[pve-devel] [PATCH common/access-control v2 0/2] implement ldap/ad sync
Dominik Csapak
d.csapak at proxmox.com
Fri Mar 13 13:18:41 CET 2020
this series implements basic ldap/ad user/group sync via api/cli
a new api call for realms called 'sync' is implemented which
calls the plugins 'get_{user,group}' sub which in turn uses
the realms config to get the relevant users/groups
and this is then written into the user config
things not yet implemented, but can be done later on
* auto-sync
we probably want to be able to 'auto-sync' the users/groups,
so probably some kind of systemd timer which calls pveum?
we have to somehow make this configureable and of course
only call it from one node (however this can be done)
* preview mode
we could implement a 'preview' api call (or option) so that
it only return what would be done, so that we can show the
user a preview. this should not be that hard to implement
* gui
a 'sync' gui where the user can put in the sync relevant config
options and a button which actually syncs the users should
not be that hard
changes from v1 (for details see the patches themselves):
* incorporated feedback from fabian and thomas, thanks :)
* added new options for the sync api call
* added a patch for not deleting acls/group membership
pve-common:
Dominik Csapak (2):
ldap: optionally save group name by attribute
ldap: add optional classes to query_users
src/PVE/LDAP.pm | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
pve-access-control:
Dominik Csapak (5):
Auth/LDAP: add necessary options for syncing
Auth/LDAP: add get_{users,groups} subs for syncing
Auth/AD: make PVE::Auth::AD a subclass of PVE::Auth::LDAP
Domains: add sync API call
do not modify ACLs/Groups for missing users
PVE/API2/Domains.pm | 183 ++++++++++++++++++++++++++++++++++++++++
PVE/AccessControl.pm | 12 ++-
PVE/Auth/AD.pm | 22 ++++-
PVE/Auth/LDAP.pm | 191 ++++++++++++++++++++++++++++++++++++++++++
PVE/CLI/pveum.pm | 1 +
test/parser_writer.pl | 16 ++--
6 files changed, 410 insertions(+), 15 deletions(-)
--
2.20.1
More information about the pve-devel
mailing list