use base qw(PVE::SectionConfig);
+PVE::JSONSchema::register_format('ldap-simple-attr', \&verify_ldap_simple_attr);
+sub verify_ldap_simple_attr {
+ my ($attr, $noerr) = @_;
+
+ if ($attr =~ m/^[a-zA-Z0-9]+$/) {
+ return $attr;
+ }
+
+ die "value '$attr' does not look like a simple ldap attribute name\n" if !$noerr;
+
+ return undef;
+}
+
my $inotify_file_id = 'pmg-ldap.conf';
my $config_filename = '/etc/pmg/ldap.conf';
},
};
+
sub properties {
return {
disable => {
},
accountattr => {
description => "Account attribute name name.",
- type => 'string',
- pattern => '[a-zA-Z0-9]+',
- default => 'sAMAccountName',
+ type => 'string', format => 'ldap-simple-attr-list',
+ default => 'sAMAccountName, uid',
},
mailattr => {
description => "List of mail attribute names.",
- type => 'string', format => 'string-list',
- pattern => '[a-zA-Z0-9]+',
- default => "mail, userPrincipalName, proxyAddresses, othermailbox",
+ type => 'string', format => 'ldap-simple-attr-list',
+ default => "mail, userPrincipalName, proxyAddresses, othermailbox, mailAlternativeAddress",
+ },
+ groupclass => {
+ description => "List of objectclasses for groups.",
+ type => 'string', format => 'ldap-simple-attr-list',
+ default => "group, univentionGroup, ipausergroup",
},
};
}
filter => { optional => 1 },
accountattr => { optional => 1 },
mailattr => { optional => 1 },
+ groupclass => { optional => 1 },
};
}
local $/ = undef; # slurp mode
- my $raw = <$fh>;
+ my $raw = defined($fh) ? <$fh> : '';
return __PACKAGE__->parse_config($filename, $raw);
}
my $raw = __PACKAGE__->write_config($filename, $cfg);
- chmod(0600, $fh);
+ my $gid = getgrnam('www-data');
+ chown(0, $gid, $fh);
+ chmod(0640, $fh);
PVE::Tools::safe_print($filename, $fh, $raw);
}
PVE::INotify::register_file($inotify_file_id, $config_filename,
\&read_pmg_ldap_conf,
- \&write_pmg_ldap_conf);
+ \&write_pmg_ldap_conf,
+ undef,
+ always_call_parser => 1);
1;