This allows us to have a convenient way to set the desired default
sync options, and thus not forcing users to pass always all options
when they want to trigger a sync.
We still die when an option is neither specified in the domains
(realm) config nor as API/CLI parameter.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this makes it much easier to reuse the sync code from LDAP in AD.
The 'authenticate_user' sub is still the same, but we now
can still use the get_users and get_groups functionality of LDAP
in the case of AD, the user_attr is optional in the config
(would have been a breaking change) but we set it
to default to 'sAMAccountName'
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this adds the subs which actually query the LDAP for users/groups
and returns the value in format which makes it easy to insert
in our parsed user.cfg
when we find a user/groupname which cannot be in our config,
we warn the verification error
for groups, we append "-$realm" to the groupname, to lower the chance of
accidental overwriting of existing groups (this will be documented
in the api call since it technically does not prevent overwriting, just
makes it more unlikely)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
for syncing users/groups from ldap, we need some more options
so that the users can adapt it to their LDAP setup, which are very
different accross systems.
sensible defaults are documented
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this was missing and lead to 'use of unitialized value $realm...'
and a not working second server if a bindpw was defined
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This adds 4 more options to the ldap authentication method:
verify: boolean
If enabled, the server certificate must be valid
capath: path to a file or directory
The CA to use to verify the server certificate. Used only
if 'verify' is true.
cert: path to a certificate
Used as client certificate when connecting to a server,
provided 'secure' is true. Requires 'certkey' to be set.
certkey: path to the certificate's key
Required only used when 'cert' is used.
