git.proxmox.com Git - pve-access-control.git/commit

author	Christoph Heiss <c.heiss@proxmox.com>
	Thu, 10 Aug 2023 12:37:07 +0000 (14:37 +0200)
committer	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Fri, 11 Aug 2023 11:31:40 +0000 (13:31 +0200)
commit	fbb1fa448f03204e530a7a160e7d9378282e957a
tree	d7fe80bf00b576a338be63f5d4ac48a43a761891	tree
parent	9ac31bc6d36d284639532eddc302facd9d74818e	commit \| diff

ldap: add opt-in `check-connection` param to perform a bind check

Removes the dreaded DN regex, instead introducing a optional
connect/bind check on creation/update, aligning it with the way PBS does
it.

Additionally, it has the benefit that instead of letting a sync fail on
the first try due to e.g. bad bind credentials, it gives the user some
direct feedback when trying to add/update a LDAP realm, if enabled.

Should be rather a corner case, but it's the easiest way for us to
accomodate and the most versatile for users needing this.

This is part of the result of a previous discussion [0], and the same
approach is already implemented for PBS [1].

[0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html
[1] https://lists.proxmox.com/pipermail/pbs-devel/2023-June/006237.html

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>

src/PVE/API2/Domains.pm		diff \| blob \| blame \| history
src/PVE/Auth/LDAP.pm		diff \| blob \| blame \| history
src/PVE/Auth/Plugin.pm		diff \| blob \| blame \| history