[pve-devel] Strategy for Active Directory and OpenID Connect groups and usernames with spaces and other special characters
Dietmar Maurer
dietmar at proxmox.com
Thu Mar 6 08:51:32 CET 2025
> 1. Do we want to allow spaces in groups and/or usernames, or should we
> prefer replacement characters (e.g. mapping space(s) to _ or some other
> character)?
My feeling is that we need to allow all characters - else this will be an endless issue ...
> 2. In case we want to allow spaces in groups and/or usernames, we also
> have to ask ourselves whether we want to allow other special characters
> as well.
see above
> 3. If we also want to allow using special characters, we have to think
> about the encoding we use for user.cfg. Currently, we're not doing any
> conversions, meaning that Perl could write the strings to user.cfg as
> they are (e.g. as UTF-8), but would read them without any conversions,
> treating the text as Latin-1.
>
> I have already started a discussion on UTF-8 in our config files, so for
> more details on how Perl handles encodings, look here:
> https://lore.proxmox.com/pve-devel/082d3fe0-9c6c-494d-9ec3-f64645cd7a53@proxmox.com/T/#t
I would use url encoding for that.
> 4. We also have to think about how we want to handle upgrades after such
> a change, especially regarding clusters. I'm specifically talking about
> the short period of time when upgrading a cluster to a new version,
> where not all nodes are on the same version at the same time (e.g. for a
> few minutes). A possibility would be to already implement the changes as
> part of PVE 8.4, meaning that the code could handle it but we would
> disable it by default, while making it available beginning with PVE 9.0.
yes, something like that.
More information about the pve-devel
mailing list