PMG/RuleDB/LDAP.pm: verify parameters

diff --git a/PMG/LDAPCache.pm b/PMG/LDAPCache.pm
index 13a89c6e6aabd0a6a9452b394c492f4a80fbb174..4ddb43da153045e5f38efe87f2a5902dd5847a8e 100755 (executable)
--- a/PMG/LDAPCache.pm
+++ b/PMG/LDAPCache.pm
@@ -672,6 +672,17 @@ sub account_exists {
     return $res;
 }
 
+sub group_exists {
+    my ($self, $group) = @_;
+
+    my $dbh = $self->{dbstat}->{groups}->{dbh};
+    return 0 if !$dbh;
+
+    my $res;
+    $dbh->get($group, $res);
+    return $res;
+}
+
 sub account_has_address {
     my ($self, $account, $mail) = @_;
 

diff --git a/PMG/RuleDB/LDAP.pm b/PMG/RuleDB/LDAP.pm
index cbda3fe366631e1cc604c7f186f3c61acd5b6bc0..19284ced348e84ae15d580aac781b9d03992c2c3 100644 (file)
--- a/PMG/RuleDB/LDAP.pm
+++ b/PMG/RuleDB/LDAP.pm
@@ -194,6 +194,20 @@ sub update {
 
     my $mode = $param->{mode};
 
+    if (defined(my $profile = $param->{profile})) {
+       my $cfg = PVE::INotify::read_file("pmg-ldap.conf");
+       my $config = $cfg->{ids}->{$profile};
+       die "LDAP profile '$profile' does not exist\n" if !$config;
+
+       if (defined(my $group = $param->{group})) {
+           my $ldapcache = PMG::LDAPCache->new(
+               id => $profile, syncmode => 1, %$config);
+
+           die "LDAP group '$group' does not exist\n"
+               if !$ldapcache->group_exists($group);
+       }
+    }
+
     if ($mode eq 'any') {
        raise_param_exc({ group => "paramater not allwed with mode '$mode'"})
            if defined($param->{group});