]>
git.proxmox.com Git - pmg-api.git/blob - PMG/API2/LDAP.pm
1 package PMG
::API2
::LDAP
;
8 use PVE
::Tools
qw(extract_param);
9 use HTTP
::Status
qw(:constants);
10 use Storable
qw(dclone);
11 use PVE
::JSONSchema
qw(get_standard_option);
19 use base
qw(PVE::RESTHandler);
21 __PACKAGE__-
>register_method ({
25 description
=> "List configured LDAP profiles.",
27 permissions
=> { check
=> [ 'admin' ] },
29 additionalProperties
=> 0,
37 profile
=> { type
=> 'string'},
38 disable
=> { type
=> 'boolean' },
39 server1
=> { type
=> 'string'},
40 server2
=> { type
=> 'string', optional
=> 1},
41 comment
=> { type
=> 'string', optional
=> 1},
42 gcount
=> { type
=> 'integer', optional
=> 1},
43 mcount
=> { type
=> 'integer', optional
=> 1},
44 ucount
=> { type
=> 'integer', optional
=> 1},
45 mode
=> { type
=> 'string'},
48 links
=> [ { rel
=> 'child', href
=> "{profile}" } ],
53 my $ldap_cfg = PMG
::LDAPConfig-
>new();
55 my $ldap_set = PMG
::LDAPSet-
>new_from_ldap_cfg($ldap_cfg, 1);
59 if (defined($ldap_cfg)) {
60 foreach my $profile (keys %{$ldap_cfg->{ids
}}) {
61 my $d = $ldap_cfg->{ids
}->{$profile};
64 disable
=> $d->{disable
} ?
1 : 0,
65 server1
=> $d->{server1
},
66 mode
=> $d->{mode
} // 'ldap',
68 $entry->{server2
} = $d->{server2
} if defined($d->{server2
});
69 $entry->{comment
} = $d->{comment
} if defined($d->{comment
});
71 if (my $d = $ldap_set->{$profile}) {
72 foreach my $k (qw(gcount mcount ucount)) {
74 $entry->{$k} = $v if defined($v);
85 my $forced_ldap_sync = sub {
86 my ($profile, $config) = @_;
88 my $ldapcache = PMG
::LDAPCache-
>new(
89 id
=> $profile, syncmode
=> 2, %$config);
91 die $ldapcache->{errors
} if $ldapcache->{errors
};
93 die "unable to find valid email addresses\n"
94 if !$ldapcache->{mcount
};
97 __PACKAGE__-
>register_method ({
102 permissions
=> { check
=> [ 'admin' ] },
104 description
=> "Add LDAP profile.",
105 parameters
=> PMG
::LDAPConfig-
>createSchema(1),
106 returns
=> { type
=> 'null' },
112 my $cfg = PMG
::LDAPConfig-
>new();
116 my $ids = $cfg->{ids
};
118 my $profile = extract_param
($param, 'profile');
119 my $type = $param->{type
};
121 die "LDAP profile '$profile' already exists\n"
124 my $config = PMG
::LDAPConfig-
>check_config($profile, $param, 1, 1);
126 $ids->{$profile} = $config;
128 $forced_ldap_sync->($profile, $config)
129 if !$config->{disable
};
134 PMG
::LDAPConfig
::lock_config
($code, "add LDAP profile failed");
139 __PACKAGE__-
>register_method ({
140 name
=> 'profile_index',
143 description
=> "Directory index",
148 additionalProperties
=> 0,
151 description
=> "Profile ID.",
152 type
=> 'string', format
=> 'pve-configid',
161 subdir
=> { type
=> 'string'},
164 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
170 { subdir
=> 'config' },
171 { subdir
=> 'sync' },
172 { subdir
=> 'users' },
173 { subdir
=> 'groups' },
177 __PACKAGE__-
>register_method ({
178 name
=> 'read_config',
179 path
=> '{profile}/config',
181 description
=> "Get LDAP profile configuration.",
183 permissions
=> { check
=> [ 'admin' ] },
185 additionalProperties
=> 0,
188 description
=> "Profile ID.",
189 type
=> 'string', format
=> 'pve-configid',
197 my $cfg = PMG
::LDAPConfig-
>new();
199 my $profile = $param->{profile
};
201 my $data = $cfg->{ids
}->{$profile};
202 die "LDAP profile '$profile' does not exist\n" if !$data;
204 $data->{digest
} = $cfg->{digest
};
209 __PACKAGE__-
>register_method ({
210 name
=> 'update_config',
211 path
=> '{profile}/config',
213 description
=> "Update LDAP profile settings.",
214 permissions
=> { check
=> [ 'admin' ] },
217 parameters
=> PMG
::LDAPConfig-
>updateSchema(),
218 returns
=> { type
=> 'null' },
224 my $cfg = PMG
::LDAPConfig-
>new();
225 my $ids = $cfg->{ids
};
227 my $digest = extract_param
($param, 'digest');
228 PVE
::SectionConfig
::assert_if_modified
($cfg, $digest);
230 my $profile = extract_param
($param, 'profile');
232 die "LDAP profile '$profile' does not exist\n"
233 if !$ids->{$profile};
235 my $delete_str = extract_param
($param, 'delete');
236 die "no options specified\n"
237 if !$delete_str && !scalar(keys %$param);
239 foreach my $opt (PVE
::Tools
::split_list
