<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">Any news on adding those few
      lines to master regarding LDAP non-anonymous bind?</font><br>
    <br>
    <div class="moz-cite-prefix">On 07.09.15 16:25, Sten Aus wrote:<br>
    </div>
    <blockquote cite="mid:55ED9040.9020501@eenet.ee" type="cite">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div style="" class="markdown-here-wrapper"
        data-md-url="Thunderbird">
        <p style="margin: 0px 0px 1.2em ! important;">Hi</p>
        <p style="margin: 0px 0px 1.2em ! important;">I would like to
          propse a feature: LDAP non-anonymous bind.<br>
          As it has been discussed already in forums I will link it here
          as well:<br>
          <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://forum.proxmox.com/threads/14649-LDAP-authentication-with-non-anonymous-bind">http://forum.proxmox.com/threads/14649-LDAP-authentication-with-non-anonymous-bind</a></p>
        <p style="margin: 0px 0px 1.2em ! important;">As a proposed
          patch is working I would suggest it to add to Proxmox.<br>
          A (almost) copy-paste from this patch is here. There is
          missing one comma (,) at the end of bind_pw {} section</p>
        <pre style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;font-size: 1em; line-height: 1.2em;margin: 1.2em 0px;"><code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;white-space: pre; overflow: auto; border-radius: 3px; border: 1px solid rgb(204, 204, 204); padding: 0.5em 0.7em; display: block ! important;">diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index dc1c229..50df467 100755
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -18,6 +18,19 @@ sub properties {
         optional => 1,
         maxLength => 256,
     },
+    bind_dn => {
+        description => "LDAP bind DN",
+        type => 'string',
+        pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
+        optional => 1,
+        maxLength => 256,
+    },
+    bind_pw => {
+        description => "LDAP bind password",
+        type => 'string',
+        optional => 1,
+        maxLength => 256,
+    },
     user_attr => {
         description => "LDAP user attribute name",
         type => 'string',
@@ -33,6 +46,8 @@ sub options {
     server1 => {},
     server2 => { optional => 1 },
     base_dn => {},
+    bind_dn => { optional => 1 },
+    bind_pw => { optional => 1 },
     user_attr => {},
     port => { optional => 1 },
     secure => { optional => 1 },
@@ -50,6 +65,12 @@ my $authenticate_user_ldap = sub {
     my $conn_string = "$scheme://${server}:$port";

     my $ldap = Net::LDAP->new($conn_string, verify => 'none') || die "$@\n";
+    if ($config->{bind_dn} ) {
+      my $res = $ldap->bind( $config->{bind_dn}, password => $config->{bind_pw} );
+      my $code = $res->code();
+      my $err = $res->error;
+      die "Error during initial bind: $err\n" if ($code);
+    }
     my $search = $config->{user_attr} . "=" . $username;
     my $result = $ldap->search( base    => "$config->{base_dn}",
                 scope   => "sub",
</code></pre>
