Hello,
After reading how to setup a LDAP realm at and reading the code (/usr/share/perl5/PVE/Auth/LDAP.pm around line 126) I figured out there is (yet) no way to add a custom LDAP filter.
I use a structure like:
dn: uid=jdoe,ou=people,dc=example,dc=com
structuralObjectClass: inetOrgPerson
uid: jdoe
memberOf: cn=admins,ou=groups,dc=example,dc=com
And I don't want all users being able to log onto PVE but only admins using a filter like: (memberOf= cn=admins,ou=groups,dc=example,dc=com).
Is this feature planned in a future release? would if be easily patchable? Wouldn't it be a better idea to bind as the PVE login name instead of a generic proxmox user?
Thanks in advance.
After reading how to setup a LDAP realm at and reading the code (/usr/share/perl5/PVE/Auth/LDAP.pm around line 126) I figured out there is (yet) no way to add a custom LDAP filter.
I use a structure like:
dn: uid=jdoe,ou=people,dc=example,dc=com
structuralObjectClass: inetOrgPerson
uid: jdoe
memberOf: cn=admins,ou=groups,dc=example,dc=com
And I don't want all users being able to log onto PVE but only admins using a filter like: (memberOf= cn=admins,ou=groups,dc=example,dc=com).
Is this feature planned in a future release? would if be easily patchable? Wouldn't it be a better idea to bind as the PVE login name instead of a generic proxmox user?
Thanks in advance.
