On 3/13/20 1:18 PM, Dominik Csapak wrote:
> for syncing users/groups from ldap, we need some more options
> so that the users can adapt it to their LDAP setup, which are very
> different accross systems.
>
> sensible defaults are documented
>
> Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
> ---
> changes from v1:
> * increased filter maxLength
> * better wording of sync_attributes description; with example
> * rename group_attr -> group_name_attr
>
applied, squashed in some description "fixes" (mainly indentation one, as I
do not like the used much).
Thanks!
> PVE/Auth/LDAP.pm | 59 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 59 insertions(+)
>
> diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
> index 5eef12c..7d1d1ed 100755
> --- a/PVE/Auth/LDAP.pm
> +++ b/PVE/Auth/LDAP.pm
> @@ -57,6 +57,58 @@ sub properties {
> type => 'string',
> optional => 1,
> },
> + filter => {
> + description => "LDAP filter for user sync.",
> + type => 'string',
> + optional => 1,
> + maxLength => 2048,
> + },
> + sync_attributes => {
> + description => "Comma separated list of key=value pairs for
> specifying ".
> + "which LDAP attributes map to which PVE user field".
> + "(e.g. to map the LDAP attribute 'mail' to PVEs
> 'email', ".
> + "write 'email=mail' ). By default, each PVE user
> field ".
> + "is represented by an LDAP attribute of the same
> name.",
> + optional => 1,
> + type => 'string',
> + pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
> + },
> + user_classes => {
> + description => "The objectclasses for users.",
> + type => 'string',
> + default => 'inetorgperson, posixaccount, person, user',
> + format => 'ldap-simple-attr-list',
> + optional => 1,
> + },
> + group_dn => {
> + description => "LDAP base domain name for group sync. ".
> + "If not given, the base_dn will be used.",
> + type => 'string',
> + pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
> + optional => 1,
> + maxLength => 256,
> + },
> + group_name_attr => {
> + description => "LDAP attribute representing a groups name. If not
> given or ".
> + "found, the first value of the DN will be used as
> name.",
> + type => 'string',
> + format => 'ldap-simple-attr',
> + optional => 1,
> + maxLength => 256,
> + },
> + group_filter => {
> + description => "LDAP filter for group sync.",
> + type => 'string',
> + optional => 1,
> + maxLength => 2048,
> + },
> + group_classes => {
> + description => "The objectclasses for groups.",
> + type => 'string',
> + default => 'groupOfNames, group, univentionGroup, ipausergroup',
> + format => 'ldap-simple-attr-list',
> + optional => 1,
> + },
> };
> }
>
> @@ -77,6 +129,13 @@ sub options {
> capath => { optional => 1 },
> cert => { optional => 1 },
> certkey => { optional => 1 },
> + filter => { optional => 1 },
> + sync_attributes => { optional => 1 },
> + user_classes => { optional => 1 },
> + group_dn => { optional => 1 },
> + group_name_attr => { optional => 1 },
> + group_filter => { optional => 1 },
> + group_classes => { optional => 1 },
> };
> }
>
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
