[pve-devel] r4919 - pve-access-control/trunk

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Jul 21 10:28:19 CEST 2010


Author: dietmar
Date: 2010-07-21 08:28:19 +0000 (Wed, 21 Jul 2010)
New Revision: 4919

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/TODO
Log:
* AccessControl.pm (parse_domains): require base_dn for LDAP domains
	(valid_attributes): renamed from valid_params to maintain conformity


Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm	2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/AccessControl.pm	2010-07-21 08:28:19 UTC (rev 4919)
@@ -505,11 +505,9 @@
 				filter  => "$search",
 				attrs   => ['dn']
 				);
+    die "no entries returned\n" if !$result->entries;
     my @entries = $result->entries;
-    my $res;
-    foreach my $entr ( @entries ) {
-	$res = $ldap->bind($entr->dn, password => $password);
-    }
+    my $res = $ldap->bind($entries[0]->dn, password => $password);
 
     my $code = $res->code();
     my $err = $res->error;
@@ -954,7 +952,7 @@
     ident => 1, 
 };
 
-my $valid_params = {
+my $valid_attributes = {
     server => '[\w\d]+(.[\w\d]+)*',
     base_dn => '\w+=[\w\s]+(,\s*\w+=[\w\s]+)*',
     user_attr => '\S{2,}',
@@ -1304,18 +1302,18 @@
 
 		if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
 		    my ($k, $v) = ($1, $3);
-		    if ($valid_params->{$k}) {
-			if ($v =~ m/^$valid_params->{$k}$/) {
+		    if ($valid_attributes->{$k}) {
+			if ($v =~ m/^$valid_attributes->{$k}$/) {
 			    if (!defined($ad->{$k})) {
 				$ad->{$k} = $v;
 			    } else {
-				warn "ignoring duplicate parameter '$k $v'\n";
+				warn "ignoring duplicate attribute '$k $v'\n";
 			    }
 			} else {
-			    warn "ignoring value '$v' for parameter '$k' - invalid format\n";
+			    warn "ignoring value '$v' for attribute '$k' - invalid format\n";
 			}
 		    } else {
-			warn "ignoring parameter '$k' - not supported\n";
+			warn "ignoring attribute '$k' - not supported\n";
 		    }
 		} else {
 		    warn "ignore config line: $line\n";
@@ -1325,6 +1323,8 @@
 		warn "ignoring domain '$domains' - missing server attribute\n";
 	    } elsif (($ad->{type} eq "LDAP") && (!$ad->{user_attr})) {
 		warn "ignoring domain '$domains' - missing user attribute\n";
+	    } elsif (($ad->{type} eq "LDAP") && (!$ad->{base_dn})) {
+		warn "ignoring domain '$domains' - missing base_dn attribute\n";
 	    } else {
 	    push(@$connlist, $ad) if !$ignore;
 	    }

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/ChangeLog	2010-07-21 08:28:19 UTC (rev 4919)
@@ -1,3 +1,8 @@
+2010-07-21  Seth Lauzon <seth.lauzon at gmail.com>
+
+	* AccessControl.pm (parse_domains): require base_dn for LDAP domains
+	(valid_attributes): renamed from valid_params to maintain conformity
+
 2010-07-19  Proxmox Support Team  <support at proxmox.com>
 
 	* AccessControl.pm (authenticate_user_domain): always add timeout

Modified: pve-access-control/trunk/TODO
===================================================================
--- pve-access-control/trunk/TODO	2010-07-20 12:23:55 UTC (rev 4918)
+++ pve-access-control/trunk/TODO	2010-07-21 08:28:19 UTC (rev 4919)
@@ -4,6 +4,8 @@
 Recycle Code: Implement delete functionality into modify subroutines. Look for creative
     ways to recycle code.
 
+Implement secure LDAP communications over SSL tunnel (i.e. LDAPS)
+
 Implement some INotify Class to track config file changes. We need
    something similar to PVE::Config (package pve-manager). I would
    prefer some generic class which can be used from all PVE packages



More information about the pve-devel mailing list