LDAP Authentication - does it support client certificates?

[victorhooi]

Hi,

I'm attempting to setup Proxmox to authenticate against Google Secure LDAP.

This uses a client certificate in order to authenticate - I have a separate keyfile and certificate file.

Does Proxmox support using this to authenticate for LDAP?

Thanks,
Victor

 

[dcsapak]

Does Proxmox support using this to authenticate for LDAP?

yes, this is rather sparsely documented but you can see in the api that you can set a client cert/key
https://yourhost:8006/pve-docs/api-viewer/index.html -> /access/domains POST

 

[victorhooi]

Aha, so you're saying I could do this via the API?

The wiki article isn't very clear on how to setup authentication realms - it seems to imply you need to setup a /etc/pve/domains.cfg file. I'm searching, but the documentation on this is rather sparse - happy to contribute to the wiki article once I get this running myself.

Also, I just saw from this other thread that you might need to create each LDAP user separately in Proxmox as well? Is that still the case for LDAP?