[pve-devel] [PATCH common/access-control v2 0/2] implement ldap/ad sync

Dominik Csapak d.csapak at proxmox.com
Fri Mar 13 13:18:41 CET 2020 

this series implements basic ldap/ad user/group sync via api/cli
a new api call for realms called 'sync' is implemented which
calls the plugins 'get_{user,group}' sub which in turn uses
the realms config to get the relevant users/groups
and this is then written into the user config

things not yet implemented, but can be done later on
* auto-sync
   we probably want to be able to 'auto-sync' the users/groups,
   so probably some kind of systemd timer which calls pveum?
   we have to somehow make this configureable and of course
   only call it from one node (however this can be done)
* preview mode
   we could implement a 'preview' api call (or option) so that
   it only return what would be done, so that we can show the
   user a preview. this should not be that hard to implement
* gui
   a 'sync' gui where the user can put in the sync relevant config
   options and a button which actually syncs the users should
   not be that hard

changes from v1 (for details see the patches themselves):
* incorporated feedback from fabian and thomas, thanks :)
* added new options for the sync api call
* added a patch for not deleting acls/group membership

pve-common:

Dominik Csapak (2):
  ldap: optionally save group name by attribute
  ldap: add optional classes to query_users

 src/PVE/LDAP.pm | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

pve-access-control:

Dominik Csapak (5):
  Auth/LDAP: add necessary options for syncing
  Auth/LDAP: add get_{users,groups} subs for syncing
  Auth/AD: make PVE::Auth::AD a subclass of PVE::Auth::LDAP
  Domains: add sync API call
  do not modify ACLs/Groups for missing users

 PVE/API2/Domains.pm   | 183 ++++++++++++++++++++++++++++++++++++++++
 PVE/AccessControl.pm  |  12 ++-
 PVE/Auth/AD.pm        |  22 ++++-
 PVE/Auth/LDAP.pm      | 191 ++++++++++++++++++++++++++++++++++++++++++
 PVE/CLI/pveum.pm      |   1 +
 test/parser_writer.pl |  16 ++--
 6 files changed, 410 insertions(+), 15 deletions(-)

-- 
2.20.1

More information about the pve-devel mailing list