From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH docs] pveum: add paragraph about syncing user attributes
Date: Mon, 2 May 2022 15:56:52 +0200 [thread overview]
Message-ID: <20220502135652.3479692-1-d.csapak@proxmox.com> (raw)
and improve wording for the remove vanished 'Properties' option.
Currently, we use both the word 'attributes' as well as 'properties'
for user fields (such as firstname, etc). I rewrote that a bit by calling
them 'attributes' for the LDAP side and 'properties' for the PVE side.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
pveum.adoc | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/pveum.adoc b/pveum.adoc
index 99e1a45..38fd941 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -295,6 +295,11 @@ pveum realm sync <realm>
Users and groups are synced to the cluster-wide configuration file,
`/etc/pve/user.cfg`.
+If the sync response includes user attributes, they will be synced into the
+matching user property in the `user.cfg` (for example: 'firstname', 'lastname',
+etc.). If the names of the attributes are not matching the PVE properties, you
+can set a custom field-to-field map in the config with the 'sync_attributes'
+option.
Sync Configuration
^^^^^^^^^^^^^^^^^^
@@ -334,7 +339,6 @@ NOTE: Filters allow you to create a set of additional match criteria, to narrow
down the scope of a sync. Information on available LDAP filter types and their
usage can be found at https://ldap.com/ldap-filters/[ldap.com].
-
[[pveum_ldap_sync_options]]
Sync Options
^^^^^^^^^^^^
@@ -366,10 +370,10 @@ The main options for syncing are:
- `Entry` (`entry`): Removes entries (i.e. users and groups) when they are
not returned in the sync response.
- - `Properties` (`properties`): Removes properties of entries which were
- not returned in the sync response. This includes custom properties
- which were never set by the sync. Exceptions are tokens and the enable
- flag. Those will be retained even with this option.
+ - `Properties` (`properties`): Removes properties of entries where the user
+ in the sync response did not contain those attributes. This includes
+ all properties, even those never set by a sync. Exceptions are tokens
+ and the enable flag, these will be retained even with this option enabled.
* `Preview` (`dry-run`): No data is written to the config. This is useful if you
want to see which users and groups would get synced to the `user.cfg`.
--
2.30.2
next reply other threads:[~2022-05-02 13:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-02 13:56 Dominik Csapak [this message]
2022-05-04 6:42 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220502135652.3479692-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.