Good day,
Trying to get LDAP from kanidm https://kanidm.github.io/kanidm/master/integrations/ldap.html and seems that it doesn't have
- lastname
- firstname
- enable
- expire
- comment
as I'm getting (various times) these when trying to sync:
TASK ERROR: ldap user search error: InvalidAttribute("lastname")
TASK ERROR: ldap user search error: InvalidAttribute("comment")
TASK ERROR: ldap user search error: InvalidAttribute("expire")
TASK ERROR: ldap user search error: InvalidAttribute("enable")
TASK ERROR: ldap user search error: InvalidAttribute("firstname")
Q1: Any way to not have those errors?
Kanidm supports and do legalname and description as options. but doesn't seem to have any of those above
Reason I'd like to use kanidm:
easy to integrate with the PAM/ssh for sys/cluster admins, while we can still have NOC users have web views.
Reason I'd like to use LDAP, is that I can get group information synced - which OIDC in ProxMox doesn't support (though elsewhere it seems doable)
And yes, the OIDC is nice to use elsewhere too for the same users to have a sso instead for some other apps
Trying to get LDAP from kanidm https://kanidm.github.io/kanidm/master/integrations/ldap.html and seems that it doesn't have
- lastname
- firstname
- enable
- expire
- comment
as I'm getting (various times) these when trying to sync:
TASK ERROR: ldap user search error: InvalidAttribute("lastname")
TASK ERROR: ldap user search error: InvalidAttribute("comment")
TASK ERROR: ldap user search error: InvalidAttribute("expire")
TASK ERROR: ldap user search error: InvalidAttribute("enable")
TASK ERROR: ldap user search error: InvalidAttribute("firstname")
Q1: Any way to not have those errors?
Kanidm supports and do legalname and description as options. but doesn't seem to have any of those above
Reason I'd like to use kanidm:
easy to integrate with the PAM/ssh for sys/cluster admins, while we can still have NOC users have web views.
Reason I'd like to use LDAP, is that I can get group information synced - which OIDC in ProxMox doesn't support (though elsewhere it seems doable)
And yes, the OIDC is nice to use elsewhere too for the same users to have a sso instead for some other apps