* [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs
@ 2022-02-14 13:16 Dylan Whyte
2022-02-15 11:29 ` Stoiko Ivanov
0 siblings, 1 reply; 2+ messages in thread
From: Dylan Whyte @ 2022-02-14 13:16 UTC (permalink / raw)
To: pmg-devel
- Be clearer about the fact that LDAP is only for spam quarantine
access.
- Specify spam quarantine url and that users must log in with their
email.
Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
pmg-administration.adoc | 4 +++-
pmgconfig.adoc | 27 ++++++++++++++++++++-------
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/pmg-administration.adoc b/pmg-administration.adoc
index 2eae2ba..fe1eae1 100644
--- a/pmg-administration.adoc
+++ b/pmg-administration.adoc
@@ -72,6 +72,7 @@ output.
Quarantine
----------
+[[pmgadministration_spam_quarantine]]
Spam
~~~~
@@ -85,7 +86,8 @@ code (attacking your operating system or email client) is removed by
{pmg}.
Users can get access to their personalized quarantine via the daily
-spam report or by logging in with their LDAP credentials.
+spam report or by navigating to `https://<pmg-host>:8006/quarantine` and logging
+in with their LDAP credentials (email address and password).
You can additionally enable user self-service for sending an access link from
the Quarantine Login page.
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index b19cbb5..fea26db 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -902,20 +902,33 @@ LDAP/Active Directory
[thumbnail="pmg-gui-ldap-user-config.png", big=1]
+With {pmg}, users can use LDAP and Active directory as authentication methods to
+access their individual xref:pmgadministration_spam_quarantine[Spam Quarantine].
+Additionally, if users have extra email aliases defined in the LDAP directory,
+they will have a single spam quarantine for all of these.
+
+NOTE: Authentication via LDAP must first be enabled using the `Authentication
+mode` (`authmode`) parameter in the
+xref:pmgconfig_spamdetector_quarantine[Spam Detector's Quarantine configuration settings].
+
You can specify multiple LDAP/Active Directory profiles, so that you can
-create rules matching those users and groups.
+create rules matching particular users and groups.
Creating a profile requires (at least) the following:
-* profile name
-* protocol (LDAP or LDAPS; LDAPS is recommended)
-* at least one server
-* a username and password (if your server does not support anonymous binds)
+* `Profile Name`: The name assigned to the LDAP profile.
+* `Protocol`: LDAP, LDAPS, or LDAP+STARTTLS (LDAP+STARTTLS is recommended).
+* `Server`: The domain name/IP address of the LDAP server. A fallback can also
+ be configured using the second field.
+* `User name`: The Bind DN for authentication on the LDAP server.
+ This is required if your server does not support anonymous binds.
+* `Password`: Password for the Bind DN user.
+* `Base DN`: The directory which users are searched under.
All other fields should work with the defaults for most setups, but can be
used to customize the queries.
-The settings are saved to `/etc/pmg/ldap.conf`. Details for the options
+The settings are saved to `/etc/pmg/ldap.conf`. Details about the options
can be found here: xref:pmg_ldap_configuration_file[ldap.conf]
Bind user
@@ -926,7 +939,7 @@ LDAP server only has permission to query the server. For LDAP servers
(for example OpenLDAP or FreeIPA), the username has to be of a format like
'uid=username,cn=users,cn=accounts,dc=domain', where the specific fields
depend on your setup. For Active Directory servers, the format should be
-like 'username@domain' or 'domain\username'.
+'username@domain' or 'domain\username'.
Sync
^^^^
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs
2022-02-14 13:16 [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs Dylan Whyte
@ 2022-02-15 11:29 ` Stoiko Ivanov
0 siblings, 0 replies; 2+ messages in thread
From: Stoiko Ivanov @ 2022-02-15 11:29 UTC (permalink / raw)
To: Dylan Whyte; +Cc: pmg-devel
Huge thanks for addressing this.
one comment inline:
On Mon, 14 Feb 2022 14:16:26 +0100
Dylan Whyte <d.whyte@proxmox.com> wrote:
> ..snip..
> @@ -85,7 +86,8 @@ code (attacking your operating system or email client) is removed by
> {pmg}.
>
> Users can get access to their personalized quarantine via the daily
> -spam report or by logging in with their LDAP credentials.
> +spam report or by navigating to `https://<pmg-host>:8006/quarantine` and logging
since the quarantine url is configurable (Configuration->Spam
Detector->Quarantine->quarantine_host and port) - I think it would be best
to mention this - maybe:
```
.. by navigating to the url configured for the quarantine (defaulting to
https://<pmg-host>:8006/quarantine)
```
> ..snip..
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-15 11:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-14 13:16 [pmg-devel] [PATCH pmg-docs] Fix 3645: Improve LDAP docs Dylan Whyte
2022-02-15 11:29 ` Stoiko Ivanov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox