forked from proxmox-mirrors/proxmox
access: ldap check connection on creation and change
this commit makes the ldap realm endpoints check whether a new or updated configuration works correctly. it uses the new `check_connection` function to make sure that a configuration can be successfully used to connect to and query an ldap directory. doing so allows us to remove the ldap domain regex. instead of relying on a regex to make sure that a given distinguished name (dn) could be correct, we simply let the ldap directory tell us whether it accepts it. this should also aid with usability as a dn that looks correct could still be invalid. this also implicitly removes unauthenticated binds, since the new `check_connection` function does not support those. it will simply bail out of the check if a `bind_dn` but no password is configured. therefore, this is a breaking change. Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
parent
053e83c3c7
commit
f486f8485c
@ -1,8 +1,6 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox_schema::{
|
||||
api, const_regex, ApiStringFormat, ApiType, ArraySchema, Schema, StringSchema, Updater,
|
||||
};
|
||||
use proxmox_schema::{api, ApiStringFormat, ApiType, ArraySchema, Schema, StringSchema, Updater};
|
||||
|
||||
use super::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
|
||||
|
||||
@ -142,27 +140,7 @@ pub enum RemoveVanished {
|
||||
Properties,
|
||||
}
|
||||
|
||||
macro_rules! DOMAIN_PART_REGEX {
|
||||
() => {
|
||||
r#"("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])"#
|
||||
};
|
||||
}
|
||||
|
||||
const_regex! {
|
||||
pub LDAP_DOMAIN_REGEX = concat!(
|
||||
r#"^\w+="#,
|
||||
DOMAIN_PART_REGEX!(),
|
||||
r#"(,\s*\w+="#,
|
||||
DOMAIN_PART_REGEX!(),
|
||||
")*$"
|
||||
);
|
||||
}
|
||||
|
||||
pub const LDAP_DOMAIN_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&LDAP_DOMAIN_REGEX);
|
||||
|
||||
pub const LDAP_DOMAIN_SCHEMA: Schema = StringSchema::new("LDAP Domain")
|
||||
.format(&LDAP_DOMAIN_FORMAT)
|
||||
.schema();
|
||||
pub const LDAP_DOMAIN_SCHEMA: Schema = StringSchema::new("LDAP Domain").schema();
|
||||
|
||||
pub const SYNC_DEFAULTS_STRING_SCHEMA: Schema = StringSchema::new("sync defaults options")
|
||||
.format(&ApiStringFormat::PropertyString(
|
||||
|
Loading…
Reference in New Issue
Block a user