[pmg-devel] [PATCH pmg-api] fix #2661: reintroduce LDAPCache->ldap_connect
Stoiko Ivanov
s.ivanov at proxmox.com
Fri Apr 3 13:58:40 CEST 2020
Thanks for finding and fixing this so quickly!
The patch works and makes sense to me.
one (unrelated) stylistic nit below, which is only a matter of taste
looked quickly through the code and use and tested it in my setup:
Reviewed-By: Stoiko Ivanov <s.ivanov at proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov at proxmox.com>
On Fri, Apr 03, 2020 at 09:16:27AM +0200, Dominik Csapak wrote:
> this was removed and integrated into ldap_connect_and_bind, but
> we used it outside in LDAPSet.pm
>
> so reintroduce it again
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> src/PMG/LDAPCache.pm | 54 ++++++++++++++++++++++++--------------------
> 1 file changed, 30 insertions(+), 24 deletions(-)
>
> diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm
> index 987f8bc..3045c27 100755
> --- a/src/PMG/LDAPCache.pm
> +++ b/src/PMG/LDAPCache.pm
> @@ -248,33 +248,39 @@ sub querygroups {
> }
> }
>
> +sub ldap_connect {
> + my ($self) = @_;
> +
> + my $hosts = [ $self->{server1} ];
> + push @$hosts, $self->{server2} if $self->{server2};
> +
> + my $opts = {};
> + my $scheme = $self->{mode};
> +
> + if ($scheme eq 'ldaps') {
> + $opts->{verify} = 'require' if $self->{verify};
> + if ($self->{cafile}) {
> + $opts->{cafile} = $self->{cafile};
> + } else {
> + $opts->{capath} = '/etc/ssl/certs/';
> + }
> + } elsif ($self->{mode} eq 'ldap+starttls') {
> + $opts->{verify} = $self->{verify} ? 'require' : 'none';
> +
> + if ($self->{cafile}) {
> + $opts->{cafile} = $self->{cafile};
> + } else {
> + $opts->{capath} = '/etc/ssl/certs/';
> + }
> + }
not introduced by your patch - but why not make the condition
($scheme eq 'ldaps' || $scheme eq 'ldap+starttls')
set the common parameters and only set the verify individually?
(more a question of curiosity than a suggestion for changing it)
> +
> + return PVE::LDAP::ldap_connect($hosts, $scheme, $self->{port}, $opts);
> +}
> +
> sub ldap_connect_and_bind {
> my ($self) = @_;
>
> - my $hosts = [ $self->{server1} ];
> - push @$hosts, $self->{server2} if $self->{server2};
> -
> - my $opts = {};
> - my $scheme = $self->{mode};
> -
> - if ($scheme eq 'ldaps') {
> - $opts->{verify} = 'require' if $self->{verify};
> - if ($self->{cafile}) {
> - $opts->{cafile} = $self->{cafile};
> - } else {
> - $opts->{capath} = '/etc/ssl/certs/';
> - }
> - } elsif ($self->{mode} eq 'ldap+starttls') {
> - $opts->{verify} = $self->{verify} ? 'require' : 'none';
> -
> - if ($self->{cafile}) {
> - $opts->{cafile} = $self->{cafile};
> - } else {
> - $opts->{capath} = '/etc/ssl/certs/';
> - }
> - }
> -
> - my $ldap = eval { PVE::LDAP::ldap_connect($hosts, $scheme, $self->{port}, $opts) };
> + my $ldap = eval { $self->ldap_connect() };
> die "Can't bind to ldap server '$self->{id}': " . ($@) . "\n" if $@;
>
> my $dn;
> --
> 2.20.1
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
More information about the pmg-devel
mailing list