Help me setup openldap sync

D

duke8804

Member
Jan 18, 2022
5
0
6
37
Can someone please point me to an idiots walkthrough for configuring openldap and adding it to proxmox.

I have found a bunch of videos and stuff for Active Directory, but i dont want to use windows anymore.

I have the openldap setup and can use ldapsearch to connect to and get info.

It says i have successfully synced on proxmox, but users never appear.

Im sure i am not telling proxmox the correct place to look, but i have no idea where to go from here.

Hoping an idiots guide i can replicate and figure out what im doing wrong.
 
duke8804 said:
I have found a bunch of videos and stuff for Active Directory, but i dont want to use windows anymore.
Click to expand...
Just a side note: you don't need Windows to use Active Directory. You can use Samba and deploy a DC to use it to manage your users. You can use it from cli or try packaged solutions like Univention or Zentyal.
 
You've probably already seen the documentary about it... Please post your current configuration for the LDAP connection.

Code: 
cat /etc/pve/domains.cfg

Have you already tried to manually create an LDAP user that should work? Apart from the sync, this is a good test.

@VictorSTS yes thanks, Univention is really nice, and OpenSource
:cool:
 
below is my domains.cfg

good news, i dont know what i did, but the groups and users are now syncing, BUUUUUT the group memberships are not syncing.

I have looked at Univention and Zentyal. Zentyal with some history seems sketch to me. Just my feeling could be totally wrong.

But i like just having a docker running the openldap. small and simple. Plus i have multiple user domains i need to manage and dont want multiple servers for each. would prefer multiple docker containers for each.

Also i know i should not use admin for the bind. That will be changed once i figure this out.

Code: 
root@pve:~# cat /etc/pve/domains.cfg
pam: pam
        comment Linux PAM standard authentication

pve: pve
        comment Proxmox VE authentication server

ldap: unitedwayefc.org
        base_dn dc=unitedwayefc,dc=org
        server1 ldap.unitedwayefc.org
        user_attr uid
        bind_dn cn=admin,dc=unitedwayefc,dc=org
        default 1
        group_classes posixGroup
        sync-defaults-options remove-vanished=acl;entry;properties,scope=both
        user_classes inetOrgPerson
 
I have tried this with an OpenLdap (Univention). After the sync, the group membership was immediately under "Datacenter -> Permissions -> Grpous" visible. Group_classes and user_classes did not have to be filled out. It also works here with the classes. They are assigned the same here in LDAP. Here is my config:

Code: 
ldap: proxmox.lan
        base_dn dc=proxmox,dc=lan
        server1 dc3.proxmox.lan
        user_attr uid
        bind_dn uid=proxmox-bind-user,cn=users,dc=proxmox,dc=lan
        default 1
        group_name_attr cn
        mode ldap+starttls
        port 7389
        sync-defaults-options scope=both
        sync_attributes email=mail

For bind_dn you write “cn=”, for user_attr” you use ‘uid’, do you have two different schematas running for users? Maybe you have to pass the correct user attribute too...

user_attr ???
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back