[pbs-devel] [PATCH proxmox-backup 05/17] auth: add LDAP module

Lukas Wagner l.wagner at proxmox.com
Mon Jan 9 11:52:46 CET 2023



On 1/4/23 14:23, Wolfgang Bumiller wrote:
>> +#[derive(PartialEq, Eq)]
>> +/// LDAP connection security
>> +pub enum LdapConnectionMode {
> Is there any particular reason to not just reuse the API type?
> 
>> +    /// unencrypted connection
>> +    Ldap,
>> +    /// upgrade to TLS via STARTTLS
>> +    StartTls,
>> +    /// TLS via LDAPS
>> +    Ldaps,
>> +}
>> +
>> +/// Configuration for LDAP connections
>> +pub struct LdapConfig {
> Same here, you could just reference the api config?
> 

As mentioned in the commit message, the main rationale behind this decision
was decoupling this module from the rest of the system.
I did this with the thought in mind that `src/server/ldap.rs` could be
promoted to be its own crate, in case the we want to reuse the implementation
somewhere else. Our `proxmox-openid` crate seems to do the same thing, configuration-wise:
It provides its own configuration structs, and in the products using it, e.g. PBS, there
are adapters in place that map API-type -> OpenID-Config.

Maybe premature optmization^Wrefactoring, but at the time of writing this code
it seemed a good choice to me.


-- 
- Lukas





More information about the pbs-devel mailing list