Proxmox VE3 LDAP sync

[MirageAL]

Hi there,

do anyone knows if it's possible to sync LDAP with Proxmox auth?
Cause I've like 5 Clusters and I've to change the User Authentification to often to get it with an manual add or delete.

Is there a way to get the sync? Or to get Access with ldap to change the database so i can import the new User directly in the DB?

 

[fireon]

Yes LDAP with directly with the system is working fine.

 

[MirageAL]

Yes LDAP with directly with the system is working fine.

Hi,

How did you do that?

On my clusters I've to add the usernames manually and only the password auth is over ldap

 

[fireon]

Oh sorry, my fault. I misunderstood. But yes, that what you mean is working, but not directly. The important information are in the

/etc/pve/user.cfg

When you have on all clusers the same users, then it is easy to sync this file. When you have different User/ACLs on the clusters, then it is complicated. The only thing I can think straight is to use puppet. But only for this... yes it will be an overkill.

But what you need is interresting. I would be nice when you bind over PVE Webinterface or you bind the whole server directly over
libnss-ldapd that you have all user with an specific group visible in the PVE. And the only thing what is to do, do activate the user.

Maybe sync the file is an way for you.

 

[MirageAL]

Ah okay, i found the Users, but the problem is that the PAM-Users are different on all Clusters but the LDAP User:Group are the same on all Clusters. So i can't copy the cfg.

I need only an Update of the LDAP-Users wenn i'm creating a new one ore delete one.

 

[fireon]

The usersfile is also for the ldapusers. See an example:

user:myuser@ldapdomain.local:1:0:Vorname:nachname:vorname.nachname@email.local:OpenSource-IT:UOIJGH7976KHH:

and the ldapconfig in here

/etc/pve/domains.cfg

Hope this is a little bit helpful vor you...