($delete_str)) {
240 delete $ids->{$profile}->{$opt};
243 my $config = PMG
::LDAPConfig-
>check_config($profile, $param, 0, 1);
245 foreach my $p (keys %$config) {
246 $ids->{$profile}->{$p} = $config->{$p};
249 $forced_ldap_sync->($profile, $config)
250 if !$config->{disable
};
255 PMG
::LDAPConfig
::lock_config
($code, "update LDAP profile failed");
260 __PACKAGE__-
>register_method ({
261 name
=> 'sync_profile',
262 path
=> '{profile}/sync',
264 description
=> "Synchronice LDAP users to local database.",
265 permissions
=> { check
=> [ 'admin' ] },
269 additionalProperties
=> 0,
272 description
=> "Profile ID.",
273 type
=> 'string', format
=> 'pve-configid',
277 returns
=> { type
=> 'null' },
281 my $cfg = PMG
::LDAPConfig-
>new();
282 my $ids = $cfg->{ids
};
284 my $profile = extract_param
($param, 'profile');
286 die "LDAP profile '$profile' does not exist\n"
287 if !$ids->{$profile};
289 my $config = $ids->{$profile};
291 if ($config->{disable
}) {
292 die "LDAP profile '$profile' is disabled\n";
294 $forced_ldap_sync->($profile, $config)
300 __PACKAGE__-
>register_method ({
304 description
=> "Delete an LDAP profile",
305 permissions
=> { check
=> [ 'admin' ] },
309 additionalProperties
=> 0,
312 description
=> "Profile ID.",
313 type
=> 'string', format
=> 'pve-configid',
317 returns
=> { type
=> 'null' },
323 my $cfg = PMG
::LDAPConfig-
>new();
324 my $ids = $cfg->{ids
};
326 my $profile = $param->{profile
};
328 die "LDAP profile '$profile' does not exist\n"
329 if !$ids->{$profile};
331 delete $ids->{$profile};
333 PMG
::LDAPCache-
>delete($profile);
338 PMG
::LDAPConfig
::lock_config
($code, "delete LDAP profile failed");
343 __PACKAGE__-
>register_method ({
344 name
=> 'profile_list_users',
345 path
=> '{profile}/users',
347 description
=> "List LDAP users.",
348 permissions
=> { check
=> [ 'admin' ] },
352 additionalProperties
=> 0,
355 description
=> "Profile ID.",
356 type
=> 'string', format
=> 'pve-configid',
365 dn
=> { type
=> 'string'},
366 account
=> { type
=> 'string'},
367 pmail
=> { type
=> 'string'},
374 my $cfg = PMG
::LDAPConfig-
>new();
375 my $ids = $cfg->{ids
};
377 my $profile = $param->{profile
};
379 die "LDAP profile '$profile' does not exist\n"
380 if !$ids->{$profile};
382 my $config = $ids->{$profile};
384 return [] if $config->{disable
};
386 my $ldapcache = PMG
::LDAPCache-
>new(
387 id
=> $profile, syncmode
=> 1, %$config);
389 return $ldapcache->list_users();
392 __PACKAGE__-
>register_method ({
393 name
=> 'address_list',
394 path
=> '{profile}/users/{email}',
396 description
=> "Get all email addresses for the specified user.",
397 permissions
=> { check
=> [ 'admin' ] },
401 additionalProperties
=> 0,
404 description
=> "Profile ID.",
405 type
=> 'string', format
=> 'pve-configid',
408 description
=> "Email address.",
409 type
=> 'string', format
=> 'email',
418 primary
=> { type
=> 'boolean'},
419 email
=> { type
=> 'string'},
426 my $cfg = PMG
::LDAPConfig-
>new();
427 my $ids = $cfg->{ids
};
429 my $profile = $param->{profile
};
431 die "LDAP profile '$profile' does not exist\n"
432 if !$ids->{$profile};
434 my $config = $ids->{$profile};
436 die "profile '$profile' is disabled\n" if $config->{disable
};
438 my $ldapcache = PMG
::LDAPCache-
>new(
439 id
=> $profile, syncmode
=> 1, %$config);
441 my $res = $ldapcache->list_addresses($param->{email
});
443 die "unable to find ldap user with email address '$param->{email}'\n"
450 __PACKAGE__-
>register_method ({
451 name
=> 'profile_list_groups',
452 path
=> '{profile}/groups',
454 description
=> "List LDAP groups.",
455 permissions
=> { check
=> [ 'admin' ] },
459 additionalProperties
=> 0,
462 description
=> "Profile ID.",
463 type
=> 'string', format
=> 'pve-configid',
472 dn
=> { type
=> 'string'},
479 my $cfg = PMG
::LDAPConfig-
>new();
480 my $ids = $cfg->{ids
};
482 my $profile = $param->{profile
};
484 die "LDAP profile '$profile' does not exist\n"
485 if !$ids->{$profile};
487 my $config = $ids->{$profile};
489 return [] if $config->{disable
};
491 my $ldapcache = PMG
::LDAPCache-
>new(
492 id
=> $profile, syncmode
=> 1, %$config);
494 return $ldapcache->list_groups();