From: Dominik Csapak <d.csapak@proxmox.com>
Date: Fri, 6 Mar 2020 10:05:41 +0000 (+0100)
Subject: Auth/LDAP: refactor out 'connect_and_bind'
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=30aad01788c03bb112353ceb619f671995ac5582

Auth/LDAP: refactor out 'connect_and_bind'

we will use this not only for authentication but also for
getting users/groups from LDAP

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---

diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index 0faa40a..5eef12c 100755
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -80,8 +80,8 @@ sub options {
     };
 }
 
-sub authenticate_user {
-    my ($class, $config, $realm, $username, $password) = @_;
+sub connect_and_bind {
+    my ($class, $config, $realm) = @_;
 
     my $servers = [$config->{server1}];
     push @$servers, $config->{server2} if $config->{server2};
@@ -122,6 +122,20 @@ sub authenticate_user {
     }
 
     PVE::LDAP::ldap_bind($ldap, $bind_dn, $bind_pass);
+
+    if (!$config->{base_dn}) {
+	my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
+	$config->{base_dn} = $root->get_value('defaultNamingContext');
+    }
+
+    return $ldap;
+}
+
+sub authenticate_user {
+    my ($class, $config, $realm, $username, $password) = @_;
+
+    my $ldap = $class->connect_and_bind($config, $realm);
+
     my $user_dn = PVE::LDAP::get_user_dn($ldap, $username, $config->{user_attr}, $config->{base_dn});
     PVE::LDAP::auth_user_dn($ldap, $user_dn, $password);