Has anyone got this working?? From the numerous searches on this forum it seems there is a way to do this using "memberOf:1.2.840.113556.1.4.1941" LDAP search filter syntax.
However we are able to get the users but not the top level groups in order to apply PVE permission to those groups
What we would like to see is the following:
PVE Permissions>PVE Role > TOPLEVEL AD GROUPs> Nested AD roll groups > AD Users
When we use the "memberOf:1.2.840.113556.1.4.1941" LDAP user filter we are able to pull in all the users that belong to the top level groups via the nested AD groups but we cannot apply PVE role permissions to those top level groups directly.
Under the permissions > Groups we see the top groups but the user member is empty. However under the Permissions > Users we do see all the users that are members of the nested group inside those top level groups. If we attempt to apply permissions to those groups it does not seem to pick up any user memberships.
We are looking to setup a similar method of RBAC that we had with our vCenter.
thanks for your help
However we are able to get the users but not the top level groups in order to apply PVE permission to those groups
What we would like to see is the following:
PVE Permissions>PVE Role > TOPLEVEL AD GROUPs> Nested AD roll groups > AD Users
When we use the "memberOf:1.2.840.113556.1.4.1941" LDAP user filter we are able to pull in all the users that belong to the top level groups via the nested AD groups but we cannot apply PVE role permissions to those top level groups directly.
Under the permissions > Groups we see the top groups but the user member is empty. However under the Permissions > Users we do see all the users that are members of the nested group inside those top level groups. If we attempt to apply permissions to those groups it does not seem to pick up any user memberships.
We are looking to setup a similar method of RBAC that we had with our vCenter.
thanks for your help
Last edited: