-
-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage authentication realms in Proxmox #23
Comments
I'd like to make a try with LDAP in the next months. |
Hint for myself: pvesh get /access/domains |
removing the task from main seems to be enough to fix it |
The tasks were duplicated on accident when I merged both #95 and #220 in order to keep @jfpanisset's commit as-is in history, but the second PR also had the same commit with a different hash. This could've been avoided if #220 was stacked on top of #95 (base branch), maybe, though maybe that doesn't work on PRs from forks. This should be fixed in WIP branch |
Referenced PRs do introduce support for auth realms but not implemented in the manner described in this ticket, so I'm leaving this open for now as a request to implement a |
Oh. I forgot this ticket completely. Will have a look on it. What do you think, should be solved with the module? All realm specific getter/setter? |
When I look into the API documentation there is a lot of possible attributes and so a lot of possible wrong usage. I would prefer to have a module per authentication method. So the module could be a little bit cleaner. Something like LDAP Realms proxmox_realm_ldap:
realm:
base_dn:
user_attr:
server:
fallback_server:
port: and integrate also the sync options for LDAP (bind dn, filter, etc) or build a separate sync module too. AD Realms proxmox_realm_active_directory:
realm:
domain:
server:
fallback_server:
port: OpenID Realms proxmox_realm_openid:
realm:
issuer:
client-id:
client-secret:
autocreate:
username-claim: Then a task must filter out per type with And I would try use the |
I'm not really sure about creating separate modules considering a lot of code would probably get duplicated (or at least referenced if using a shared library)? We already do something similar for storage types in the Also can you elaborate on the chicken and egg problem? I would assume |
By default
pam
andpve
are realms created within Proxmox for authenticating users into Proxmox. This supports most use cases. However, Proxmox supports LDAP/AD realms, which some users may want:https://pve.proxmox.com/wiki/User_Management#pveum_authentication_realms
This role should introduce a
proxmox_realm
(or something else) module to help manage and create these realms.For new contributors:
There are existing modules in
library/
that can be used for reference for this issue. The PVE API documentation is also available at https://pve.proxmox.com/pve-docs/api-viewer/.The text was updated successfully, but these errors were encountered: