[pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs
@ 2022-02-14 13:16 Dylan Whyte
  2022-02-15 11:29 ` Stoiko Ivanov
  0 siblings, 1 reply; 2+ messages in thread
From: Dylan Whyte @ 2022-02-14 13:16 UTC (permalink / raw)
  To: pmg-devel

- Be clearer about the fact that LDAP is only for spam quarantine
  access.
- Specify spam quarantine url and that users must log in with their
  email.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 pmg-administration.adoc |  4 +++-
 pmgconfig.adoc          | 27 ++++++++++++++++++++-------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/pmg-administration.adoc b/pmg-administration.adoc
index 2eae2ba..fe1eae1 100644
--- a/pmg-administration.adoc
+++ b/pmg-administration.adoc
@@ -72,6 +72,7 @@ output.
 Quarantine
 ----------
 
+[[pmgadministration_spam_quarantine]]
 Spam
 ~~~~
 
@@ -85,7 +86,8 @@ code (attacking your operating system or email client) is removed by
 {pmg}.
 
 Users can get access to their personalized quarantine via the daily
-spam report or by logging in with their LDAP credentials.
+spam report or by navigating to `https://<pmg-host>:8006/quarantine` and logging
+in with their LDAP credentials (email address and password).
 
 You can additionally enable user self-service for sending an access link from
 the Quarantine Login page.
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index b19cbb5..fea26db 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -902,20 +902,33 @@ LDAP/Active Directory
 
 [thumbnail="pmg-gui-ldap-user-config.png", big=1]
 
+With {pmg}, users can use LDAP and Active directory as authentication methods to
+access their individual xref:pmgadministration_spam_quarantine[Spam Quarantine].
+Additionally, if users have extra email aliases defined in the LDAP directory,
+they will have a single spam quarantine for all of these.
+
+NOTE: Authentication via LDAP must first be enabled using the `Authentication
+mode` (`authmode`) parameter in the
+xref:pmgconfig_spamdetector_quarantine[Spam Detector's Quarantine configuration settings].
+
 You can specify multiple LDAP/Active Directory profiles, so that you can
-create rules matching those users and groups.
+create rules matching particular users and groups.
 
 Creating a profile requires (at least) the following:
 
-* profile name
-* protocol (LDAP or LDAPS; LDAPS is recommended)
-* at least one server
-* a username and password (if your server does not support anonymous binds)
+* `Profile Name`:  The name assigned to the LDAP profile.
+* `Protocol`:  LDAP, LDAPS, or LDAP+STARTTLS (LDAP+STARTTLS is recommended).
+* `Server`: The domain name/IP address of the LDAP server. A fallback can also
+    be configured using the second field.
+* `User name`: The Bind DN for authentication on the LDAP server.
+    This is required if your server does not support anonymous binds.
+* `Password`: Password for the Bind DN user.
+* `Base DN`: The directory which users are searched under.
 
 All other fields should work with the defaults for most setups, but can be
 used to customize the queries.
 
-The settings are saved to `/etc/pmg/ldap.conf`. Details for the options
+The settings are saved to `/etc/pmg/ldap.conf`. Details about the options
 can be found here: xref:pmg_ldap_configuration_file[ldap.conf]
 
 Bind user
@@ -926,7 +939,7 @@ LDAP server only has permission to query the server. For LDAP servers
 (for example OpenLDAP or FreeIPA), the username has to be of a format like
 'uid=username,cn=users,cn=accounts,dc=domain', where the specific fields
 depend on your setup. For Active Directory servers, the format should be
-like 'username@domain' or 'domain\username'.
+'username@domain' or 'domain\username'.
 
 Sync
 ^^^^
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs
  2022-02-14 13:16 [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs Dylan Whyte
@ 2022-02-15 11:29 ` Stoiko Ivanov
  0 siblings, 0 replies; 2+ messages in thread
From: Stoiko Ivanov @ 2022-02-15 11:29 UTC (permalink / raw)
  To: Dylan Whyte; +Cc: pmg-devel

Huge thanks for addressing this.

one comment inline:

On Mon, 14 Feb 2022 14:16:26 +0100
Dylan Whyte <d.whyte@proxmox.com> wrote:
> ..snip..
> @@ -85,7 +86,8 @@ code (attacking your operating system or email client) is removed by
>  {pmg}.
>  
>  Users can get access to their personalized quarantine via the daily
> -spam report or by logging in with their LDAP credentials.
> +spam report or by navigating to `https://<pmg-host>:8006/quarantine` and logging
since the quarantine url is configurable (Configuration->Spam
Detector->Quarantine->quarantine_host and port) - I think it would be best
to mention this - maybe:
```
.. by navigating to the url configured for the quarantine (defaulting to
https://<pmg-host>:8006/quarantine)
```

> ..snip..




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-02-15 11:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-14 13:16 [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs Dylan Whyte
2022-02-15 11:29 ` Stoiko Ivanov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal