LDAP filter

Mar 21, 2018
4
0
6
125
Hello,

After reading how to setup a LDAP realm at https://pve.proxmox.com/wiki/User_Management#pveum_authentication_realms and reading the code (/usr/share/perl5/PVE/Auth/LDAP.pm around line 126) I figured out there is (yet) no way to add a custom LDAP filter.

I use a structure like:
dn: uid=jdoe,ou=people,dc=example,dc=com
structuralObjectClass: inetOrgPerson
uid: jdoe
memberOf: cn=admins,ou=groups,dc=example,dc=com

And I don't want all users being able to log onto PVE but only admins using a filter like: (memberOf= cn=admins,ou=groups,dc=example,dc=com).


Is this feature planned in a future release? would if be easily patchable? Wouldn't it be a better idea to bind as the PVE login name instead of a generic proxmox user?


Thanks in advance.