[pve-devel] [PATCH access-control v2 2/3] ldap: add opt-in `check-connection` param to perform a bind check

Christoph Heiss c.heiss at proxmox.com
Thu Aug 10 10:35:14 CEST 2023 

On Thu, Aug 10, 2023 at 09:55:51AM +0200, Wolfgang Bumiller wrote:
> On Tue, Aug 01, 2023 at 02:37:18PM +0200, Christoph Heiss wrote:
[..]
> > @@ -137,7 +131,13 @@ sub properties {
> >  	    type => 'boolean',
> >  	    optional => 1,
> >  	    default => 1,
> > -	}
> > +	},
> > +	'check-connection' => {
> > +	    description => 'Check bind connection to LDAP server.',
> > +	    type => 'boolean',
> > +	    optional => 1,
> > +	    default => 0,
> > +	},
>
> While there's special handling for how we store the password, this
> schema here should still actually describe the stored config.
> Since this is a parameter specifically for the add/update API methods we
> should declare it in those functions as parameter.
>
> Some of our methods to get schemas have an optional hash parameter to
> include an extra set of base properties in its returned contents (see
> `get_standard_option` as an example), but `createSchema` and
> `updateSchema` do not.
Right, I was unsure anyway if this was the right way anyway to add this,
at least I did not see any other way - that explains why :^)

>
> We could either add this, or, since this is currently only required
> once, just move the `{create,update}Schema` calls over the
> `register_method()` calls and modify them right there before use...
> Since this series already touches pve-common, I have a *slight*
> preference to extending the `create/updateSchema` subs in
> `PVE::SectionConfig`,
Seems like the right thing - I'd also rather do it properly once than to
introduce a hack that sticks around ..

> although AFAICT the common patch does not strictly
> require a dependency bump inside pve-access-control as it mostly about
> how errors are presented to end-users (?), so either way is fine with
Exactly, the changes in pve-common are purely cosmectic.

> me. If we update the SectionConfig we'll definitely need a versioned
> dependency bump.
If it's OK for you I will go this route, extending
{create,update}Schema() as needed for this, in the same way
get_standard_option() works.

More information about the pve-devel mailing list