]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/RuleDB/LDAPUser.pm
1 package PMG
::RuleDB
::LDAPUser
;
11 use PMG
::RuleDB
::Object
;
16 use base
qw(PMG::RuleDB::Object);
31 my ($type, $ldapuser, $profile, $ogroup) = @_;
33 my $class = ref($type) || $type;
35 my $self = $class->SUPER::new
($class->otype(), $ogroup);
37 $self->{ldapuser
} = $ldapuser // '';
38 $self->{profile
} = $profile // '';
44 my ($type, $ruledb, $id, $ogroup, $value) = @_;
46 my $class = ref($type) || $type;
48 defined($value) || die "undefined value: ERROR";
51 if ($value =~ m/^([^:]*):(.*)$/) {
52 $obj = $class->new($2, $1, $ogroup);
53 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, $2, $1, $ogroup);
55 $obj = $class->new($value, '', $ogroup);
56 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, $value, '#', $ogroup);
65 my ($self, $ruledb) = @_;
67 defined($self->{ogroup
}) || die "undefined ogroup: ERROR";
68 defined($self->{ldapuser
}) || die "undefined ldap user: ERROR";
69 defined($self->{profile
}) || die "undefined ldap profile: ERROR";
71 my $user = $self->{ldapuser
};
72 my $profile = $self->{profile
};
74 my $confdata = "$profile:$user";
76 if (defined($self->{id
})) {
80 "UPDATE Object SET Value = ? WHERE ID = ?",
81 undef, $confdata, $self->{id
});
86 # check if it exists first
87 if (my $id = PMG
::Utils
::get_existing_object_id
(
96 my $sth = $ruledb->{dbh
}->prepare(
97 "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
100 $sth->execute($self->{ogroup
}, $self->otype, $confdata);
102 $self->{id
} = PMG
::Utils
::lastid
($ruledb->{dbh
}, 'object_id_seq');
109 my ($ldap, $addr, $user, $profile) = @_;
111 return $ldap->account_has_address($user, $addr, $profile);
115 my ($self, $addr, $ip, $ldap) = @_;
119 return test_ldap
($ldap, $addr, $self->{ldapuser
}, $self->{profile
});
125 my $user = $self->{ldapuser
};
126 my $profile = $self->{profile
};
131 $desc = "LDAP user '$user', profile '$profile'";
133 $desc = "LDAP user without profile - fail always";
144 description
=> "Profile ID.",
145 type
=> 'string', format
=> 'pve-configid',
148 description
=> "LDAP user account name.",
160 account
=> $self->{ldapuser
},
161 profile
=> $self->{profile
},
166 my ($self, $param) = @_;
168 my $profile = $param->{profile
};
169 my $cfg = PVE
::INotify
::read_file
("pmg-ldap.conf");
170 my $config = $cfg->{ids
}->{$profile};
171 die "LDAP profile '$profile' does not exist\n" if !$config;
173 my $account = $param->{account
};
174 my $ldapcache = PMG
::LDAPCache-
>new(
175 id
=> $profile, syncmode
=> 1, %$config);
177 die "LDAP acoount '$account' does not exist\n"
178 if !$ldapcache->account_exists($account);
180 $self->{ldapuser
} = $account;
181 $self->{profile
} = $profile;
188 =head1 PMG::RuleDB::LDAPUser
190 A WHO object to check LDAP users
196 An LDAP user account (ignore case).
200 The LDAP profile name
204 $obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name');