Hi,
I saw on the pve-devel mailing list last month (April 2020) there is talk about some new LDAP sync functionality for users and groups:
https://pve.proxmox.com/pipermail/pve-devel/2020-March/042097.html
https://pve.proxmox.com/pipermail/pve-devel/2020-April/042938.html
https://pve.proxmox.com/pipermail/pve-devel/2020-April/043289.html
I currently use the Google Secure LDAP feature (https://support.google.com/a/answer/9048516?hl=en) to connect Proxmox to the users in my G Suite domain. (several thousand users).
However, I also need to manually create a matching Proxmox user in user.cfg as well.
It sounds like this functionality will do away with that, right? So I can just point Proxmox at a LDAP server, and it will pull users and groups directly from there, and write these out to user.cfg?
If so - this is amazing! =). Is there any idea of when this functionality will land in testing?
Secondly, I noticed the "full" mode (mentioned https://pve.proxmox.com/pipermail/pve-devel/2020-April/043289.html) does a two-way sync, and deletes users that aren't in the LDAP directory. What about local Linux users such as "root"? Will these no longer be able to login to Proxmox, if you use "full" mode?
Thanks,
Victor
I saw on the pve-devel mailing list last month (April 2020) there is talk about some new LDAP sync functionality for users and groups:
https://pve.proxmox.com/pipermail/pve-devel/2020-March/042097.html
https://pve.proxmox.com/pipermail/pve-devel/2020-April/042938.html
https://pve.proxmox.com/pipermail/pve-devel/2020-April/043289.html
I currently use the Google Secure LDAP feature (https://support.google.com/a/answer/9048516?hl=en) to connect Proxmox to the users in my G Suite domain. (several thousand users).
However, I also need to manually create a matching Proxmox user in user.cfg as well.
It sounds like this functionality will do away with that, right? So I can just point Proxmox at a LDAP server, and it will pull users and groups directly from there, and write these out to user.cfg?
If so - this is amazing! =). Is there any idea of when this functionality will land in testing?
Secondly, I noticed the "full" mode (mentioned https://pve.proxmox.com/pipermail/pve-devel/2020-April/043289.html) does a two-way sync, and deletes users that aren't in the LDAP directory. What about local Linux users such as "root"? Will these no longer be able to login to Proxmox, if you use "full" mode?
Thanks,
Victor