First of, remove the dreaded LDAP DN regex. Further, upon saving a LDAP realm in the UI, it tries to connect & bind using the provided credentials, providing the user with immediate feedback whether they are valid or not.
The same approach is already implemented in PBS [0], and I'll plan to implement the same for PMG too, if & when the PVE side is done. Testing ------- Changes were tested against slapd 2.5.13+dfsg-5 (for LDAP) and Samba 4.18.5 (for AD), using both the web UI and `pveum` to create and update realms with different combinations of valid and invalid parameters, mixed with using new `check-connection` parameter. Prior art --------- v1: https://lists.proxmox.com/pipermail/pve-devel/2023-July/058551.html Notable changes v1 -> v2: * Added patch #1 from previous series [1], missed that in v1 * Do not store the 'check-connection' parameter in the realm config * Add "Check connection" checkbox to AD edit too This series supersedes [1], which previously solved this using a new schema format by validating DNs using Net::LDAP::Util::canonical_dn(). But this has the problem that it does not support AD-specific DN syntax. After a off-list discussion with Lukas (summary [2] [3]), it was decided to rather implement it much like PBS does it - simply drop the explicit validation of DN parameters, instead just trying to connect & bind to the target server - although I'm always open for other/better suggestions to tackle this. [0] https://git.proxmox.com/?p=proxmox-backup.git;a=commitdiff;h=5210f3b5 [1] https://lists.proxmox.com/pipermail/pve-devel/2023-July/058392.html [2] https://lists.proxmox.com/pipermail/pve-devel/2023-July/058540.html [3] https://lists.proxmox.com/pipermail/pve-devel/2023-August/058582.html -- 2.41.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
