PBS LDAP Issue

liberodark

Member
Apr 26, 2021
112
25
23
31
Hi,

When i try to add LDAP on PBS 3.0 have issue :

Code:
Could not search LDAP realm, base_dn could be incorrect: LDAP operation result: rc=4 (sizeLimitExceeded), dn: "", text: "": rc=4 (sizeLimitExceeded), dn: "", text: ""

Configuration on PBS :

Realm : domain.com
Base Domain Search : dc=domain,dc=com
User Attribute Name : sAMAccountName
Bind User : cn=-SA-AD-PBS,ou=PBS,ou=ServiceAccounts,ou=CORPORATE,dc=domain,dc=com
Bind Password : *********
Server : domain.com
Fallback Server : domain-backup.com
Port : 636
Mode : LDAPS

And also have see on sync option is missing some options in PBS :

1688632881217.png

VS in PVE

1688632841043.png
1688632910132.png
1688632935689.png

But im using all options in PVE.

Have use same LDAP option on PVE 8.0 without issue.

Best Regards
 
Last edited:
Ah it seems you ran into an issue with the new flow for creating LDAP realms. Sorry this is a bug it seems. The query used to check whether the LDAP connection would work seems to exceed a size limit and fails. The part handling this logic only checks whether the query succeeds, not why it fails. I'll look into this.
 
  • Like
Reactions: liberodark
Since this fix is taking longer than I expected (sorry for that), you can use this work around for now:

Edit the file /etc/proxmox-backup/domains.cfg like so

Code:
ldap: <realm-name>
    base-dn <base-dn>
    bind-dn <bind-dn>
    mode <ldap|ldaps|ldap+starttls>
    server1 <server>
    server2 <fallback>
    user-attr <user-attribute>

If you use a bind-dn you also need to add your bind password unter /etc/proxmox-backup/ldap_passwords.json like so:

Code:
{
  "<realm-name>": "<password>"
}
 
Last edited:
  • Like
Reactions: liberodark
Hello.

Since I already have the configuration on PVE I'll just transfer this to PBS and add ldap_passwords.json.

Best Regards
 
But have see little issue i can see other realm :

1689252127448.png
Have try to set other realm but i can't see other realm.

Code:
pam: pam
pve: pve

Best Regards
 
Hey,

first off, the PVE config is not identical to the PBS one, so it may not work as expected. PVE and PBS use different LDAP implementations. Secondly, I am not sure what you are trying to do in your last post, but you don't need to add the PAM or PVE realms to your /etc/proxmox-backup/domains.cfg file.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!