From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH docs 2/2] pveum: Document reserved characters and quoting of LDAP DNs
Date: Tue, 31 Jan 2023 13:50:43 +0100 [thread overview]
Message-ID: <20230131125043.380402-3-c.heiss@proxmox.com> (raw)
In-Reply-To: <20230131125043.380402-1-c.heiss@proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
pveum.adoc | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/pveum.adoc b/pveum.adoc
index 65d874a..1562b6c 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -390,6 +390,39 @@ The main options for syncing are:
* `Preview` (`dry-run`): No data is written to the config. This is useful if you
want to see which users and groups would get synced to the `user.cfg`.
+[[pveum_ldap_reserved_characters]]
+Reserved characters
+^^^^^^^^^^^^^^^^^^^
+
+Certain characters are reserved and cannot be easily used in attribute values
+in DNs without being escaped properly.
+
+Following characters need escaping:
+
+* Space (` `)
+
+* Comma (`,`)
+
+* Plus sign (`+`)
+
+* Double quote (`"`)
+
+* Forward slashes (`/`)
+
+* Angle brackets (`<>`)
+
+* Semicolon (`;`)
+
+* Equals sign (`=`)
+
+To use such characters in DNs, surround the attribute value in double quotes.
+For example, to bind with a user with the CN (Common Name) `Example, User`, use
+`CN="Example, User",OU=people,DC=example,DC=com` as value for `bind_dn`.
+
+This applies to the `base_dn`, `bind_dn`, and `group_dn` attributes.
+
+NOTE: Users with colons and forward slashes cannot be synced since these are
+reserved characters in usernames.
[[pveum_openid]]
OpenID Connect
--
2.34.1
next prev parent reply other threads:[~2023-01-31 12:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-31 12:50 [pve-devel] [PATCH access-control/docs 0/2] fix #3748: Allow reserved characters in attribute values " Christoph Heiss
2023-01-31 12:50 ` [pve-devel] [PATCH access-control 1/2] ldap: Allow quoted values for DN attribute values Christoph Heiss
2023-03-15 9:54 ` Dominik Csapak
2023-03-15 11:17 ` Christoph Heiss
2023-03-15 11:41 ` Dominik Csapak
2023-03-15 12:07 ` Christoph Heiss
2023-03-15 12:12 ` Thomas Lamprecht
2023-03-20 15:09 ` [pve-devel] applied: " Thomas Lamprecht
2023-01-31 12:50 ` Christoph Heiss [this message]
2023-03-20 16:01 ` [pve-devel] applied: [PATCH docs 2/2] pveum: Document reserved characters and quoting of LDAP DNs Thomas Lamprecht
2023-03-14 9:48 ` [pve-devel] [PATCH access-control/docs 0/2] fix #3748: Allow reserved characters in attribute values " Christoph Heiss
2023-03-20 14:22 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230131125043.380402-3-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.