]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/RuleDB/LDAPUser.pm
1 package PMG
::RuleDB
::LDAPUser
;
12 use PMG
::RuleDB
::Object
;
17 use base
qw(PMG::RuleDB::Object);
32 my ($type, $ldapuser, $profile, $ogroup) = @_;
34 my $class = ref($type) || $type;
36 my $self = $class->SUPER::new
($class->otype(), $ogroup);
38 $self->{ldapuser
} = $ldapuser // '';
39 $self->{profile
} = $profile // '';
45 my ($type, $ruledb, $id, $ogroup, $value) = @_;
47 my $class = ref($type) || $type;
49 defined($value) || die "undefined value: ERROR";
51 my $decoded = PMG
::Utils
::try_decode_utf8
($value);
54 if ($decoded =~ m/^([^:]*):(.*)$/) {
55 $obj = $class->new($2, $1, $ogroup);
56 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, encode
('UTF-8', $2), encode
('UTF-8', $1), $ogroup);
58 $obj = $class->new($decoded, '', $ogroup);
59 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, $value, '#', $ogroup);
68 my ($self, $ruledb) = @_;
70 defined($self->{ogroup
}) || die "undefined ogroup: ERROR";
71 defined($self->{ldapuser
}) || die "undefined ldap user: ERROR";
72 defined($self->{profile
}) || die "undefined ldap profile: ERROR";
74 my $user = $self->{ldapuser
};
75 my $profile = $self->{profile
};
77 my $confdata = encode
('UTF-8', "$profile:$user");
79 if (defined($self->{id
})) {
83 "UPDATE Object SET Value = ? WHERE ID = ?",
84 undef, $confdata, $self->{id
});
89 # check if it exists first
90 if (my $id = PMG
::Utils
::get_existing_object_id
(
99 my $sth = $ruledb->{dbh
}->prepare(
100 "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
101 "VALUES (?, ?, ?);");
103 $sth->execute($self->{ogroup
}, $self->otype, $confdata);
105 $self->{id
} = PMG
::Utils
::lastid
($ruledb->{dbh
}, 'object_id_seq');
112 my ($ldap, $addr, $user, $profile) = @_;
114 return $ldap->account_has_address($user, $addr, $profile);
118 my ($self, $addr, $ip, $ldap) = @_;
122 return test_ldap
($ldap, $addr, $self->{ldapuser
}, $self->{profile
});
128 my $user = $self->{ldapuser
};
129 my $profile = $self->{profile
};
134 $desc = "LDAP user '$user', profile '$profile'";
136 $desc = "LDAP user without profile - fail always";
147 description
=> "Profile ID.",
148 type
=> 'string', format
=> 'pve-configid',
151 description
=> "LDAP user account name.",
163 account
=> $self->{ldapuser
},
164 profile
=> $self->{profile
},
169 my ($self, $param) = @_;
171 my $profile = $param->{profile
};
172 my $cfg = PVE
::INotify
::read_file
("pmg-ldap.conf");
173 my $config = $cfg->{ids
}->{$profile};
174 die "LDAP profile '$profile' does not exist\n" if !$config;
176 my $account = $param->{account
};
177 my $ldapcache = PMG
::LDAPCache-
>new(
178 id
=> $profile, syncmode
=> 1, %$config);
180 die "LDAP acoount '$account' does not exist\n"
181 if !$ldapcache->account_exists($account);
183 $self->{ldapuser
} = $account;
184 $self->{profile
} = $profile;
191 =head1 PMG::RuleDB::LDAPUser
193 A WHO object to check LDAP users
199 An LDAP user account (ignore case).
203 The LDAP profile name
207 $obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name');