[pve-devel] applied: [PATCH access-control 5/9] Auth/LDAP: refactor out 'connect_and_bind'

Thomas Lamprecht t.lamprecht at proxmox.com
Sat Mar 7 19:54:51 CET 2020


On 3/6/20 11:05 AM, Dominik Csapak wrote:
> we will use this not only for authentication but also for
> getting users/groups from LDAP
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/Auth/LDAP.pm | 18 ++++++++++++++++--
>  1 file changed, 16 insertions(+), 2 deletions(-)
> 
> diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
> index 0faa40a..5eef12c 100755
> --- a/PVE/Auth/LDAP.pm
> +++ b/PVE/Auth/LDAP.pm
> @@ -80,8 +80,8 @@ sub options {
>      };
>  }
>  
> -sub authenticate_user {
> -    my ($class, $config, $realm, $username, $password) = @_;
> +sub connect_and_bind {
> +    my ($class, $config, $realm) = @_;
>  
>      my $servers = [$config->{server1}];
>      push @$servers, $config->{server2} if $config->{server2};
> @@ -122,6 +122,20 @@ sub authenticate_user {
>      }
>  
>      PVE::LDAP::ldap_bind($ldap, $bind_dn, $bind_pass);
> +
> +    if (!$config->{base_dn}) {
> +	my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
> +	$config->{base_dn} = $root->get_value('defaultNamingContext');
> +    }
> +
> +    return $ldap;
> +}
> +
> +sub authenticate_user {
> +    my ($class, $config, $realm, $username, $password) = @_;
> +
> +    my $ldap = $class->connect_and_bind($config, $realm);
> +
>      my $user_dn = PVE::LDAP::get_user_dn($ldap, $username, $config->{user_attr}, $config->{base_dn});
>      PVE::LDAP::auth_user_dn($ldap, $user_dn, $password);
>  
> 

applied




More information about the pve-devel mailing list