        <p style="margin: 0px 0px 1.2em ! important;">Now, all you’ve
          got to do is edit <code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;">/etc/pve/domains.cfg</code>
          file and add <code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;">bind_dn</code>
          and <code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;">bind_pw</code>
          parameters there.</p>
        <p style="margin: 0px 0px 1.2em ! important;">Also, when I edit
          from GUI, those values get lost from this file, so I would
          suggest it that you configure LDAP from GUI and then add those
          two rows there from CLI.</p>
        <p style="margin: 0px 0px 1.2em ! important;">As some daemon
          caches LDAP.pm I needed to restart my host to get LDAP bind
          working. I have tried to restart three services:</p>
        <pre style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;font-size: 1em; line-height: 1.2em;margin: 1.2em 0px;"><code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;white-space: pre; overflow: auto; border-radius: 3px; border: 1px solid rgb(204, 204, 204); padding: 0.5em 0.7em; display: block ! important;">service pve-cluster restart && service pve-manager restart && service pveproxy restart
</code></pre>
        <p style="margin: 0px 0px 1.2em ! important;">Can anyone tell me
          what service caches it? Can I restart it without affecting my
          KVMs?</p>
        <p style="margin: 0px 0px 1.2em ! important;">Maybe a feature in
          Proxmox 4.0? Or when stable is too far away, then in 3.4. :)</p>
        <p style="margin: 0px 0px 1.2em ! important;">All the best<br>
          Sten Aus</p>
        <div
title="MDH:SGk8YnI+PGJyPkkgd291bGQgbGlrZSB0byBwcm9wc2UgYSBmZWF0dXJlOiBMREFQIG5vbi1hbm9ueW1vdXMgYmluZC48YnI+QXMgaXQgaGFzIGJlZW4gZGlzY3Vzc2VkIGFscmVhZHkgaW4gZm9ydW1zIEkgd2lsbCBsaW5rIGl0IGhlcmUgYXMgd2VsbDo8YnI+aHR0cDovL2ZvcnVtLnByb3htb3guY29t
L3RocmVhZHMvMTQ2NDktTERBUC1hdXRoZW50aWNhdGlvbi13aXRoLW5vbi1hbm9ueW1vdXMtYmlu
ZDxicj48YnI+QXMgYSBwcm9wb3NlZCBwYXRjaCBpcyB3b3JraW5nIEkgd291bGQgc3VnZ2VzdCBp
dCB0byBhZGQgdG8gUHJveG1veC48YnI+QSAoYWxtb3N0KSBjb3B5LXBhc3RlIGZyb20gdGhpcyBw
YXRjaCBpcyBoZXJlLiBUaGVyZSBpcyBtaXNzaW5nIG9uZSBjb21tYSAoLCkgYXQgdGhlIGVuZCBv
ZiBiaW5kX3B3IHt9IHNlY3Rpb248YnI+YGBgPGJyPmRpZmYgLS1naXQgYS9QVkUvQXV0aC9MREFQ
LnBtIGIvUFZFL0F1dGgvTERBUC5wbTxicj5pbmRleCBkYzFjMjI5Li41MGRmNDY3IDEwMDc1NTxi
cj4tLS0gYS9QVkUvQXV0aC9MREFQLnBtPGJyPisrKyBiL1BWRS9BdXRoL0xEQVAucG08YnI+QEAg
LTE4LDYgKzE4LDE5IEBAIHN1YiBwcm9wZXJ0aWVzIHs8YnI+wqDCoMKgwqAgwqDCoMKgIG9wdGlv
bmFsID0mZ3Q7IDEsPGJyPsKgwqDCoMKgIMKgwqDCoCBtYXhMZW5ndGggPSZndDsgMjU2LDxicj7C
oMKgwqDCoCB9LDxicj4rwqDCoMKgIGJpbmRfZG4gPSZndDsgezxicj4rwqDCoMKgIMKgwqDCoCBk
ZXNjcmlwdGlvbiA9Jmd0OyAiTERBUCBiaW5kIEROIiw8YnI+K8KgwqDCoCDCoMKgwqAgdHlwZSA9
Jmd0OyAnc3RyaW5nJyw8YnI+K8KgwqDCoCDCoMKgwqAgcGF0dGVybiA9Jmd0OyAnXHcrPVteLF0r
KCxccypcdys9W14sXSspKicsPGJyPivCoMKgwqAgwqDCoMKgIG9wdGlvbmFsID0mZ3Q7IDEsPGJy
PivCoMKgwqAgwqDCoMKgIG1heExlbmd0aCA9Jmd0OyAyNTYsPGJyPivCoMKgwqAgfSw8YnI+K8Kg
wqDCoCBiaW5kX3B3ID0mZ3Q7IHs8YnI+K8KgwqDCoCDCoMKgwqAgZGVzY3JpcHRpb24gPSZndDsg
IkxEQVAgYmluZCBwYXNzd29yZCIsPGJyPivCoMKgwqAgwqDCoMKgIHR5cGUgPSZndDsgJ3N0cmlu
