method => 'GET',
description => "List configured LDAP profiles.",
proxyto => 'master',
- protected => 1,
+ permissions => { check => [ 'admin' ] },
parameters => {
additionalProperties => 0,
properties => {},
path => '',
method => 'POST',
proxyto => 'master',
+ permissions => { check => [ 'admin' ] },
protected => 1,
description => "Add LDAP profile.",
parameters => PMG::LDAPConfig->createSchema(1),
path => '{profile}',
method => 'GET',
description => "Directory index",
+ permissions => {
+ user => 'all',
+ },
parameters => {
additionalProperties => 0,
properties => {
method => 'GET',
description => "Get LDAP profile configuration.",
proxyto => 'master',
- protected => 1,
+ permissions => { check => [ 'admin' ] },
parameters => {
additionalProperties => 0,
properties => {
path => '{profile}/config',
method => 'PUT',
description => "Update LDAP profile settings.",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => PMG::LDAPConfig->updateSchema(),
path => '{profile}/sync',
method => 'POST',
description => "Synchronice LDAP users to local database.",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => {
path => '{profile}',
method => 'DELETE',
description => "Delete an LDAP profile",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => {
path => '{profile}/users',
method => 'GET',
description => "List LDAP users.",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => {
path => '{profile}/users/{email}',
method => 'GET',
description => "Get all email addresses for the specified user.",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => {
path => '{profile}/groups',
method => 'GET',
description => "List LDAP groups.",
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'master',
parameters => {
local $/ = undef; # slurp mode
- my $raw = <$fh>;
+ my $raw = defined($fh) ? <$fh> : '';
return __PACKAGE__->parse_config($filename, $raw);
}
my $raw = __PACKAGE__->write_config($filename, $cfg);
- chmod(0600, $fh);
+ my $gid = getgrnam('www-data');
+ chown(0, $gid, $fh);
+ chmod(0640, $fh);
PVE::Tools::safe_print($filename, $fh, $raw);
}
PVE::INotify::register_file($inotify_file_id, $config_filename,
\&read_pmg_ldap_conf,
- \&write_pmg_ldap_conf);
+ \&write_pmg_ldap_conf,
+ undef,
+ always_call_parser => 1);
1;