[pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp 00/11] Add LDAP and AD realm support to Proxmox Datacenter Manager

Mon Sep 22 15:57:30 CEST 2025

just wanted to respond here again before sending a v2 to keep the
discussion about suggested changes in one place:

On Fri Sep 19, 2025 at 1:11 PM CEST, Shannon Sterz wrote:
> On Fri Sep 19, 2025 at 12:02 PM CEST, Christoph Heiss wrote:
-->8 snip 8<--

>> - No default realm is set by default. E.g. with this series applied, by
>>   default all realms show an "X" in the default column. Should set PAM
>>   as default realm if none is set yet.
>
> yes the default realm logic is lacking in general. i am already working
> on the following things:
>
> - make the login component respect the default realm setting
> - allow editing other realms in order to allow setting them as default
>   realms
>
> so i'll add marking pam as default if no realm is set as default. for
> now, i'd leave the default realm parts of this series as-is or move them
> out of this series and tag that on to adding default realm support in
> general.

looking into this some more: this is also how pbs behaves. if no default
is set, no entry in the column is marked as default.

also note that pve seems to be lacking the default column in general.
however, since some of the realms are configured via components from the
widget toolkit, setting defaults for those is still possible (ad, ldap,
openid). pam and pve realms cannot be set as defaults.

for now, i'd leave the default support here as-is and will work on a
general follow up for default realm support for pdm (but possibly also
for pve, unless someone is already on that.)

-->8 snip 8<--

>> - If "Enable new users" is set to "No", this isn't reflected/respected
>>   in the sync panel. E.g. set it to "No", the sync panel will still show
>>   "Default (Yes)" for the "Enable new" field.
>>   Also, I'd also name it "Enable new users" in the sync panel for
>>   consistency.
>> - Continuing from the last one, the setting does not even seem to be
>>   respected? Setting it to "No" in both the realm settings and the sync
>>   panel _still_ creates new users.

as is expected. but the accounts are not "enabled". i think you mixed up
"Preview Only" (`dry-run` in the api) and "Enable new users"
(`enable-new` in the api). the first just shows what would be synced but
*does not* persist any changes. the later syncs as usual but the
"Enabled" setting for new accounts will be set to whatever the
`enable-new` option is set to (true by default, so accounts will be
created and enabled). this worked as intended in my testing.