* [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
@ 2025-03-18 15:38 Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
0 siblings, 2 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-18 15:38 UTC (permalink / raw)
To: pve-devel
Add LDAP_UDP macro to the firewall to support LDAP implementations
that use UDP as well, such as Windows AD [1]
[1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-ve-config/resources/macros.json | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/proxmox-ve-config/resources/macros.json b/proxmox-ve-config/resources/macros.json
index 2fcc0fb..1c9a661 100644
--- a/proxmox-ve-config/resources/macros.json
+++ b/proxmox-ve-config/resources/macros.json
@@ -377,6 +377,15 @@
],
"desc": "Lightweight Directory Access Protocol traffic"
},
+ "LDAP_UDP": {
+ "code": [
+ {
+ "dport": "389",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Lightweight Directory Access Protocol traffic via UDP"
+ },
"LDAPS": {
"code": [
{
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH pve-firewall 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
@ 2025-03-18 15:38 ` Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
1 sibling, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-18 15:38 UTC (permalink / raw)
To: pve-devel
Add LDAP_UDP macro to the firewall to support LDAP implementations
that use UDP as well, such as Windows AD [1]
[1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Firewall.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 533f2a2..bb546c7 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -360,6 +360,10 @@ my $pve_fw_macros = {
"Lightweight Directory Access Protocol traffic",
{ action => 'PARAM', proto => 'tcp', dport => '389' },
],
+ 'LDAP_UDP' => [
+ "Lightweight Directory Access Protocol traffic via UDP",
+ { action => 'PARAM', proto => 'udp', dport => '389' },
+ ],
'LDAPS' => [
"Secure Lightweight Directory Access Protocol traffic",
{ action => 'PARAM', proto => 'tcp', dport => '636' },
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
@ 2025-03-19 8:50 ` Christoph Heiss
2025-03-19 8:56 ` Stefan Hanreich
1 sibling, 1 reply; 4+ messages in thread
From: Christoph Heiss @ 2025-03-19 8:50 UTC (permalink / raw)
To: Stefan Hanreich; +Cc: Proxmox VE development discussion
On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
> Add LDAP_UDP macro to the firewall to support LDAP implementations
> that use UDP as well, such as Windows AD [1]
>
> [1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
> [..]
> --- a/proxmox-ve-config/resources/macros.json
> +++ b/proxmox-ve-config/resources/macros.json
> @@ -377,6 +377,15 @@
> ],
> "desc": "Lightweight Directory Access Protocol traffic"
> },
> + "LDAP_UDP": {
What about naming it "AD" instead and including both the TCP and UDP
rule instead? I.e. making it completely separate from the "normal" LDAP
rule.
Naming it "LDAP_UDP" could be confusing to users, in that it might be
required for actual, compliant LDAP servers as well, not just AD.
> + "code": [
> + {
> + "dport": "389",
> + "proto": "udp"
> + }
> + ],
> + "desc": "Lightweight Directory Access Protocol traffic via UDP"
> + },
> "LDAPS": {
> "code": [
> {
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
@ 2025-03-19 8:56 ` Stefan Hanreich
0 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-19 8:56 UTC (permalink / raw)
To: Christoph Heiss; +Cc: Proxmox VE development discussion
On 3/19/25 09:50, Christoph Heiss wrote:
> On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
>> Add LDAP_UDP macro to the firewall to support LDAP implementations
>> that use UDP as well, such as Windows AD [1]
>>
>> [1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
>> [..]
>> --- a/proxmox-ve-config/resources/macros.json
>> +++ b/proxmox-ve-config/resources/macros.json
>> @@ -377,6 +377,15 @@
>> ],
>> "desc": "Lightweight Directory Access Protocol traffic"
>> },
>> + "LDAP_UDP": {
>
> What about naming it "AD" instead and including both the TCP and UDP
> rule instead? I.e. making it completely separate from the "normal" LDAP
> rule.
The idea was to not suddenly open up a port for users that are using
that macro currently (and it works fine for them).
> Naming it "LDAP_UDP" could be confusing to users, in that it might be
> required for actual, compliant LDAP servers as well, not just AD.
Agreed, that the name might not be optimal, I'm open to suggestions.
>> + "code": [
>> + {
>> + "dport": "389",
>> + "proto": "udp"
>> + }
>> + ],
>> + "desc": "Lightweight Directory Access Protocol traffic via UDP"
>> + },
>> "LDAPS": {
>> "code": [
>> {
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-03-19 8:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
2025-03-19 8:56 ` Stefan Hanreich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal