[pve-devel] Strategy for Active Directory and OpenID Connect groups and usernames with spaces and other special characters

[Dietmar Maurer]

> 1. Do we want to allow spaces in groups and/or usernames, or should we 
> prefer replacement characters (e.g. mapping space(s) to _ or some other 
> character)?

My feeling is that we need to allow all characters -  else this will be an endless issue ...

> 2. In case we want to allow spaces in groups and/or usernames, we also 
> have to ask ourselves whether we want to allow other special characters 
> as well.

see above

> 3. If we also want to allow using special characters, we have to think 
> about the encoding we use for user.cfg. Currently, we're not doing any 
> conversions, meaning that Perl could write the strings to user.cfg as 
> they are (e.g. as UTF-8), but would read them without any conversions, 
> treating the text as Latin-1.
> 
> I have already started a discussion on UTF-8 in our config files, so for 
> more details on how Perl handles encodings, look here: 
> https://lore.proxmox.com/pve-devel/082d3fe0-9c6c-494d-9ec3-f64645cd7a53@proxmox.com/T/#t

I would use url encoding for that.

> 4. We also have to think about how we want to handle upgrades after such 
> a change, especially regarding clusters. I'm specifically talking about 
> the short period of time when upgrading a cluster to a new version, 
> where not all nodes are on the same version at the same time (e.g. for a 
> few minutes). A possibility would be to already implement the changes as 
> part of PVE 8.4, meaning that the code could handle it but we would 
> disable it by default, while making it available beginning with PVE 9.0.

yes, something like that.