[pve-devel] [PATCH access-control/manager v2] fix #3668: improving realm sync

Dominik Csapak d.csapak at proxmox.com
Fri Feb 4 15:24:58 CET 2022


this deprecates the 'full' sync option and replaces it with
a 'mode' option, where we add a third one that updates
the current users (while retaining their custom set attributes not
exisiting in the source) and removing users that don't exist anymore
in the source

sorry for the long time between versions, i was distracted by
various different things...

one "weird" thing that happens is when having a cluster and not all
nodes are on the newest version if someone adds this option to the realm
config. then everytime when the config is parsed on the older nodes,
a warning is printed into the journal

though this is the same for all new options in the domains.cfg, so i
don't really see a way around this (besides allowing
additionalProperties, but this would also first work on the next
update)

changes from v1:
* replace the 'remove-vanished' by a new 'mode' selection and adding
  an appropriate mode

pve-access-control:

Dominik Csapak (2):
  realm-sync: replace 'full' option with 'mode'
  fix #3668: realm-sync: add mode 'sync'

 src/PVE/API2/Domains.pm | 59 ++++++++++++++++++++++++++++++++++-------
 src/PVE/Auth/Plugin.pm  | 20 +++++++++++---
 2 files changed, 66 insertions(+), 13 deletions(-)

pve-manager:

Dominik Csapak (1):
  ui: realm sync: replace 'full' with 'mode'

 www/manager6/dc/AuthEditLDAP.js | 11 ++++++-----
 www/manager6/dc/SyncWindow.js   |  9 +++++----
 2 files changed, 11 insertions(+), 9 deletions(-)

-- 
2.30.2






More information about the pve-devel mailing list