use strict;
use warnings;
-use PVE::Auth::Plugin;
+use PVE::Auth::LDAP;
use PVE::LDAP;
-use base qw(PVE::Auth::Plugin);
+use base qw(PVE::Auth::LDAP);
sub type {
return 'ad';
maxLength => 256,
},
secure => {
- description => "Use secure LDAPS protocol.",
+ description => "Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.",
type => 'boolean',
optional => 1,
},
capath => { optional => 1 },
cert => { optional => 1 },
certkey => { optional => 1 },
+ base_dn => { optional => 1 },
+ bind_dn => { optional => 1 },
+ password => { optional => 1 },
+ user_attr => { optional => 1 },
+ filter => { optional => 1 },
+ sync_attributes => { optional => 1 },
+ user_classes => { optional => 1 },
+ group_dn => { optional => 1 },
+ group_name_attr => { optional => 1 },
+ group_filter => { optional => 1 },
+ group_classes => { optional => 1 },
+ 'sync-defaults-options' => { optional => 1 },
+ mode => { optional => 1 },
+ 'case-sensitive' => { optional => 1 },
};
}
+sub get_users {
+ my ($class, $config, $realm) = @_;
+
+ $config->{user_attr} //= 'sAMAccountName';
+
+ return $class->SUPER::get_users($config, $realm);
+}
+
sub authenticate_user {
my ($class, $config, $realm, $username, $password) = @_;
my $servers = [$config->{server1}];
push @$servers, $config->{server2} if $config->{server2};
- my $default_port = $config->{secure} ? 636: 389;
- my $port = $config->{port} // $default_port;
- my $scheme = $config->{secure} ? 'ldaps' : 'ldap';
+ my ($scheme, $port) = $class->get_scheme_and_port($config);
my %ad_args;
if ($config->{verify}) {
$ad_args{verify} = 'none';
}
- if ($config->{secure}) {
+ if ($scheme ne 'ldap') {
$ad_args{sslversion} = $config->{sslversion} // 'tlsv1_2';
}