[pve-devel] LDAP integration with G Suite?
Victor Hooi
victorhooi at yahoo.com
Fri May 24 08:33:46 CEST 2019
Hi,
Of course, here is a slightly sanitised user.cfg - I have sent you the full
file in a separate email:
```
root at syd1:~# cat /etc/pve/user.cfg
user:root at pam:1:0:::victorhooi at example.com:::
user:victorhooi at anguslab.io:1:0::::::
<some users removed>
<some groups removed>
pool:windows_7::100::
<some acls removed>
```
Here is my full domains.cfg:
```
root at syd1:~# cat /etc/pve/domains.cfg
pam: pam
comment Linux PAM standard authentication
pve: pve
comment Proxmox VE authentication server
ldap: anguslab.io
base_dn dc=anguslab,dc=io
server1 ldap.google.com
user_attr uid
cert /root/Google_2022_05_22_3494.crt
certkey /root/Google_2022_05_22_3494.key
port 636
secure 0
```
Here is the output of pveversion -v:
```
root at syd1:~# pveversion -v
proxmox-ve: 5.4-1 (running kernel: 4.15.18-14-pve)
pve-manager: 5.4-6 (running version: 5.4-6/aa7856c5)
pve-kernel-4.15: 5.4-2
pve-kernel-4.15.18-14-pve: 4.15.18-39
pve-kernel-4.15.18-12-pve: 4.15.18-36
pve-kernel-4.15.18-11-pve: 4.15.18-34
pve-kernel-4.15.18-9-pve: 4.15.18-30
ceph: 12.2.12-pve1
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-10
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-52
libpve-guest-common-perl: 2.0-20
libpve-http-server-perl: 2.0-13
libpve-storage-perl: 5.0-43
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.1.0-3
lxcfs: 3.0.3-pve1
novnc-pve: 1.0.0-3
proxmox-widget-toolkit: 1.0-28
pve-cluster: 5.0-37
pve-container: 2.0-39
pve-docs: 5.4-2
pve-edk2-firmware: 1.20190312-1
pve-firewall: 3.0-21
pve-firmware: 2.0-6
pve-ha-manager: 2.0-9
pve-i18n: 1.1-4
pve-libspice-server1: 0.14.1-2
pve-qemu-kvm: 3.0.1-2
pve-xtermjs: 3.12.0-1
qemu-server: 5.0-51
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.13-pve1~bpo2
```
I also created a test G Suite account for you, and a test G Suite LDAP
service with separate certificates - I included that in the separate email
as well. You can use ldapsearch against the endpoint, or you could link
your own Proxmox instance against it.
It is very strange that this doesn't work, and that the audit records on
the server side don't show any attempts.
Thanks,
Victor
On Fri, May 24, 2019 at 4:11 PM Dominik Csapak <d.csapak at proxmox.com> wrote:
> On 5/23/19 5:46 PM, Victor Hooi wrote:
> > G Suite also has audit records for the Secure LDAP service:
> >
> > https://i.imgur.com/rvV9BXL.png
> >
> > In this case - I can see entries for each time I used ldapsearch.
> >
> > However, I do *not* see any entries for each time I try to login on
> > Proxmox. So it seems like it's not even hitting the server, yet Proxmox
> is
> > saying "no entries returned"?
> >
>
> mhmm.. a 'normal' ldap server works here without problems,
>
> can you post your /etc/pve/user.cfg and /etc/pve/domain.cfg
> (you can also send it to me directly if you do not want to send
> them on the list)
>
> so that i can check if i see anything in the configuration that might be
> wrong (also what is your 'pveversion -v' ?)
>
> i have no access to a gsuite account, so i cannot test this directly
>
> regards dominik
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list