proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-07-24 20:34:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Auth/LDAP: add necessary options for syncing

Browse Source 
for syncing users/groups from ldap, we need some more options
so that the users can adapt it to their LDAP setup, which are very
different accross systems.

sensible defaults are documented

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-03-13 13:18:44 +01:00 committed by Thomas Lamprecht
parent c63e26c84e
commit eba326d2df
1 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
PVE/Auth/LDAP.pm
View File

@ -57,6 +57,58 @@ sub properties {
type => 'string',
optional => 1,
},
filter => {
description => "LDAP filter for user sync.",
type => 'string',
optional => 1,
maxLength => 2048,
},
sync_attributes => {
description => "Comma separated list of key=value pairs for specifying"
." which LDAP attributes map to which PVE user field. For example,"
." to map the LDAP attribute 'mail' to PVEs 'email', write "
." 'email=mail'. By default, each PVE user field is represented "
." by an LDAP attribute of the same name.",
optional => 1,
type => 'string',
pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
},
user_classes => {
description => "The objectclasses for users.",
type => 'string',
default => 'inetorgperson, posixaccount, person, user',
format => 'ldap-simple-attr-list',
optional => 1,
},
group_dn => {
description => "LDAP base domain name for group sync. If not set, the"
." base_dn will be used.",
type => 'string',
pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
optional => 1,
maxLength => 256,
},
group_name_attr => {
description => "LDAP attribute representing a groups name. If not set"
." or found, the first value of the DN will be used as name.",
type => 'string',
format => 'ldap-simple-attr',
optional => 1,
maxLength => 256,
},
group_filter => {
description => "LDAP filter for group sync.",
type => 'string',
optional => 1,
maxLength => 2048,
},
group_classes => {
description => "The objectclasses for groups.",
type => 'string',
default => 'groupOfNames, group, univentionGroup, ipausergroup',
format => 'ldap-simple-attr-list',
optional => 1,
},
};
}
@ -77,6 +129,13 @@ sub options {
capath => { optional => 1 },
cert => { optional => 1 },
certkey => { optional => 1 },
filter => { optional => 1 },
sync_attributes => { optional => 1 },
user_classes => { optional => 1 },
group_dn => { optional => 1 },
group_name_attr => { optional => 1 },
group_filter => { optional => 1 },
group_classes => { optional => 1 },
};
}