[pbs-devel] [PATCH widget-toolkit 4/4] window: ldap auth edit forbid specifying a bind_dn without a password
Stefan Sterz
s.sterz at proxmox.com
Tue Jun 27 09:23:07 CEST 2023
On 26.06.23 20:30, Thomas Lamprecht wrote:
> Am 26/06/2023 um 11:39 schrieb Stefan Sterz:
>> this commit enforces passwords when using an non-anonymous bind.
>> hence, it removes the possibility of configuring unauthenticated binds
>> and brings the gui in-line with the backend.
>>
>
> nit: please don't base the commit subject tags strictly on file hierarchy, for
> copying this over to the changelog the following would be IMO a bit nicer:
>
>> ldap realm edit: forbid specifying a bind_dn without a password
>
sorry, i'll try to keep that in mind.
> More importantly, albeit just to be sure: this doesn't clashes with PVE or PMG as
> it's either not used there, and/or would be already compatible anyway (like you
> mentioned PVE in the cover letter)?
so in pve you can configure this. however, it will fail as soon as the
configuration is actually used [1] (e.g., for a sync). i'm already
working on a patch that also make the gui enforce setting a password in
such cases.
pmg from what i can tell allows unauthenticated binds just like pbs did
previously.
[1]:
https://git.proxmox.com/?p=pve-access-control.git;a=blob;f=src/PVE/Auth/LDAP.pm;h=fc82a17a#l219
More information about the pbs-devel
mailing list