Kanidm and LDAP InvalidAttribute

H

hvisage

Renowned Member
May 21, 2013
297
32
93
Good day,

Trying to get LDAP from kanidm https://kanidm.github.io/kanidm/master/integrations/ldap.html and seems that it doesn't have
- lastname
- firstname
- enable
- expire
- comment

as I'm getting (various times) these when trying to sync:

TASK ERROR: ldap user search error: InvalidAttribute("lastname")
TASK ERROR: ldap user search error: InvalidAttribute("comment")
TASK ERROR: ldap user search error: InvalidAttribute("expire")
TASK ERROR: ldap user search error: InvalidAttribute("enable")
TASK ERROR: ldap user search error: InvalidAttribute("firstname")

Q1: Any way to not have those errors?

Kanidm supports and do legalname and description as options. but doesn't seem to have any of those above

Reason I'd like to use kanidm:
easy to integrate with the PAM/ssh for sys/cluster admins, while we can still have NOC users have web views.

Reason I'd like to use LDAP, is that I can get group information synced - which OIDC in ProxMox doesn't support (though elsewhere it seems doable)

And yes, the OIDC is nice to use elsewhere too for the same users to have a sso instead for some other apps
 
  • Like
Reactions: TheDragon
Would be interested to hear if this is planned at all? Does it need to be reported on the bug tracker?

Kanidm is also the SSO I'm looking to integrate Proxmox with, and this was the first result I found.


As for why Kanidm (if it's relevant?) among many other things it's very thoughtfully designed and documented.
If anyone reads this comment (or the previous one) and hasn't looked at their handbook... (do!) it really is exceptional, and is more than just docs.

Just to be clear, I don't have any affiliation with the project, just a happy end user
 
  • Like
Reactions: hevisko
You must log in or register to reply here.
Top Bottom