ZycsPGJyPivCoMKgwqAgwqDCoMKgIG9wdGlvbmFsID0mZ3Q7IDEsPGJyPivCoMKgwqAgwqDCoMKg
IG1heExlbmd0aCA9Jmd0OyAyNTYsPGJyPivCoMKgwqAgfSw8YnI+wqDCoMKgwqAgdXNlcl9hdHRy
ID0mZ3Q7IHs8YnI+wqDCoMKgwqAgwqDCoMKgIGRlc2NyaXB0aW9uID0mZ3Q7ICJMREFQIHVzZXIg
YXR0cmlidXRlIG5hbWUiLDxicj7CoMKgwqDCoCDCoMKgwqAgdHlwZSA9Jmd0OyAnc3RyaW5nJyw8
YnI+QEAgLTMzLDYgKzQ2LDggQEAgc3ViIG9wdGlvbnMgezxicj7CoMKgwqDCoCBzZXJ2ZXIxID0m
Z3Q7IHt9LDxicj7CoMKgwqDCoCBzZXJ2ZXIyID0mZ3Q7IHsgb3B0aW9uYWwgPSZndDsgMSB9LDxi
cj7CoMKgwqDCoCBiYXNlX2RuID0mZ3Q7IHt9LDxicj4rwqDCoMKgIGJpbmRfZG4gPSZndDsgeyBv
cHRpb25hbCA9Jmd0OyAxIH0sPGJyPivCoMKgwqAgYmluZF9wdyA9Jmd0OyB7IG9wdGlvbmFsID0m
Z3Q7IDEgfSw8YnI+wqDCoMKgwqAgdXNlcl9hdHRyID0mZ3Q7IHt9LDxicj7CoMKgwqDCoCBwb3J0
ID0mZ3Q7IHsgb3B0aW9uYWwgPSZndDsgMSB9LDxicj7CoMKgwqDCoCBzZWN1cmUgPSZndDsgeyBv
cHRpb25hbCA9Jmd0OyAxIH0sPGJyPkBAIC01MCw2ICs2NSwxMiBAQCBteSAkYXV0aGVudGljYXRl
X3VzZXJfbGRhcCA9IHN1YiB7PGJyPsKgwqDCoMKgIG15ICRjb25uX3N0cmluZyA9ICIkc2NoZW1l
Oi8vJHtzZXJ2ZXJ9OiRwb3J0Ijs8YnI+wqA8YnI+wqDCoMKgwqAgbXkgJGxkYXAgPSBOZXQ6OkxE
QVAtJmd0O25ldygkY29ubl9zdHJpbmcsIHZlcmlmeSA9Jmd0OyAnbm9uZScpIHx8IGRpZSAiJEBc
biI7PGJyPivCoMKgwqAgaWYgKCRjb25maWctJmd0O3tiaW5kX2RufSApIHs8YnI+K8KgwqDCoMKg
wqAgbXkgJHJlcyA9ICRsZGFwLSZndDtiaW5kKCAkY29uZmlnLSZndDt7YmluZF9kbn0sIHBhc3N3
b3JkID0mZ3Q7ICRjb25maWctJmd0O3tiaW5kX3B3fSApOzxicj4rwqDCoMKgwqDCoCBteSAkY29k
ZSA9ICRyZXMtJmd0O2NvZGUoKTs8YnI+K8KgwqDCoMKgwqAgbXkgJGVyciA9ICRyZXMtJmd0O2Vy
cm9yOzxicj4rwqDCoMKgwqDCoCBkaWUgIkVycm9yIGR1cmluZyBpbml0aWFsIGJpbmQ6ICRlcnJc
biIgaWYgKCRjb2RlKTs8YnI+K8KgwqDCoCB9PGJyPsKgwqDCoMKgIG15ICRzZWFyY2ggPSAkY29u
ZmlnLSZndDt7dXNlcl9hdHRyfSAuICI9IiAuICR1c2VybmFtZTs8YnI+wqDCoMKgwqAgbXkgJHJl
c3VsdCA9ICRsZGFwLSZndDtzZWFyY2goIGJhc2XCoMKgwqAgPSZndDsgIiRjb25maWctJmd0O3ti
YXNlX2RufSIsPGJyPsKgwqDCoMKgIMKgwqDCoCDCoMKgwqAgwqDCoMKgIHNjb3BlwqDCoCA9Jmd0
OyAic3ViIiw8YnI+YGBgPGJyPjxicj5Ob3csIGFsbCB5b3UndmUgZ290IHRvIGRvIGlzIGVkaXQg
YC9ldGMvcHZlL2RvbWFpbnMuY2ZnYCBmaWxlIGFuZCBhZGQgYGJpbmRfZG5gIGFuZCBgYmluZF9w
d2AgcGFyYW1ldGVycyB0aGVyZS48YnI+PGJyPkFsc28sIHdoZW4gSSBlZGl0IGZyb20gR1VJLCB0
aG9zZSB2YWx1ZXMgZ2V0IGxvc3QgZnJvbSB0aGlzIGZpbGUsIHNvIEkgd291bGQgc3VnZ2VzdCBp
dCB0aGF0IHlvdSBjb25maWd1cmUgTERBUCBmcm9tIEdVSSBhbmQgdGhlbiBhZGQgdGhvc2UgdHdv
IHJvd3MgdGhlcmUgZnJvbSBDTEkuPGJyPjxicj5BcyBzb21lIGRhZW1vbiBjYWNoZXMgTERBUC5w
bSBJIG5lZWRlZCB0byByZXN0YXJ0IG15IGhvc3QgdG8gZ2V0IExEQVAgYmluZCB3b3JraW5nLiBJ
IGhhdmUgdHJpZWQgdG8gcmVzdGFydCB0aHJlZSBzZXJ2aWNlczo8YnI+YGBgPGJyPjxtZXRhIGNo
YXJzZXQ9InV0Zi04Ij5zZXJ2aWNlIHB2ZS1jbHVzdGVyIHJlc3RhcnQgJmFtcDsmYW1wOyBzZXJ2
aWNlIHB2ZS1tYW5hZ2VyIHJlc3RhcnQgJmFtcDsmYW1wOyBzZXJ2aWNlIHB2ZXByb3h5IHJlc3Rh
cnQ8YnI+YGBgPGJyPkNhbiBhbnlvbmUgdGVsbCBtZSB3aGF0IHNlcnZpY2UgY2FjaGVzIGl0PyBD
YW4gSSByZXN0YXJ0IGl0IHdpdGhvdXQgYWZmZWN0aW5nIG15IEtWTXM/PGJyPjxicj5NYXliZSBh
IGZlYXR1cmUgaW4gUHJveG1veCA0LjA/IE9yIHdoZW4gc3RhYmxlIGlzIHRvbyBmYXIgYXdheSwg
dGhlbiBpbiAzLjQuIDopPGJyPjxicj5BbGwgdGhlIGJlc3Q8YnI+U3RlbiBBdXM8YnI+"
style="height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0;">​</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
pve-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a>
<a class="moz-txt-link-freetext" href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>