]>
git.proxmox.com Git - pmg-api.git/blob - PMG/API2/LDAP.pm
1 package PMG
::API2
::LDAP
;
8 use PVE
::Tools
qw(extract_param);
9 use HTTP
::Status
qw(:constants);
10 use Storable
qw(dclone);
11 use PVE
::JSONSchema
qw(get_standard_option);
18 use base
qw(PVE::RESTHandler);
20 my $ldapconfigfile = "pmg-ldap.conf";
22 __PACKAGE__-
>register_method ({
26 description
=> "LDAP server list.",
30 additionalProperties
=> 0,
38 section
=> { type
=> 'string'},
39 disable
=> { type
=> 'boolean' },
40 server1
=> { type
=> 'string'},
41 server2
=> { type
=> 'string', optional
=> 1},
42 comment
=> { type
=> 'string', optional
=> 1},
43 mode
=> { type
=> 'string'},
46 links
=> [ { rel
=> 'child', href
=> "{section}" } ],
51 my $ldap_cfg = PVE
::INotify
::read_file
($ldapconfigfile);
55 if (defined($ldap_cfg)) {
56 foreach my $section (keys %{$ldap_cfg->{ids
}}) {
57 my $d = $ldap_cfg->{ids
}->{$section};
60 disable
=> $d->{disable
} ?
1 : 0,
61 server1
=> $d->{server1
},
62 mode
=> $d->{mode
} // 'ldap',
64 $entry->{server2
} = $d->{server2
} if defined($d->{server2
});
65 $entry->{comment
} = $d->{comment
} if defined($d->{comment
});
73 my $forced_ldap_sync = sub {
74 my ($section, $config) = @_;
76 my $ldapcache = PMG
::LDAPCache-
>new(
77 id
=> $section, syncmode
=> 2, %$config);
79 die $ldapcache->{errors
} if $ldapcache->{errors
};
81 die "unable to find valid email addresses\n"
82 if !$ldapcache->{mcount
};
85 __PACKAGE__-
>register_method ({
91 description
=> "Add LDAP server.",
92 parameters
=> PMG
::LDAPConfig-
>createSchema(1),
93 returns
=> { type
=> 'null' },
99 my $cfg = PVE
::INotify
::read_file
($ldapconfigfile);
103 my $ids = $cfg->{ids
};
105 my $section = extract_param
($param, 'section');
106 my $type = $param->{type
};
108 die "LDAP entry '$section' already exists\n"
111 my $config = PMG
::LDAPConfig-
>check_config($section, $param, 1, 1);
113 $ids->{$section} = $config;
115 $forced_ldap_sync->($section, $config)
116 if !$config->{disable
};
118 PVE
::INotify
::write_file
($ldapconfigfile, $cfg);
121 PMG
::LDAPConfig
::lock_config
($code, "add LDAP entry failed");
126 __PACKAGE__-
>register_method ({
130 description
=> "Get LDAP server configuration.",
134 additionalProperties
=> 0,
137 description
=> "Secion ID.",
138 type
=> 'string', format
=> 'pve-configid',
146 my $cfg = PVE
::INotify
::read_file
($ldapconfigfile);
148 my $section = $param->{section
};
150 my $data = $cfg->{ids
}->{$section};
151 die "LDAP entry '$section' does not exist\n" if !$data;
153 $data->{digest
} = $cfg->{digest
};
158 __PACKAGE__-
>register_method ({
162 description
=> "Update LDAP server settings.",
165 parameters
=> PMG
::LDAPConfig-
>updateSchema(),
166 returns
=> { type
=> 'null' },
172 my $cfg = PVE
::INotify
::read_file
($ldapconfigfile);
173 my $ids = $cfg->{ids
};
175 my $digest = extract_param
($param, 'digest');
176 PVE
::SectionConfig
::assert_if_modified
($cfg, $digest);
178 my $section = extract_param
($param, 'section');
180 die "LDAP entry '$section' does not exist\n"
181 if !$ids->{$section};
183 my $delete_str = extract_param
($param, 'delete');
184 die "no options specified\n"
185 if !$delete_str && !scalar(keys %$param);
187 foreach my $opt (PVE
::Tools
::split_list
($delete_str)) {
188 delete $ids->{$section}->{$opt};
191 my $config = PMG
::LDAPConfig-
>check_config($section, $param, 0, 1);
193 foreach my $p (keys %$config) {
194 $ids->{$section}->{$p} = $config->{$p};
197 $forced_ldap_sync->($section, $config)
198 if !$config->{disable
};
200 PVE
::INotify
::write_file
($ldapconfigfile, $cfg);
203 PMG
::LDAPConfig
::lock_config
($code, "update LDAP entry failed");
208 __PACKAGE__-
>register_method ({
212 description
=> "Delete an LDAP server entry.",
216 additionalProperties
=> 0,
219 description
=> "Secion ID.",
220 type
=> 'string', format
=> 'pve-configid',
224 returns
=> { type
=> 'null' },
230 my $cfg = PVE
::INotify
::read_file
($ldapconfigfile);
231 my $ids = $cfg->{ids
};
233 my $section = $param->{section
};
235 die "LDAP entry '$section' does not exist\n"
236 if !$ids->{$section};
238 delete $ids->{$section};
240 PMG
::LDAPCache-
>delete($section);
242 PVE
::INotify
::write_file
($ldapconfigfile, $cfg);
245 PMG
::LDAPConfig
::lock_config
($code, "delete LDAP entry failed");