From: "Shannon Sterz" <s.sterz@proxmox.com>
To: <pdm-devel@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp 00/11] Add LDAP and AD realm support to Proxmox Datacenter Manager
Date: Mon, 22 Sep 2025 15:57:30 +0200 [thread overview]
Message-ID: <DCZCUHRD0DUJ.3KJLAQ8FGKB9O@proxmox.com> (raw)
In-Reply-To: <DCWQCFGTKJAO.3V4K453HVRPO4@proxmox.com>
just wanted to respond here again before sending a v2 to keep the
discussion about suggested changes in one place:
On Fri Sep 19, 2025 at 1:11 PM CEST, Shannon Sterz wrote:
> On Fri Sep 19, 2025 at 12:02 PM CEST, Christoph Heiss wrote:
-->8 snip 8<--
>> - No default realm is set by default. E.g. with this series applied, by
>> default all realms show an "X" in the default column. Should set PAM
>> as default realm if none is set yet.
>
> yes the default realm logic is lacking in general. i am already working
> on the following things:
>
> - make the login component respect the default realm setting
> - allow editing other realms in order to allow setting them as default
> realms
>
> so i'll add marking pam as default if no realm is set as default. for
> now, i'd leave the default realm parts of this series as-is or move them
> out of this series and tag that on to adding default realm support in
> general.
looking into this some more: this is also how pbs behaves. if no default
is set, no entry in the column is marked as default.
also note that pve seems to be lacking the default column in general.
however, since some of the realms are configured via components from the
widget toolkit, setting defaults for those is still possible (ad, ldap,
openid). pam and pve realms cannot be set as defaults.
for now, i'd leave the default support here as-is and will work on a
general follow up for default realm support for pdm (but possibly also
for pve, unless someone is already on that.)
-->8 snip 8<--
>> - If "Enable new users" is set to "No", this isn't reflected/respected
>> in the sync panel. E.g. set it to "No", the sync panel will still show
>> "Default (Yes)" for the "Enable new" field.
>> Also, I'd also name it "Enable new users" in the sync panel for
>> consistency.
>> - Continuing from the last one, the setting does not even seem to be
>> respected? Setting it to "No" in both the realm settings and the sync
>> panel _still_ creates new users.
as is expected. but the accounts are not "enabled". i think you mixed up
"Preview Only" (`dry-run` in the api) and "Enable new users"
(`enable-new` in the api). the first just shows what would be synced but
*does not* persist any changes. the later syncs as usual but the
"Enabled" setting for new accounts will be set to whatever the
`enable-new` option is set to (true by default, so accounts will be
created and enabled). this worked as intended in my testing.
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-09-22 13:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 14:48 Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH proxmox 1/1] ldap: add types and sync features Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH yew-comp 1/5] auth_view: add default column and allow setting ldap realms as default Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH yew-comp 2/5] utils: add pdm realm to `get_auth_domain_info` Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH yew-comp 3/5] auth_view/auth_edit_ldap: add support for active directory realms Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH yew-comp 4/5] auth_edit_ldap: add helpers to properly edit ad & ldap realms Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH yew-comp 5/5] auth_view: implement syncing ldap and ad realms Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH datacenter-manager 1/5] config: add domain config plugins for " Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH datacenter-manager 2/5] server: add ldap and active directory authenticators Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH datacenter-manager 3/5] server: api: add api endpoints for configuring ldap & ad realms Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH datacenter-manager 4/5] api/auth: add endpoint to start ldap sync jobs Shannon Sterz
2025-09-16 14:48 ` [pdm-devel] [PATCH datacenter-manager 5/5] ui: add a panel to allow handling realms Shannon Sterz
2025-09-19 10:02 ` [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp 00/11] Add LDAP and AD realm support to Proxmox Datacenter Manager Christoph Heiss
2025-09-22 13:55 ` Shannon Sterz
2025-09-22 13:57 ` Shannon Sterz [this message]
2025-09-22 13:58 ` Shannon Sterz
2025-09-22 15:06 ` [pdm-devel] Superseded: " Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DCZCUHRD0DUJ.3KJLAQ8FGKB9O@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox