LDAP cannot sync group include user in group

[Uncelvel]

Im using LDAP for authentication user for proxmox
All user and group sync from LDAP to Proxmox successfully
But user's group cannot mapping in proxmox
- LDAP:

- But after sync successfully

Group doesn't include user



This is my setting of ldap authen





Expected like this (I add group of user by hand)


How can i keep groups of user after sync to Proxmox . I want to set permission to group.
Tks for reading

 

[oguz]

hi,

what about groupname attr ?

 

[Uncelvel]

hi,

what about groupname attr ?

hi oguz
I don't understand how groupname attr woking so I don't know how to configure it
It's mean proxmox support sync group with user include?

 

[Uncelvel]

hi,

what about groupname attr ?

hi @oguz
Any suggestion for this case

 

[kamilko47]

I have this same problem when using freeipa LDAP.

 

[Elladan]

same with synology LDAP Sync

 

[gtrymore]

I am running Proxmox 6.0-4 and would also like to login to proxmox using LDAP.May anyone please send me a link with the steps to do this inside the Proxmox 6 environment.

 

[NM-Admin]

Im using LDAP for authentication user for proxmox
All user and group sync from LDAP to Proxmox successfully
But user's group cannot mapping in proxmox
- LDAP:
View attachment 18195
- But after sync successfully
View attachment 18196
Group doesn't include user
View attachment 18197
View attachment 18198

This is my setting of ldap authen
View attachment 18200

View attachment 18201


Expected like this (I add group of user by hand)
View attachment 18199

How can i keep groups of user after sync to Proxmox . I want to set permission to group.
Tks for reading

Have same problem. Did you find a solution?

 

[Openfactory]

We have been having the same problem using LDAP-account-manager, we can fetch the users and groups but no users are added to the groups, and if we add them manually they are gone after a resync. We read in another forum post that there is a way to change the LDAP.pm file to read 'memberUid' which will then work with the 'posixGroup' group class, but my perl5 knowledge is 0.

Is there an update to this or anything added to the new 7.4 release to access this option via GUI. we'd rather not change the LDAP.pm file if possible.

 

[pille99]

you need to following attributes
groupMembershipAttributes
try groupname attribute
from the documentation:
Groupname attr. (group_name_attr): Represents the users' groups. Only entries which adhere to the usual character limitations of the user.cfg are synced. Groups are synced with -$realm attached to the name, in order to avoid naming conflicts. Please ensure that a sync does not overwrite manually created groups.

 

[Openfactory]

Groups are synced with -$realm attached to the name, in order to avoid naming conflicts. Please ensure that a sync does not overwrite manually created groups.

Good news for this part, i created a group manually and it wasn't lost after a resync and the user stayed attached to the group.

you need to following attributes
groupMembershipAttributes

Do you know of any documentation that shows how to add this?

try groupname attribute

in 'sub get_groups' there is 'my $attr = $config->{group_name_attr};' Is this what you are referring to?