[pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro

Christoph Heiss c.heiss at proxmox.com
Wed Mar 19 09:50:42 CET 2025


On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
> Add LDAP_UDP macro to the firewall to support LDAP implementations
> that use UDP as well, such as Windows AD [1]
>
> [1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
> [..]
> --- a/proxmox-ve-config/resources/macros.json
> +++ b/proxmox-ve-config/resources/macros.json
> @@ -377,6 +377,15 @@
>      ],
>      "desc": "Lightweight Directory Access Protocol traffic"
>    },
> +  "LDAP_UDP": {

What about naming it "AD" instead and including both the TCP and UDP
rule instead? I.e. making it completely separate from the "normal" LDAP
rule.

Naming it "LDAP_UDP" could be confusing to users, in that it might be
required for actual, compliant LDAP servers as well, not just AD.

> +    "code": [
> +      {
> +        "dport": "389",
> +        "proto": "udp"
> +      }
> +    ],
> +    "desc": "Lightweight Directory Access Protocol traffic via UDP"
> +  },
>    "LDAPS": {
>      "code": [
>        {





More information about the pve-devel mailing list