[pmg-devel] [PATCH pmg-api 3/3] fix #1947: implement starttls for ldap
Dominik Csapak
d.csapak at proxmox.com
Wed Mar 13 15:17:08 CET 2019
adds a new mode 'ldap+starttls' that enables the start_tls after
connection
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
PMG/LDAPCache.pm | 14 ++++++++++++++
PMG/LDAPConfig.pm | 6 +++---
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/PMG/LDAPCache.pm b/PMG/LDAPCache.pm
index ca4aec9..567b5ea 100755
--- a/PMG/LDAPCache.pm
+++ b/PMG/LDAPCache.pm
@@ -374,6 +374,20 @@ sub ldap_connect_and_bind {
my $mesg;
+ if ($self->{mode} eq 'ldap+starttls') {
+ my $opts = {
+ verify => $self->{verify} ? 'require' : 'none',
+ };
+
+ if ($self->{cafile}) {
+ $opts->{cafile} = $self->{cafile};
+ } else {
+ $opts->{capath} = '/etc/ssl/certs/';
+ }
+
+ $ldap->start_tls(%$opts);
+ }
+
if ($self->{binddn}) {
$mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
} else {
diff --git a/PMG/LDAPConfig.pm b/PMG/LDAPConfig.pm
index 022749c..9e4fd9e 100644
--- a/PMG/LDAPConfig.pm
+++ b/PMG/LDAPConfig.pm
@@ -53,13 +53,13 @@ sub properties {
maxLength => 4096,
},
mode => {
- description => "LDAP protocol mode ('ldap' or 'ldaps').",
+ description => "LDAP protocol mode ('ldap', 'ldaps' or 'ldap+starttls').",
type => 'string',
- enum => ['ldap', 'ldaps'],
+ enum => ['ldap', 'ldaps', 'ldap+starttls'],
default => 'ldap',
},
verify => {
- description => "Verify server certificate. Only useful with ldaps.",
+ description => "Verify server certificate. Only useful with ldaps or ldap+starttls.",
type => 'boolean',
default => 0,
optional => 1,
--
2.11.0
More information about the pmg-devel
mailing list