Search results

Hi Dominik, So I checked with the SecureLDAP team - they confirmed that querying the list of users should be possible using just the certificate files. (They referred to it as a service bind, not sure if this is the official term). This correlates with what I saw with using ldapsearch as well...

I can confirm that the patch fixes the issue for me. I was able to apply the patch manually, by doing a git checkout on https://git.proxmox.com/?p=pve-access-control.git;a=summary, then manually copying the file over to /usr/share/perl5/PVE/Auth/LDAP.pm However, I also had to remove the...

Thanks Dominik for checking! I do have bind_dn and the password set. I am pretty sure they are set correctly, as I can run the below command: # pveum realm sync anguslab.io --dry-run --full --purge --scope both and it returns a list of users in the domain. These are the corresponding entries...

Dominik - I just sent you a reset password - let me know if you didn't get it. For the Proxmox server - I do have bind_dn set now in /etc/pve/domains.cfg: pam: pam comment Linux PAM standard authentication ldap: example.io base_dn dc=example,dc=io bind_dn...

Of course! Here is the output from pveversion -v: # pveversion -v proxmox-ve: 6.1-2 (running kernel: 5.3.18-3-pve) pve-manager: 6.1-11 (running version: 6.1-11/f2f18736) pve-kernel-helper: 6.1-9 pve-kernel-5.3: 6.1-6 pve-kernel-5.3.18-3-pve: 5.3.18-3 pve-kernel-5.3.10-1-pve: 5.3.10-1 ceph...

OK - I've confirmed that using an anonymous bind does return a list of users. For example, here is the ldapsearch command - this successfully returns a list of all users in the G Suite domain. LDAPTLS_REQCERT=allow LDAPTLS_CERT=Google_2022_05_22_3494.crt LDAPTLS_KEY=Google_2022_05_22_3494.key...

Hi, It returns the following: $ LDAPTLS_REQCERT=allow LDAPTLS_CERT=Google_2022_05_22_3494.crt LDAPTLS_KEY=Google_2022_05_22_3494.key ldapsearch -H ldaps://ldap.google.com:636 -b dc=example,dc=io '(uid=testvendor)' dn SASL/EXTERNAL authentication started SASL username...

I have a Proxmox cluster, that uses LDAP to authenticate against a G Suite domain. Previously, users were able to login successfully through their LDAP credentials. However, recently I updated some packages (e.g. libpve-access-control) in order to try with the new LDAP sync feature (discussion...

I also checked the audit logs for the G Suite SecureLDAP service - these are the events associated with my running: # pveum realm sync "example.io" --dry-run --full --purge --scope both In this case, the dry-run didn't return any users, and proposed deleting all the users I'd manually...

Got it - I'll have to check about the anonymous bind thing. I do know that running the ldapsearch command from a Linux box like so works - just using the certificate files, and no credentials: $ LDAPTLS_REQCERT=allow LDAPTLS_CERT=Google_2022_05_22_3494.crt...

My domain.cfg config should be in the above post, for reference. As far as I'm aware - it should be correct, as existing LDAP users are able to login successfully to Proxmox via the LDAP realm. Or are there perhaps additional attributes needed for the new Proxmox sync feature to work? I found...

Hi Dominik Thanks for the detailed info! I just did an apt update and apt dist-upgrade on my cluster - I did see there was an update for the "libpve-access-control" package from 6.0-6 to 6.0-7, which is the version that has the new sync CLI. It took me a while to realise the command is "pveum...

Hi, I saw on the pve-devel mailing list last month (April 2020) there is talk about some new LDAP sync functionality for users and groups: https://pve.proxmox.com/pipermail/pve-devel/2020-March/042097.html https://pve.proxmox.com/pipermail/pve-devel/2020-April/042938.html...

I have a 3-node Ceph/Proxmox cluster. I added some OSDs recently, using a separate volume as the DB/WAL device. However, it turns out I didn't budget enough for the DB/WAL volumes, and I now need to re-create the OSDs from scratch. Via the Web UI, I am able to select each OSD, and then go to...

Hi, ZOL recently merged this patch: https://github.com/openzfs/zfs/pull/10163 which seems to promise significant performance improvements for ZVOLs =). Will this have a positive impact on those of us who run Proxmox on ZFS, with VMs on ZFS? Thanks, Victor

Of course - I filed https://bugzilla.proxmox.com/show_bug.cgi?id=2698 with some initial thoughts. Let me know what you think! Would you need me to do a mockup?

We use Ceph to provide VMs for several internal teams. We'd love this feature (namespaces) to so we can implement quotas, and prevent any one single team from using up all the storage (thread) I saw that QEMU 5.0 is now in pve-test =).

Hi, Oh great - this namespace feature looks really neat. I saw in the thread you linked that it was pending QEMU 5.0. However, I am running pve-test, and QEMU 5.0 now seems to be released there. Does that mean RBD quotas should work now? Is there some Proxmox Web UI integration that needs...

Is there some way of implementing storage quotas per user, if you're using Ceph RBD for VM disk storage? For example, limit users in group A to a maximum of 1TB, or limit group A as an aggregate to 1TB etc?

There is nothing about corosync is any of the syslogs in any of the four nodes. From the crash message - are you thinking the issue is in corosync? I just saw this earlier thread - based on that I installed the systemd-coredump package, and edited /etc/systemd/journald.conf to add...