Possible to migrate OpenLDAP Users into Proxmox?

[Kyler]

Hello,

I'm currently evaluating ProxMox to determine if it's suitable for our environment. We currently have OpenLDAP set up, however we require the LDAP users we have to be able to log on to proxmox. Is there a system set up to replicate users from LDAP in to Proxmox? As it currently stands I have to manually add the usernames in the Users panel in order for the authentication to work.

Is there also a way to force users to be added to a specific group by default? Or alter the default permissions for newly created users?

 

[Denny]

Proxmox has an API and that has the functionality you are looking for. It shouldn't be a difficult task in your favorite scripting language.

https://pve.proxmox.com/wiki/Proxmox_VE_API

 

[LnxBil]

To answer your questions first: No there is none built in solution for your problem. We also went with a CLI solution for that.

I'd like to have some synchronisation script for that so I would be willing to assist you in writing one if we publish it as OpenSource.

 

[fireon]

You can do the puppet way with Foreman: https://www.theforeman.org/ We do this since a time, yes need time for learing with, but it's worth it, believe me.

 

[guletz]

I think you can install sssd service in proxmox host. Setup sssd to use your ldap. Then all your ldap users will be like local users for proxmox. I guess if ssh works for a such user, then maybe it will also work for proxmox.

 

[LnxBil]

I guess if ssh works for a such user, then maybe it will also work for proxmox.

No, you still need to create the user manually in PVE itself.

 

[Denny]

@guletz SSSD handles the authentication portion which is already handled by Proxmox built in functions. You need to also create the user name and give them a role or assign them to groups which have roles associated ie the Authorization portion.

 

[guletz]

...yes, I checked now, and you need to create this users!