proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-07-15 10:25:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Auth/AD: make PVE::Auth::AD a subclass of PVE::Auth::LDAP

Browse Source 
this makes it much easier to reuse the sync code from LDAP in AD.
The 'authenticate_user' sub is still the same, but we now
can still use the get_users and get_groups functionality of LDAP

in the case of AD, the user_attr is optional in the config
(would have been a breaking change) but we set it
to default to 'sAMAccountName'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-03-13 13:18:46 +01:00 committed by Thomas Lamprecht
parent 2c6e956e0a
commit e65b53c6a9
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
PVE/Auth/AD.pm
View File

@ -2,10 +2,10 @@ package PVE::Auth::AD;
use strict;
use warnings;
use PVE::Auth::Plugin;
use PVE::Auth::LDAP;
use PVE::LDAP;
use base qw(PVE::Auth::Plugin);
use base qw(PVE::Auth::LDAP);
sub type {
return 'ad';
@ -81,9 +81,27 @@ sub options {
capath => { optional => 1 },
cert => { optional => 1 },
certkey => { optional => 1 },
base_dn => { optional => 1 },
bind_dn => { optional => 1 },
user_attr => { optional => 1 },
filter => { optional => 1 },
sync_attributes => { optional => 1 },
user_classes => { optional => 1 },
group_dn => { optional => 1 },
group_name_attr => { optional => 1 },
group_filter => { optional => 1 },
group_classes => { optional => 1 },
};
}
sub get_users {
my ($class, $config, $realm) = @_;
$config->{user_attr} //= 'sAMAccountName';
return $class->SUPER::get_users($config, $realm);
}
sub authenticate_user {
my ($class, $config, $realm, $username, $password) = @_;