Search results

will find all users with subgroups (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf:1.2.840.113556.1.4.1941:=MY_GROUP_DN)) will find all groups MY_GROUP_.... with subgroups as memrs of MY_GROUP_1 and MY_GROUP_2...

patch to sync firstName and lastName edit /etc/pve/domains.cfg sync_attributes email=mail,firstname=givenName,lastname=sn if use non asci symbols in fisrtname or lastname values for active directory users use this patch sed -i -r 's/(\$ret->\{\$username\}->\{\$ours\} =...

sed -i -r -z 's/(\})([[:space:]]*\$group->\{members\}[[:space:]]*=[[:space:]]*\$members;)/\1\n\n\t # FreeIPA nested group hack\n\t my @memberof_args = \(\n\t base => \$base_dn,\n\t scope => '\''subtree'\'',\n\t filter => '\''\(memberOf='\'' . \$group->\{dn\} ...

found need restart pvedeamon systemctl restart pvedaemon.service

i just cat edit LDAP.pm or i must recompile pve-common ?

maybe developers can add attribute for members. AD has computed attribute with users in subgroups msds-memberTransitive or for users msds-tokenGroupNames all grou in wich hi member with netsted groups

(|(memberOf:1.2.840.113556.1.4.1941:=CN=by01.pve.admins,OU=MYOU,DC=domain,DC=lan)(memberOf:1.2.840.113556.1.4.1941:=CN=by01.pve.operators,OU=MYOU,DC=domain,DC=lan))