e1161b64e131c1bebc85dfaef37435638f0b6ad8
1 package PVE
::Auth
::LDAP
;
9 use base
qw(PVE::Auth::Plugin);
18 description
=> "LDAP base domain name",
20 pattern
=> '\w+=[^,]+(,\s*\w+=[^,]+)*',
25 description
=> "LDAP user attribute name",
37 server2
=> { optional
=> 1 },
40 port
=> { optional
=> 1 },
41 secure
=> { optional
=> 1 },
42 default => { optional
=> 1 },
43 comment
=> { optional
=> 1 },
44 tfa
=> { optional
=> 1 },
48 my $authenticate_user_ldap = sub {
49 my ($config, $server, $username, $password) = @_;
51 my $default_port = $config->{secure
} ?
636: 389;
52 my $port = $config->{port
} ?
$config->{port
} : $default_port;
53 my $scheme = $config->{secure
} ?
'ldaps' : 'ldap';
54 $server = "[$server]" if Net
::IP
::ip_is_ipv6
($server);
55 my $conn_string = "$scheme://${server}:$port";
57 my $ldap = Net
::LDAP-
>new($conn_string, verify
=> 'none') || die "$@\n";
58 my $search = $config->{user_attr
} . "=" . $username;
59 my $result = $ldap->search( base
=> "$config->{base_dn}",
64 die "no entries returned\n" if !$result->entries;
65 my @entries = $result->entries;
66 my $res = $ldap->bind($entries[0]->dn, password
=> $password);
68 my $code = $res->code();
69 my $err = $res->error;
73 die "$err\n" if ($code);
76 sub authenticate_user
{
77 my ($class, $config, $realm, $username, $password) = @_;
79 eval { &$authenticate_user_ldap($config, $config->{server1
}, $username, $password); };
82 die $err if !$config->{server2
};
83 &$authenticate_user_ldap($config, $config->{server2
}, $username, $password);