]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/RuleDB/LDAPUser.pm
7a197993db45c22fcc7788aae62012f10f811d92
1 package PMG
::RuleDB
::LDAPUser
;
11 use PMG
::RuleDB
::Object
;
16 use base
qw(PMG::RuleDB::Object);
31 my ($type, $ldapuser, $profile, $ogroup) = @_;
33 my $class = ref($type) || $type;
35 my $self = $class->SUPER::new
($class->otype(), $ogroup);
37 $self->{ldapuser
} = $ldapuser // '';
38 $self->{profile
} = $profile // '';
44 my ($type, $ruledb, $id, $ogroup, $value) = @_;
46 my $class = ref($type) || $type;
48 defined($value) || die "undefined value: ERROR";
51 if ($value =~ m/^([^:]*):(.*)$/) {
52 $obj = $class->new($2, $1, $ogroup);
53 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, $2, $1, $ogroup);
55 $obj = $class->new($value, '', $ogroup);
56 $obj->{digest
} = Digest
::SHA
::sha1_hex
($id, $value, '#', $ogroup);
65 my ($self, $ruledb) = @_;
67 defined($self->{ogroup
}) || die "undefined ogroup: ERROR";
68 defined($self->{ldapuser
}) || die "undefined ldap user: ERROR";
69 defined($self->{profile
}) || die "undefined ldap profile: ERROR";
71 my $user = $self->{ldapuser
};
72 my $profile = $self->{profile
};
74 my $confdata = "$profile:$user";
76 if (defined($self->{id
})) {
80 "UPDATE Object SET Value = ? WHERE ID = ?",
81 undef, $confdata, $self->{id
});
86 my $sth = $ruledb->{dbh
}->prepare(
87 "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
90 $sth->execute($self->{ogroup
}, $self->otype, $confdata);
92 $self->{id
} = PMG
::Utils
::lastid
($ruledb->{dbh
}, 'object_id_seq');
99 my ($ldap, $addr, $user, $profile) = @_;
101 return $ldap->account_has_address($user, $addr, $profile);
105 my ($self, $addr, $ip, $ldap) = @_;
109 return test_ldap
($ldap, $addr, $self->{ldapuser
}, $self->{profile
});
115 my $user = $self->{ldapuser
};
116 my $profile = $self->{profile
};
121 $desc = "LDAP user '$user', profile '$profile'";
123 $desc = "LDAP user without profile - fail always";
134 description
=> "Profile ID.",
135 type
=> 'string', format
=> 'pve-configid',
138 description
=> "LDAP user account name.",
150 account
=> $self->{ldapuser
},
151 profile
=> $self->{profile
},
156 my ($self, $param) = @_;
158 my $profile = $param->{profile
};
159 my $cfg = PVE
::INotify
::read_file
("pmg-ldap.conf");
160 my $config = $cfg->{ids
}->{$profile};
161 die "LDAP profile '$profile' does not exist\n" if !$config;
163 my $account = $param->{account
};
164 my $ldapcache = PMG
::LDAPCache-
>new(
165 id
=> $profile, syncmode
=> 1, %$config);
167 die "LDAP acoount '$account' does not exist\n"
168 if !$ldapcache->account_exists($account);
170 $self->{ldapuser
} = $account;
171 $self->{profile
} = $profile;
178 =head1 PMG::RuleDB::LDAPUser
180 A WHO object to check LDAP users
186 An LDAP user account (ignore case).
190 The LDAP profile name
194 $obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name');