d/control: bump debhelper compat to >= 12

[pve-access-control.git] / PVE / Auth / AD.pm

diff --git a/PVE/Auth/AD.pm b/PVE/Auth/AD.pm
index 4f40be3736a6eb3734f0f9113662315157e0562a..88b2098355bd3d1bf9cfb32be6ea257083b891d1 100755 (executable)
--- a/PVE/Auth/AD.pm
+++ b/PVE/Auth/AD.pm
@@ -27,7 +27,7 @@ sub properties {
            maxLength => 256,
        },
        secure => {
-           description => "Use secure LDAPS protocol.",
+           description => "Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.",
            type => 'boolean',
            optional => 1,
        },
@@ -83,6 +83,7 @@ sub options {
        certkey => { optional => 1 },
        base_dn => { optional => 1 },
        bind_dn => { optional => 1 },
+       password => { optional => 1 },
        user_attr => { optional => 1 },
        filter => { optional => 1 },
        sync_attributes => { optional => 1 },
@@ -92,6 +93,8 @@ sub options {
        group_filter => { optional => 1 },
        group_classes => { optional => 1 },
        'sync-defaults-options' => { optional => 1 },
+       mode => { optional => 1 },
+       'case-sensitive' => { optional => 1 },
     };
 }
 
@@ -109,9 +112,7 @@ sub authenticate_user {
     my $servers = [$config->{server1}];
     push @$servers, $config->{server2} if $config->{server2};
 
-    my $default_port = $config->{secure} ? 636: 389;
-    my $port = $config->{port} // $default_port;
-    my $scheme = $config->{secure} ? 'ldaps' : 'ldap';
+    my ($scheme, $port) = $class->get_scheme_and_port($config);
 
     my %ad_args;
     if ($config->{verify}) {
@@ -129,7 +130,7 @@ sub authenticate_user {
        $ad_args{verify} = 'none';
     }
 
-    if ($config->{secure}) {
+    if ($scheme ne 'ldap') {
        $ad_args{sslversion} = $config->{sslversion} // 'tlsv1_2';
     }