[pve-devel] r4919 - pve-access-control/trunk
svn-commits at proxmox.com
svn-commits at proxmox.com
Wed Jul 21 10:28:19 CEST 2010
Author: dietmar
Date: 2010-07-21 08:28:19 +0000 (Wed, 21 Jul 2010)
New Revision: 4919
Modified:
pve-access-control/trunk/AccessControl.pm
pve-access-control/trunk/ChangeLog
pve-access-control/trunk/TODO
Log:
* AccessControl.pm (parse_domains): require base_dn for LDAP domains
(valid_attributes): renamed from valid_params to maintain conformity
Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm 2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/AccessControl.pm 2010-07-21 08:28:19 UTC (rev 4919)
@@ -505,11 +505,9 @@
filter => "$search",
attrs => ['dn']
);
+ die "no entries returned\n" if !$result->entries;
my @entries = $result->entries;
- my $res;
- foreach my $entr ( @entries ) {
- $res = $ldap->bind($entr->dn, password => $password);
- }
+ my $res = $ldap->bind($entries[0]->dn, password => $password);
my $code = $res->code();
my $err = $res->error;
@@ -954,7 +952,7 @@
ident => 1,
};
-my $valid_params = {
+my $valid_attributes = {
server => '[\w\d]+(.[\w\d]+)*',
base_dn => '\w+=[\w\s]+(,\s*\w+=[\w\s]+)*',
user_attr => '\S{2,}',
@@ -1304,18 +1302,18 @@
if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
my ($k, $v) = ($1, $3);
- if ($valid_params->{$k}) {
- if ($v =~ m/^$valid_params->{$k}$/) {
+ if ($valid_attributes->{$k}) {
+ if ($v =~ m/^$valid_attributes->{$k}$/) {
if (!defined($ad->{$k})) {
$ad->{$k} = $v;
} else {
- warn "ignoring duplicate parameter '$k $v'\n";
+ warn "ignoring duplicate attribute '$k $v'\n";
}
} else {
- warn "ignoring value '$v' for parameter '$k' - invalid format\n";
+ warn "ignoring value '$v' for attribute '$k' - invalid format\n";
}
} else {
- warn "ignoring parameter '$k' - not supported\n";
+ warn "ignoring attribute '$k' - not supported\n";
}
} else {
warn "ignore config line: $line\n";
@@ -1325,6 +1323,8 @@
warn "ignoring domain '$domains' - missing server attribute\n";
} elsif (($ad->{type} eq "LDAP") && (!$ad->{user_attr})) {
warn "ignoring domain '$domains' - missing user attribute\n";
+ } elsif (($ad->{type} eq "LDAP") && (!$ad->{base_dn})) {
+ warn "ignoring domain '$domains' - missing base_dn attribute\n";
} else {
push(@$connlist, $ad) if !$ignore;
}
Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog 2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/ChangeLog 2010-07-21 08:28:19 UTC (rev 4919)
@@ -1,3 +1,8 @@
+2010-07-21 Seth Lauzon <seth.lauzon at gmail.com>
+
+ * AccessControl.pm (parse_domains): require base_dn for LDAP domains
+ (valid_attributes): renamed from valid_params to maintain conformity
+
2010-07-19 Proxmox Support Team <support at proxmox.com>
* AccessControl.pm (authenticate_user_domain): always add timeout
Modified: pve-access-control/trunk/TODO
===================================================================
--- pve-access-control/trunk/TODO 2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/TODO 2010-07-21 08:28:19 UTC (rev 4919)
@@ -4,6 +4,8 @@
Recycle Code: Implement delete functionality into modify subroutines. Look for creative
ways to recycle code.
+Implement secure LDAP communications over SSL tunnel (i.e. LDAPS)
+
Implement some INotify Class to track config file changes. We need
something similar to PVE::Config (package pve-manager). I would
prefer some generic class which can be used from all PVE packages
More information about the pve-devel
mailing list