use PMG::RuleDB::IPNet;
use PMG::RuleDB::Domain;
use PMG::RuleDB::ReceiverDomain;
-# fixme:
-#use Proxmox::RuleDB::LDAP;
+use PMG::RuleDB::LDAP;
use PMG::RuleDB::LDAPUser;
use PMG::RuleDB::TimeFrame;
use PMG::RuleDB::Spam;
elsif ($otype == PMG::RuleDB::IPNet::otype) {
$obj = PMG::RuleDB::IPNet->new();
}
-# fixme
-# elsif ($otype == Proxmox::RuleDB::LDAP::otype) {
-# $obj = Proxmox::RuleDB::LDAP->new();
-# }
+ elsif ($otype == PMG::RuleDB::LDAP::otype) {
+ $obj = PMG::RuleDB::LDAP->new();
+ }
elsif ($otype == PMG::RuleDB::LDAPUser::otype) {
$obj = PMG::RuleDB::LDAPUser->new();
}
--- /dev/null
+package PMG::RuleDB::LDAP;
+
+use strict;
+use warnings;
+use DBI;
+
+use PMG::Utils;
+use PMG::RuleDB::Object;
+use PMG::LDAPCache;
+use PMG::LDAPSet;
+
+use base qw(PMG::RuleDB::Object);
+
+sub otype {
+ return 1005;
+}
+
+sub oclass {
+ return 'who';
+}
+
+sub otype_text {
+ return 'LDAP Group';
+}
+
+sub oicon {
+ return 'group.gif';
+}
+
+sub new {
+ my ($type, $ldapgroup, $profile, $ogroup) = @_;
+
+ my $class = ref($type) || $type;
+
+ my $self = $class->SUPER::new($class->otype(), $ogroup);
+
+ $self->{ldapgroup} = $ldapgroup // '';
+ $self->{profile} = $profile // '';
+
+ return $self;
+}
+
+sub load_attr {
+ my ($type, $ruledb, $id, $ogroup, $value) = @_;
+
+ my $class = ref($type) || $type;
+
+ defined($value) || die "undefined value: ERROR";
+
+ my $obj;
+ if ($value =~ m/^([^:]*):(.*)$/) {
+ $obj = $class->new($2, $1, $ogroup);
+ $obj->{digest} = Digest::SHA::sha1_hex ($id, $2, $1, $ogroup);
+ } else {
+ $obj = $class->new ($value, '', $ogroup);
+ $obj->{digest} = Digest::SHA::sha1_hex ($id, $value, '#', $ogroup);
+ }
+
+ $obj->{id} = $id;
+
+ return $obj;
+}
+
+sub save {
+ my ($self, $ruledb) = @_;
+
+ defined($self->{ogroup}) || die "undefined ogroup: ERROR";
+ defined($self->{ldapgroup}) || die "undefined ldap group: ERROR";
+ defined($self->{profile}) || die "undefined ldap profile: ERROR";
+
+ my $grp = $self->{ldapgroup};
+ my $profile = $self->{profile};
+
+ my $confdata = "$profile:$grp";
+
+ if (defined ($self->{id})) {
+ # update
+
+ $ruledb->{dbh}->do(
+ "UPDATE Object SET Value = ? WHERE ID = ?",
+ undef, $confdata, $self->{id});
+
+ } else {
+ # insert
+
+ my $sth = $ruledb->{dbh}->prepare(
+ "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
+ "VALUES (?, ?, ?);");
+
+ $sth->execute($self->{ogroup}, $self->otype, $confdata);
+
+ $self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq');
+ }
+
+ return $self->{id};
+}
+
+sub test_ldap {
+ my ($ldap, $addr, $group, $profile) = @_;
+
+ if ($group eq '') {
+ return $ldap->mail_exists($addr, $profile);
+ } elsif ($group eq '-') {
+ return !$ldap->mail_exists($addr, $profile);
+ } else {
+ return $ldap->user_in_group ($addr, $group, $profile);
+ }
+}
+
+sub who_match {
+ my ($self, $addr, $ip, $ldap) = @_;
+
+ return 0 if !$ldap;
+
+ return test_ldap($ldap, $addr, $self->{ldapgroup}, $self->{profile});
+}
+
+1;
+
+__END__
+
+=head1 PMG::RuleDB::LDAP
+
+A WHO object to check LDAP groups
+
+=head2 Attribues
+
+=head3 ldapgroup
+
+An LDAP group (ignore case).
+
+=head3 profile
+
+The LDAP profile name
+
+=head2 Examples
+
+ $obj = PMG::RuleDB::LDAP>new ('groupname', 'profile_name');