On 7/24/23 11:03, Christoph Heiss wrote:
tl;dr implements the result of the discussion in [0].
First, this removes the dreaded LDAP DN regex, replacing it instead with
a proper schema format, which does validation using
Net::LDAP::Util::canonical_dn().
Already discussed off-list, but for the sake of completeness:
I'd say we can just do the same thing as in PBS, were we only verify the
settings by
connecting to the server, but nothing else.
If we drop the check through `canonical_dn()`, then we actually improve
the AD realm implementation, which is also based on the LDAP code.
AD not only supports the regular DN syntax, but also:
Domain\Administrator
Administrator@Domain
However, these two formats are not accepted by `canonical_dn`. If we just drop
the
check, then these alternative forms will work automatically (I've actually
tested
this against a real AD server)
--
- Lukas
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
