PBS 2.4 + LDAP with User Filter: TASK ERROR: filter parse error

[florianschroen]

Hi,

i tried to use a user filter at ldap configuration.

https://pbs.proxmox.com/docs/user-management.html#ldap / https://pbs.proxmox.com/docs/configuration-files.html#domains-cfg
states this would be a normal ldap search filter.

filter : <string>
Custom LDAP search filter for user sync

when I am searching for Users with attribute accessTo=pbs-host with

ldapsearch -b "dc=company,dc=tld" -LLL -h ldap.company.tld -x "accessTo=pbs" uid

i get a result of one user CN with the listed attribute "uid".

When i put accessTo=pbs into »LDAP Server > Sync Options > "User Filter:"« and start a dry-run User Sync, i get

2023-06-27T15:31:25+02:00: starting realm sync for ldap
2023-06-27T15:31:25+02:00: this is a DRY RUN - changes will not be persisted
2023-06-27T15:31:25+02:00: TASK ERROR: filter parse error

What am I missing here?

Thx.

/etc/proxmox-backup/domains.cfg:

ldap: ldap
        base-dn dc=company,dc=tld
        comment company ldap
        filter accessTo=pbs
        mode ldap
        port 389
        server1 ldap.company.tld
        server2 ldap2.company.tld
        sync-attributes email=mail,firstname=givenName,lastname=sn
        sync-defaults-options enable-new=false
        user-attr uid
        user-classes person

 

[Lukas Wagner]

Hi,

for PBS 2.4, you need to surround the filter expressions with parentheses so that they are in LDAP query syntax. The correct syntax should be filter (accessTo=pbs).

This will be fixed in PBS 3.0 [1], then both forms are possible.

[1] https://lists.proxmox.com/pipermail/pbs-devel/2023-June/006207.html

 

[florianschroen]

Thx Lukas!

setting to (accessTo=pbs) worked for me.