From: Christoph Heiss <c.heiss@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH proxmox-backup 03/12] api-types: implement `LdapMode` -> `ConnectionMode` conversion
Date: Mon, 14 Aug 2023 11:40:10 +0200 [thread overview]
Message-ID: <rq6ayecmxtpjqhiey6mphdbui4wn6lppimagi4mezmzumkwinh@qbrbi54hmtiq> (raw)
In-Reply-To: <25eohhxnkmqyeagjnzqa7is7cuziud7sjk4at6oah2mokpt66x@4vznehpsv6nl>
Thanks for the review!
On Fri, Aug 11, 2023 at 12:36:41PM +0200, Wolfgang Bumiller wrote:
>
> On Tue, Aug 08, 2023 at 02:22:05PM +0200, Christoph Heiss wrote:
> > No functional changes.
> >
> > Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> > ---
> > pbs-api-types/Cargo.toml | 1 +
> > pbs-api-types/src/ldap.rs | 11 +++++++++++
> > src/auth.rs | 12 +++---------
> > 3 files changed, 15 insertions(+), 9 deletions(-)
> >
> > diff --git a/pbs-api-types/Cargo.toml b/pbs-api-types/Cargo.toml
> > index 31b69f62..cb584cb5 100644
> > --- a/pbs-api-types/Cargo.toml
> > +++ b/pbs-api-types/Cargo.toml
> > @@ -17,6 +17,7 @@ serde_plain.workspace = true
> > proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
> > proxmox-human-byte.workspace = true
> > proxmox-lang.workspace=true
> > +proxmox-ldap.workspace = true
>
> The api type crate should strive to be somewhat lightweight, as it will
> also end up being used in with wasm at some point where we definitely
> can't pull this in.
>
> If it really makes sense to have this locally, it should be
> feature-guarded.
Ack, I'll drop this then and go with a simple, local function in
src/auth.rs instead. It is only needed in two places there anyway, and
the feature-gating isn't worth it just to be able to use `.into()` in
two places IMO ..
>
> > proxmox-schema = { workspace = true, features = [ "api-macro" ] }
> > proxmox-serde.workspace = true
> > proxmox-time.workspace = true
> > diff --git a/pbs-api-types/src/ldap.rs b/pbs-api-types/src/ldap.rs
> > index f3df90a0..e1f7c452 100644
> > --- a/pbs-api-types/src/ldap.rs
> > +++ b/pbs-api-types/src/ldap.rs
> > @@ -1,5 +1,6 @@
> > use serde::{Deserialize, Serialize};
> >
> > +use proxmox_ldap::ConnectionMode;
> > use proxmox_schema::{api, ApiStringFormat, ApiType, ArraySchema, Schema, StringSchema, Updater};
> >
> > use super::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
> > @@ -20,6 +21,16 @@ pub enum LdapMode {
> > Ldaps,
> > }
> >
> > +impl From<LdapMode> for ConnectionMode {
> > + fn from(value: LdapMode) -> ConnectionMode {
> > + match value {
> > + LdapMode::Ldap => ConnectionMode::Ldap,
> > + LdapMode::StartTls => ConnectionMode::StartTls,
> > + LdapMode::Ldaps => ConnectionMode::Ldaps,
> > + }
> > + }
> > +}
> > +
> > #[api(
> > properties: {
> > "realm": {
> > diff --git a/src/auth.rs b/src/auth.rs
> > index 318d1ff2..e375ebc4 100644
> > --- a/src/auth.rs
> > +++ b/src/auth.rs
> > @@ -16,10 +16,10 @@ use proxmox_auth_api::api::{Authenticator, LockedTfaConfig};
> > use proxmox_auth_api::ticket::{Empty, Ticket};
> > use proxmox_auth_api::types::Authid;
> > use proxmox_auth_api::Keyring;
> > -use proxmox_ldap::{Config, Connection, ConnectionMode};
> > +use proxmox_ldap::{Config, Connection};
> > use proxmox_tfa::api::{OpenUserChallengeData, TfaConfig};
> >
> > -use pbs_api_types::{LdapMode, LdapRealmConfig, OpenIdRealmConfig, RealmRef, Userid, UsernameRef};
> > +use pbs_api_types::{LdapRealmConfig, OpenIdRealmConfig, RealmRef, Userid, UsernameRef};
> > use pbs_buildcfg::configdir;
> >
> > use crate::auth_helpers;
> > @@ -185,12 +185,6 @@ impl LdapAuthenticator {
> > servers.push(server.clone());
> > }
> >
> > - let tls_mode = match config.mode.unwrap_or_default() {
> > - LdapMode::Ldap => ConnectionMode::Ldap,
> > - LdapMode::StartTls => ConnectionMode::StartTls,
> > - LdapMode::Ldaps => ConnectionMode::Ldaps,
> > - };
> > -
> > let (ca_store, trusted_cert) = if let Some(capath) = config.capath.as_deref() {
> > let path = PathBuf::from(capath);
> > if path.is_dir() {
> > @@ -209,7 +203,7 @@ impl LdapAuthenticator {
> > base_dn: config.base_dn.clone(),
> > bind_dn: config.bind_dn.clone(),
> > bind_password: password,
> > - tls_mode,
> > + tls_mode: config.mode.unwrap_or_default().into(),
> > verify_certificate: config.verify.unwrap_or_default(),
> > additional_trusted_certificates: trusted_cert,
> > certificate_store_path: ca_store,
> > --
> > 2.41.0
next prev parent reply other threads:[~2023-08-14 9:40 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 12:22 [pbs-devel] [PATCH proxmox/proxmox-backup/pwt 0/12] add Active Directory realm support Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox 01/12] ldap: add method for retrieving root DSE attributes Christoph Heiss
2023-08-11 10:29 ` Wolfgang Bumiller
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox 02/12] auth-api: implement `Display` for `Realm{, Ref}` Christoph Heiss
2023-08-11 10:32 ` Wolfgang Bumiller
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 03/12] api-types: implement `LdapMode` -> `ConnectionMode` conversion Christoph Heiss
2023-08-11 10:36 ` Wolfgang Bumiller
2023-08-14 9:40 ` Christoph Heiss [this message]
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 04/12] auth: factor out CA store and cert lookup into own function Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 05/12] api-types: implement `Display`, `FromStr` for `RealmType` Christoph Heiss
2023-08-11 10:58 ` Wolfgang Bumiller
2023-08-14 9:40 ` Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 06/12] realm sync: generic-ify `LdapSyncSettings` and `GeneralSyncSettings` Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 07/12] api: access: add routes for managing AD realms Christoph Heiss
2023-08-09 10:12 ` Lukas Wagner
2023-08-09 10:54 ` Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 08/12] config: domains: add new "ad" section type for " Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 09/12] realm sync: add sync job " Christoph Heiss
2023-08-09 10:12 ` Lukas Wagner
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 10/12] manager: add subcommand for managing " Christoph Heiss
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-backup 11/12] docs: user-management: add section about AD realm support Christoph Heiss
2023-08-09 10:12 ` Lukas Wagner
2023-08-08 12:22 ` [pbs-devel] [PATCH proxmox-widget-toolkit 12/12] window: add Active Directory auth panel Christoph Heiss
2023-08-09 10:13 ` Lukas Wagner
2023-08-09 10:57 ` Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=rq6ayecmxtpjqhiey6mphdbui4wn6lppimagi4mezmzumkwinh@qbrbi54hmtiq \
--to=c.heiss@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.