From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8F362B9D5F for ; Tue, 12 Dec 2023 13:20:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 773F9348A7 for ; Tue, 12 Dec 2023 13:20:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 12 Dec 2023 13:20:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B540F469D9 for ; Tue, 12 Dec 2023 13:20:39 +0100 (CET) Date: Tue, 12 Dec 2023 13:20:38 +0100 From: Christoph Heiss To: Fabian =?utf-8?Q?Gr=C3=BCnbichler?= Cc: Proxmox Backup Server development discussion Message-ID: References: <20230816144746.1265108-1-c.heiss@proxmox.com> <20230816144746.1265108-12-c.heiss@proxmox.com> <1701159380.0raa2uo33x.astroid@yuna.none> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1701159380.0raa2uo33x.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.003 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox-backup v2 11/15] docs: user-management: add section about AD realm support X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2023 12:20:40 -0000 Thanks for the review! On Tue, Nov 28, 2023 at 09:33:02AM +0100, Fabian Grünbichler wrote: > > nit: the domains.cfg docs currently have: > > > You can use the proxmox-backup-manager openid and proxmox-backup-manager ldap commands to manipulate this file. > > in them, that might warrant adding the 'ad' command as well. Ack. > [..] > > -in the LDAP realm configuration dialog window in the GUI and via the > > -``proxmox-backup-manager ldap create/update`` command. > > +Active Directory > > +~~~~~~~~~~~~~~~~ > > + > > +Proxmox Backup Server can also utilize external Microsoft Active Directory > > +servers for user authentication. > > +To achieve this, a realm of the type ``ad`` has to be configured. > > + > > +For an Active Directory realm, the authentication domain name and the server > > +address must be specified. Most options from :ref:`_user_realms_ldap` apply to > > this ref doesn't work for me because it should be :ref:`user_realms_ldap` (without the leading '_') > > `make html` prints > > /home/fgruenbichler/Sources/proxmox-backup/docs/user-management.rst:658: WARNING: undefined label: '_user_realms_ldap' Interesting .. I'll fix it, good catch. > > - maybe we could add a check for that to make such things a build error? Makes sense, TBH. I see what I can do, if I'm already at it. > [..] > > + > > +User Synchronization in LDAP/AD realms > > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > + > > +It is possible to automatically sync users for LDAP and AD-based realms, rather > > +than having to add them to Proxmox VE manually. Synchronization options can be > > that ends up being propagated here ;) Ack. > > > +set in the LDAP realm configuration dialog window in the GUI and via the > > +``proxmox-backup-manager ldap/ad create/update`` command. > > not sure I like that style, IMHO a command should be in a format that > allows copying if possible. in this case, we could just refer to > > with the ``proxmox-backup-manager ldap`` and ``proxmox-backup-manager > ad`` commands > > if I copy and paste that, I get the usage list with the relevant sub > commands and parameters. > > [..] > > -be started via the ``proxmox-backup-manager ldap sync`` command. > > +be started via the ``proxmox-backup-manager ldap/ad sync`` command. > > same here, IMHO splitting the two commands makes it more user friendly. I will "de-duplicate" and reword the above paragraphs as appropriately, thanks!