LDAP Sync syncs every user instead of specified group

T

twilcox

New Member
Dec 1, 2020
9
0
1
34
I'm trying to set up an ldap source for authentication. I can't seem to get it to sync only one specific group. I've tried adding the name of the group to "group filter" in the sync options tab after double clicking on the authentication source.

How can I just sync one group instead of everyone?
 
Hi,

so just to clarify, you want one group and all of its users to get synced?

This needs a bit support from the LDAP schema, as Proxmox VE cannot really tell else that you only want the user from a specific group.

I'd set a user filter like: memberOf=cn=MyGroup,ou=gon,dc=example,dc=com using the openLDAP memberOf overlay here works out quite nicely (albeit setting it up can have some pitfalls), but another attribute should also work out.
 
  • Like
Reactions: ademirk
Thanks for the reply. I'll try that out. How does syncing work before the version of proxmox that introduced syncing existed? The second box I'm working on is quite old and I need to add a group to that one as well
 
twilcox said:
How does syncing work before the version of proxmox that introduced syncing existed?
Click to expand...
Manually ;-) Then you had to manually create the user/group, PVE was then mostly just able to use LDAP for doing authentication checks.

twilcox said:
The second box I'm working on is quite old and I need to add a group to that one as well
Click to expand...

You probably want it to upgrade to 6.x, as older versions are end of life.
 
Well I upgraded to version 6 to get the sync support and now I don't have the filter settings I would expect to see in the filter menu
I expect to see this:
1607098299173.png

And I got this
1607098324247.png
 
t.lamprecht said:
I'd set a user filter like: memberOf=cn=MyGroup,ou=gon,dc=example,dc=com using the openLDAP memberOf overlay here works out quite nicely (albeit setting it up can have some pitfalls), but another attribute should also work out.
Click to expand...
So is this supposed to be what I set my base_dn to?
 
I guess I'm not sure what to modify to get the user filter field to show up in the UI
 
t.lamprecht said:
Hi,

so just to clarify, you want one group and all of its users to get synced?

This needs a bit support from the LDAP schema, as Proxmox VE cannot really tell else that you only want the user from a specific group.

I'd set a user filter like: memberOf=cn=MyGroup,ou=gon,dc=example,dc=com using the openLDAP memberOf overlay here works out quite nicely (albeit setting it up can have some pitfalls), but another attribute should also work out.
Click to expand...
For my intended results I needed to add the memberof= query on users filter AND the (&(objectclass=group)(CN=Administradores)) on Group Filter.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back