LDAP filter

shadowgun1102

New Member
Apr 3, 2019
1
0
1
30
Hello,

After reading how to setup a LDAP realm at and reading the code (/usr/share/perl5/PVE/Auth/LDAP.pm around line 126) I figured out there is (yet) no way to add a custom LDAP filter.

I use a structure like:
dn: uid=jdoe,ou=people,dc=example,dc=com
structuralObjectClass: inetOrgPerson
uid: jdoe
memberOf: cn=admins,ou=groups,dc=example,dc=com
And I don't want all users being able to log onto PVE but only admins using a filter like: (memberOf= cn=admins,ou=groups,dc=example,dc=com).


Is this feature planned in a future release? would if be easily patchable? Wouldn't it be a better idea to bind as the PVE login name instead of a generic proxmox user?


Thanks in advance.
 
Hello,

...
And I don't want all users being able to log onto PVE but only admins using a filter like: (memberOf= cn=admins,ou=groups,dc=example,dc=com).
...
Hi,
ldap is for authentication only - so you need to create the user on the pve-cluster first - with realm ldap (and assign the rights).
So it's not the case that all user can login...

Udo