[pve-devel] applied: [PATCH access-control v2 4/5] Domains: add sync API call
Thomas Lamprecht
t.lamprecht at proxmox.com
Sat Mar 21 16:26:30 CET 2020
On 3/13/20 1:18 PM, Dominik Csapak wrote:
> this api call syncs the users and groups from LDAP/AD to the
> user.cfg
>
> it also implements a 'full' mode where we first delete all
> users/groups from the config and sync them again
>
> the parameter 'enable' controls if newly synced users are 'enabled'
> (if no sync parameter handles that)
> the parameter 'purge' controls if ACLs get removed for users/groups
> that do not exists anymore after
>
> also add this command to pveum
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes from v1:
> * make parameters non-optional, since there are really no good defaults
> those are highly dependant on the use-case/environment
> * better error message
> * do work in a worker, to get a task
> * add logging to it
> * add flags for 'enable' and 'purge'
> PVE/API2/Domains.pm | 183 ++++++++++++++++++++++++++++++++++++++++++++
>
> PVE/CLI/pveum.pm | 1 +
> 2 files changed, 184 insertions(+)
>
applied, thanks! But I did some followups on this one, will send them out as
"applied" later. Besides some minor opinionated refactoring I added the
possibility to specify sync default options per realm in the domains.cfg
More information about the pve-devel
mailing list