From: Dominik Csapak <d.csapak@proxmox.com>
Date: Fri, 13 Mar 2020 12:18:46 +0000 (+0100)
Subject: Auth/AD: make PVE::Auth::AD a subclass of PVE::Auth::LDAP
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=e65b53c6a9039e6e1665903e2128d8ac25268e2a

Auth/AD: make PVE::Auth::AD a subclass of PVE::Auth::LDAP

this makes it much easier to reuse the sync code from LDAP in AD.
The 'authenticate_user' sub is still the same, but we now
can still use the get_users and get_groups functionality of LDAP

in the case of AD, the user_attr is optional in the config
(would have been a breaking change) but we set it
to default to 'sAMAccountName'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---

diff --git a/PVE/Auth/AD.pm b/PVE/Auth/AD.pm
index 06fac9d..3b88db4 100755
--- a/PVE/Auth/AD.pm
+++ b/PVE/Auth/AD.pm
@@ -2,10 +2,10 @@ package PVE::Auth::AD;
 
 use strict;
 use warnings;
-use PVE::Auth::Plugin;
+use PVE::Auth::LDAP;
 use PVE::LDAP;
 
-use base qw(PVE::Auth::Plugin);
+use base qw(PVE::Auth::LDAP);
 
 sub type {
     return 'ad';
@@ -81,9 +81,27 @@ sub options {
 	capath => { optional => 1 },
 	cert => { optional => 1 },
 	certkey => { optional => 1 },
+	base_dn => { optional => 1 },
+	bind_dn => { optional => 1 },
+	user_attr => { optional => 1 },
+	filter => { optional => 1 },
+	sync_attributes => { optional => 1 },
+	user_classes => { optional => 1 },
+	group_dn => { optional => 1 },
+	group_name_attr => { optional => 1 },
+	group_filter => { optional => 1 },
+	group_classes => { optional => 1 },
     };
 }
 
+sub get_users {
+    my ($class, $config, $realm) = @_;
+
+    $config->{user_attr} //= 'sAMAccountName';
+
+    return $class->SUPER::get_users($config, $realm);
+}
+
 sub authenticate_user {
     my ($class, $config, $realm, $username, $password) = @_;