bump version to 8.2.1

[pve-common.git] / src / PVE / LDAP.pm

diff --git a/src/PVE/LDAP.pm b/src/PVE/LDAP.pm
index cb889776d88f6aff73c35d35ab276ad8c864e15d..16a0a8ec5f2f487704bd98b0c78f39910164a5f8 100644 (file)
--- a/src/PVE/LDAP.pm
+++ b/src/PVE/LDAP.pm
@@ -22,7 +22,6 @@ sub ldap_connect {
        scheme => $scheme,
        port => $port,
        timeout => 10,
-       onerror => 'die',
     );
 
     my $hosts = [];
@@ -38,10 +37,11 @@ sub ldap_connect {
        $ldap_opts{$opt} = $opts->{$opt} if $opts->{$opt};
     }
 
-    my $ldap = Net::LDAP->new($hosts, %ldap_opts) || die $@;
+    my $ldap = Net::LDAP->new($hosts, %ldap_opts) || die "$@\n";
 
     if ($start_tls) {
-       $ldap->start_tls(%$opts);
+       my $res = $ldap->start_tls(%$opts);
+       die $res->error . "\n" if $res->code;
     }
 
     return $ldap;
@@ -73,6 +73,7 @@ sub get_user_dn {
        filter  => "$attr=$name",
        attrs   => ['dn']
     );
+    die $result->error . "\n" if $result->code;
     return undef if !$result->entries;
     my @entries = $result->entries;
     return $entries[0]->dn;
@@ -80,6 +81,12 @@ sub get_user_dn {
 
 sub auth_user_dn {
     my ($ldap, $dn, $pw, $noerr) = @_;
+
+    if (!$dn) {
+       return undef if $noerr;
+       die "user dn is empty\n";
+    }
+
     my $res = $ldap->bind($dn, password => $pw);
 
     my $code = $res->code;
@@ -87,14 +94,14 @@ sub auth_user_dn {
 
     if ($code) {
        return undef if $noerr;
-       die $err;
+       die "$err\n";
     }
 
     return 1;
 }
 
 sub query_users {
-    my ($ldap, $filter, $attributes, $base_dn) = @_;
+    my ($ldap, $filter, $attributes, $base_dn, $classes) = @_;
 
     # build filter from given filter and attribute list
     my $tmp = "(|";
@@ -103,6 +110,14 @@ sub query_users {
     }
     $tmp .= ")";
 
+    if ($classes) {
+       $tmp = "(&$tmp(|";
+       for my $class (@$classes) {
+           $tmp .= "(objectclass=$class)";
+       }
+       $tmp .= "))";
+    }
+
     if ($filter) {
        $filter = "($filter)" if $filter !~ m/^\(.*\)$/;
        $filter = "(&${filter}${tmp})"
@@ -170,13 +185,13 @@ sub query_users {
        $err = "LDAP user query unsuccessful" if !$err;
     }
 
-    die $err if $err;
+    die "$err\n" if $err;
 
     return $users;
 }
 
 sub query_groups {
-    my ($ldap, $base_dn, $classes, $filter) = @_;
+    my ($ldap, $base_dn, $classes, $filter, $group_name_attr) = @_;
 
     my $tmp = "(|";
     for my $class (@$classes) {
@@ -193,12 +208,14 @@ sub query_groups {
 
     my $page = Net::LDAP::Control::Paged->new(size => 100);
 
+    my $attrs = [ 'member', 'uniqueMember' ];
+    push @$attrs, $group_name_attr if $group_name_attr;
     my @args = (
        base     => $base_dn,
        scope    => "subtree",
        filter   => $filter,
        control  => [ $page ],
-       attrs    => [ 'member', 'uniqueMember' ],
+       attrs    => $attrs,
     );
 
     my $cookie;
@@ -225,6 +242,9 @@ sub query_groups {
                $members = [$entry->get_value('uniqueMember')];
            }
            $group->{members} = $members;
+           if ($group_name_attr && (my $name = $entry->get_value($group_name_attr))) {
+               $group->{name} = $name;
+           }
            push @$groups, $group;
        }
 
@@ -246,7 +266,7 @@ sub query_groups {
        $err = "LDAP group query unsuccessful" if !$err;
     }
 
-    die $err if $err;
+    die "$err\n" if $err;
 
     return $groups;
 }