Proxmox ldaps query to active directory domain successfully configured - need to have login with cached credentials

[Elleni]

Is that possible to login with domain credentials using cached active directory credentials? Reason is, that it is an instance installed on a latop. We would like the users, that initially logged in the system and were authenticated by ldaps can also reconnect to proxmox webgui when offline. I read that sssd has the functionality baked in, but afaik ldaps queries are not done by sssd?

Can this be achieved?

As said - we configured realm and it works fine when connected on a network where ldaps queries towards dc's are possible. But that mechanism obviously does not include sssd.

 

[Elleni]

This isnt possible I am afraid, right?

 

[cheiss]

Hi,

this is indeed not possible - and not planned either.
Caching LDAP credendentials would really defeat the whole point of using such external authentication realms.
E.g. starting with the situation that the password was changed in the meantime, be it by the user or an administrator for security reason.

Reason is, that it is an instance installed on a latop.

Why not have it running as a proper server - an LXC would be more than fine. This seems like a rather convoluted setup.

 

[Elleni]

We already have a 2 node pve cluster running, but would like to replace vmware workstation for running local vm's on developpers laptops - ldaps realm queries works fine as long as you are connected to the company's network and it would have been cool to be able to also use it when being outside the company.

Could this setup maybe be acheived when instead of doing the realms ldaps approach, the server would be joined to the domain? I mean that way one could use the sssd feature for it?