test LDAP connection before adding entries

diff --git a/PMG/API2/LDAP.pm b/PMG/API2/LDAP.pm
index af02cf5b1cbd5ce1f77f961db1cb531257259327..15cfdf779701eb543a7d0a779fed7e5ad97356ac 100644 (file)
--- a/PMG/API2/LDAP.pm
+++ b/PMG/API2/LDAP.pm
@@ -13,6 +13,7 @@ use PVE::RESTHandler;
 use PVE::INotify;
 
 use PMG::LDAPConfig;
+use PMG::LDAPCache;
 
 use base qw(PVE::RESTHandler);
 
@@ -100,6 +101,16 @@ __PACKAGE__->register_method ({
 
            $ids->{$section} = $config;
 
+           if (!$config->{disable}) {
+
+               # test ldap bind
+
+               my $ldapcache = PMG::LDAPCache->new(
+                   id => $section, syncmode => 1, %$config);
+
+               $ldapcache->ldap_connect_and_bind();
+           }
+
            PVE::INotify::write_file($ldapconfigfile, $cfg);
        };
 
@@ -179,6 +190,16 @@ __PACKAGE__->register_method ({
                $ids->{$section}->{$p} = $config->{$p};
            }
 
+           if (!$config->{disable}) {
+
+               # test ldap bind
+
+               my $ldapcache = PMG::LDAPCache->new(
+                   id => $section, syncmode => 1, %$config);
+
+               $ldapcache->ldap_connect_and_bind();
+           }
+
            PVE::INotify::write_file($ldapconfigfile, $cfg);
        };
 

diff --git a/PMG/LDAPCache.pm b/PMG/LDAPCache.pm
index 7448817d552c7215ce99efe5639b8fe7dc4c0ca3..e2e9192eef650d647d3e5de6083757a5e2552c51 100755 (executable)
--- a/PMG/LDAPCache.pm
+++ b/PMG/LDAPCache.pm
@@ -344,6 +344,30 @@ sub ldap_connect {
     return $ldap;
 }
 
+sub ldap_connect_and_bind {
+     my ($self) = @_;
+
+     my $ldap = $self->ldap_connect() ||
+        die "Can't bind to ldap server '$self->{id}': $!\n";
+
+     my $mesg;
+
+     if ($self->{binddn}) {
+        $mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
+     } else {
+        $mesg = $ldap->bind(); # anonymous bind
+     }
+
+     die "ldap bind failed: " . $mesg->error . "\n" if $mesg->code;
+
+     if (!$self->{basedn}) {
+        my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
+        $self->{basedn} = $root->get_value('defaultNamingContext');
+     }
+
+     return $ldap;
+}
+
 sub sync_database {
     my ($self) = @_;
 
@@ -354,35 +378,15 @@ sub sync_database {
 
     syslog('info', "syncing ldap database '$self->{id}'");
 
-    my $ldap = $self->ldap_connect();
-
-    if (!$ldap) {
-       my $err = "Can't bind to ldap server '$self->{id}': $!";
-       $self->{errors} .= "$err\n";
-       syslog('err', $err);
-       return;
-    }
-
-    my $mesg;
-
-    if ($self->{binddn}) {
-       $mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
-    } else {
-       $mesg = $ldap->bind(); # anonymous bind
-    }
+    my $ldap;
 
-    if ($mesg->code) {
-       my $err = "ldap bind failed: " . $mesg->error;
+    eval { $ldap = $self->ldap_connect_and_bind(); };
+    if (my $err = $@) {
        $self->{errors} .= "$err\n";
        syslog('err', $err);
        return;
     }
 
-    if (!$self->{basedn}) {
-       my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
-       $self->{basedn} = $root->get_value('defaultNamingContext');
-    }
-
     # open temporary database files
 
     my $olddbh = {};
@@ -473,6 +477,8 @@ sub sync_database {
            $self->{gcount} = $self->{dbstat}->{groups}->{idcount};
            $self->{ucount} = __count_entries($self->{dbstat}->{accounts}->{dbh});
            $self->{mcount} = __count_entries($self->{dbstat}->{mails}->{dbh});
+
+           syslog('info', "ldap sync '$self->{id}' successful ($self->{mcount})");
        }
     }
 }