From: Christoph Heiss <c.heiss@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH access-control v2 2/3] ldap: add opt-in `check-connection` param to perform a bind check
Date: Thu, 10 Aug 2023 10:35:14 +0200 [thread overview]
Message-ID: <4rsergs6kzodeqxtd5ztxmvr2opzzrrh4nnpt3iysotol2gztr@v2scx4ajllge> (raw)
In-Reply-To: <vlee3iojdvonzacdwxqdqzasebygvtjv5spmak4i2b6a55o5h6@an77rdazaiqb>
On Thu, Aug 10, 2023 at 09:55:51AM +0200, Wolfgang Bumiller wrote:
> On Tue, Aug 01, 2023 at 02:37:18PM +0200, Christoph Heiss wrote:
[..]
> > @@ -137,7 +131,13 @@ sub properties {
> > type => 'boolean',
> > optional => 1,
> > default => 1,
> > - }
> > + },
> > + 'check-connection' => {
> > + description => 'Check bind connection to LDAP server.',
> > + type => 'boolean',
> > + optional => 1,
> > + default => 0,
> > + },
>
> While there's special handling for how we store the password, this
> schema here should still actually describe the stored config.
> Since this is a parameter specifically for the add/update API methods we
> should declare it in those functions as parameter.
>
> Some of our methods to get schemas have an optional hash parameter to
> include an extra set of base properties in its returned contents (see
> `get_standard_option` as an example), but `createSchema` and
> `updateSchema` do not.
Right, I was unsure anyway if this was the right way anyway to add this,
at least I did not see any other way - that explains why :^)
>
> We could either add this, or, since this is currently only required
> once, just move the `{create,update}Schema` calls over the
> `register_method()` calls and modify them right there before use...
> Since this series already touches pve-common, I have a *slight*
> preference to extending the `create/updateSchema` subs in
> `PVE::SectionConfig`,
Seems like the right thing - I'd also rather do it properly once than to
introduce a hack that sticks around ..
> although AFAICT the common patch does not strictly
> require a dependency bump inside pve-access-control as it mostly about
> how errors are presented to end-users (?), so either way is fine with
Exactly, the changes in pve-common are purely cosmectic.
> me. If we update the SectionConfig we'll definitely need a versioned
> dependency bump.
If it's OK for you I will go this route, extending
{create,update}Schema() as needed for this, in the same way
get_standard_option() works.
next prev parent reply other threads:[~2023-08-10 8:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-01 12:37 [pve-devel] [PATCH common/access-control/manager v2 0/3] ldap: check bind connection on realm add/update Christoph Heiss
2023-08-01 12:37 ` [pve-devel] [PATCH common v2 1/3] ldap: handle errors explicitly everywhere instead of simply `die`ing Christoph Heiss
2023-08-01 12:37 ` [pve-devel] [PATCH access-control v2 2/3] ldap: add opt-in `check-connection` param to perform a bind check Christoph Heiss
2023-08-10 7:55 ` Wolfgang Bumiller
2023-08-10 8:35 ` Christoph Heiss [this message]
2023-08-10 8:49 ` Wolfgang Bumiller
2023-08-01 12:37 ` [pve-devel] [PATCH manager v2 3/3] ui: ldap: add 'Check connection' checkbox as advanced option Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4rsergs6kzodeqxtd5ztxmvr2opzzrrh4nnpt3iysotol2gztr@v2scx4ajllge \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.