From b183e7612e185f1fee36a6b6dbcf2ead4fc3c925 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 20 Mar 2017 08:42:07 +0100 Subject: [PATCH] test LDAP connection before adding entries --- PMG/API2/LDAP.pm | 21 +++++++++++++++++++ PMG/LDAPCache.pm | 52 +++++++++++++++++++++++++++--------------------- 2 files changed, 50 insertions(+), 23 deletions(-) diff --git a/PMG/API2/LDAP.pm b/PMG/API2/LDAP.pm index af02cf5..15cfdf7 100644 --- a/PMG/API2/LDAP.pm +++ b/PMG/API2/LDAP.pm @@ -13,6 +13,7 @@ use PVE::RESTHandler; use PVE::INotify; use PMG::LDAPConfig; +use PMG::LDAPCache; use base qw(PVE::RESTHandler); @@ -100,6 +101,16 @@ __PACKAGE__->register_method ({ $ids->{$section} = $config; + if (!$config->{disable}) { + + # test ldap bind + + my $ldapcache = PMG::LDAPCache->new( + id => $section, syncmode => 1, %$config); + + $ldapcache->ldap_connect_and_bind(); + } + PVE::INotify::write_file($ldapconfigfile, $cfg); }; @@ -179,6 +190,16 @@ __PACKAGE__->register_method ({ $ids->{$section}->{$p} = $config->{$p}; } + if (!$config->{disable}) { + + # test ldap bind + + my $ldapcache = PMG::LDAPCache->new( + id => $section, syncmode => 1, %$config); + + $ldapcache->ldap_connect_and_bind(); + } + PVE::INotify::write_file($ldapconfigfile, $cfg); }; diff --git a/PMG/LDAPCache.pm b/PMG/LDAPCache.pm index 7448817..e2e9192 100755 --- a/PMG/LDAPCache.pm +++ b/PMG/LDAPCache.pm @@ -344,6 +344,30 @@ sub ldap_connect { return $ldap; } +sub ldap_connect_and_bind { + my ($self) = @_; + + my $ldap = $self->ldap_connect() || + die "Can't bind to ldap server '$self->{id}': $!\n"; + + my $mesg; + + if ($self->{binddn}) { + $mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw}); + } else { + $mesg = $ldap->bind(); # anonymous bind + } + + die "ldap bind failed: " . $mesg->error . "\n" if $mesg->code; + + if (!$self->{basedn}) { + my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]); + $self->{basedn} = $root->get_value('defaultNamingContext'); + } + + return $ldap; +} + sub sync_database { my ($self) = @_; @@ -354,35 +378,15 @@ sub sync_database { syslog('info', "syncing ldap database '$self->{id}'"); - my $ldap = $self->ldap_connect(); - - if (!$ldap) { - my $err = "Can't bind to ldap server '$self->{id}': $!"; - $self->{errors} .= "$err\n"; - syslog('err', $err); - return; - } - - my $mesg; - - if ($self->{binddn}) { - $mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw}); - } else { - $mesg = $ldap->bind(); # anonymous bind - } + my $ldap; - if ($mesg->code) { - my $err = "ldap bind failed: " . $mesg->error; + eval { $ldap = $self->ldap_connect_and_bind(); }; + if (my $err = $@) { $self->{errors} .= "$err\n"; syslog('err', $err); return; } - if (!$self->{basedn}) { - my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]); - $self->{basedn} = $root->get_value('defaultNamingContext'); - } - # open temporary database files my $olddbh = {}; @@ -473,6 +477,8 @@ sub sync_database { $self->{gcount} = $self->{dbstat}->{groups}->{idcount}; $self->{ucount} = __count_entries($self->{dbstat}->{accounts}->{dbh}); $self->{mcount} = __count_entries($self->{dbstat}->{mails}->{dbh}); + + syslog('info', "ldap sync '$self->{id}' successful ($self->{mcount})"); } } } -- 2.39.5