]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/AD.pm
8 use base
qw(PVE::Auth::Plugin);
17 description
=> "Server IP address (or DNS name)",
19 pattern
=> '[\w\d]+(.[\w\d]+)*',
23 description
=> "Fallback Server IP address (or DNS name)",
26 pattern
=> '[\w\d]+(.[\w\d]+)*',
30 description
=> "Use secure LDAPS protocol.",
36 description
=> "Use this as default realm",
41 description
=> "Description.",
47 description
=> "Server port.",
54 description
=> "AD domain name",
60 tfa
=> PVE
::JSONSchema
::get_standard_option
('tfa'),
67 server2
=> { optional
=> 1 },
69 port
=> { optional
=> 1 },
70 secure
=> { optional
=> 1 },
71 default => { optional
=> 1 },,
72 comment
=> { optional
=> 1 },
73 tfa
=> { optional
=> 1 },
77 my $authenticate_user_ad = sub {
78 my ($config, $server, $username, $password) = @_;
80 my $default_port = $config->{secure
} ?
636: 389;
81 my $port = $config->{port
} ?
$config->{port
} : $default_port;
82 my $scheme = $config->{secure
} ?
'ldaps' : 'ldap';
83 my $conn_string = "$scheme://${server}:$port";
85 my $ldap = Net
::LDAP-
>new($conn_string) || die "$@\n";
87 $username = "$username\@$config->{domain}"
88 if $username !~ m/@/ && $config->{domain
};
90 my $res = $ldap->bind($username, password
=> $password);
92 my $code = $res->code();
93 my $err = $res->error;
97 die "$err\n" if ($code);
100 sub authenticate_user
{
101 my ($class, $config, $realm, $username, $password) = @_;
103 eval { &$authenticate_user_ad($config, $config->{server1
}, $username, $password); };
106 die $err if !$config->{server2
};
107 &$authenticate_user_ad($config, $config->{server2
}, $username, $password);