On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
> Add LDAP_UDP macro to the firewall to support LDAP implementations
> that use UDP as well, such as Windows AD [1]
>
> [1]
> https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
> [..]
> --- a/proxmox-ve-config/resources/macros.json
> +++ b/proxmox-ve-config/resources/macros.json
> @@ -377,6 +377,15 @@
> ],
> "desc": "Lightweight Directory Access Protocol traffic"
> },
> + "LDAP_UDP": {
What about naming it "AD" instead and including both the TCP and UDP
rule instead? I.e. making it completely separate from the "normal" LDAP
rule.
Naming it "LDAP_UDP" could be confusing to users, in that it might be
required for actual, compliant LDAP servers as well, not just AD.
> + "code": [
> + {
> + "dport": "389",
> + "proto": "udp"
> + }
> + ],
> + "desc": "Lightweight Directory Access Protocol traffic via UDP"
> + },
> "LDAPS": {
> "code": [
> {
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
