LDAP profile '$profile' does not exist\n"
381 if !$ids->{$profile};
383 my $config = $ids->{$profile};
385 return [] if $config->{disable
};
387 my $ldapcache = PMG
::LDAPCache-
>new(
388 id
=> $profile, syncmode
=> 1, %$config);
390 return $ldapcache->list_users();
393 __PACKAGE__-
>register_method ({
394 name
=> 'address_list',
395 path
=> '{profile}/users/{email}',
397 description
=> "Get all email addresses for the specified user.",
398 permissions
=> { check
=> [ 'admin' ] },
402 additionalProperties
=> 0,
405 description
=> "Profile ID.",
406 type
=> 'string', format
=> 'pve-configid',
409 description
=> "Email address.",
410 type
=> 'string', format
=> 'email',
419 primary
=> { type
=> 'boolean'},
420 email
=> { type
=> 'string'},
427 my $cfg = PMG
::LDAPConfig-
>new();
428 my $ids = $cfg->{ids
};
430 my $profile = $param->{profile
};
432 die "LDAP profile '$profile' does not exist\n"
433 if !$ids->{$profile};
435 my $config = $ids->{$profile};
437 die "profile '$profile' is disabled\n" if $config->{disable
};
439 my $ldapcache = PMG
::LDAPCache-
>new(
440 id
=> $profile, syncmode
=> 1, %$config);
442 my $res = $ldapcache->list_addresses($param->{email
});
444 die "unable to find ldap user with email address '$param->{email}'\n"
451 __PACKAGE__-
>register_method ({
452 name
=> 'profile_list_groups',
453 path
=> '{profile}/groups',
455 description
=> "List LDAP groups.",
456 permissions
=> { check
=> [ 'admin' ] },
460 additionalProperties
=> 0,
463 description
=> "Profile ID.",
464 type
=> 'string', format
=> 'pve-configid',
473 dn
=> { type
=> 'string'},
474 gid
=> { type
=> 'number' },
477 links
=> [ { rel
=> 'child', href
=> "{gid}" } ],
482 my $cfg = PMG
::LDAPConfig-
>new();
483 my $ids = $cfg->{ids
};
485 my $profile = $param->{profile
};
487 die "LDAP profile '$profile' does not exist\n"
488 if !$ids->{$profile};
490 my $config = $ids->{$profile};
492 return [] if $config->{disable
};
494 my $ldapcache = PMG
::LDAPCache-
>new(
495 id
=> $profile, syncmode
=> 1, %$config);
497 return $ldapcache->list_groups();
500 __PACKAGE__-
>register_method ({
501 name
=> 'profile_list_group_members',
502 path
=> '{profile}/groups/{gid}',
504 description
=> "List LDAP group members.",
505 permissions
=> { check
=> [ 'admin' ] },
509 additionalProperties
=> 0,
512 description
=> "Profile ID.",
513 type
=> 'string', format
=> 'pve-configid',
516 description
=> "Group ID",
526 dn
=> { type
=> 'string'},
527 account
=> { type
=> 'string' },
528 pmail
=> { type
=> 'string' },
535 my $cfg = PMG
::LDAPConfig-
>new();
536 my $ids = $cfg->{ids
};
538 my $profile = $param->{profile
};
540 die "LDAP profile '$profile' does not exist\n"
541 if !$ids->{$profile};
543 my $config = $ids->{$profile};
545 return [] if $config->{disable
};
547 my $ldapcache = PMG
::LDAPCache-
>new(
548 id
=> $profile, syncmode
=> 1, %$config);
550 return $ldapcache->list_users($param->{gid
});