From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DEC99614DA for ; Fri, 4 Feb 2022 15:25:32 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AEE9A32F2F for ; Fri, 4 Feb 2022 15:25:02 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1B5A632F14 for ; Fri, 4 Feb 2022 15:25:02 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E3FB5461C3 for ; Fri, 4 Feb 2022 15:25:01 +0100 (CET) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Fri, 4 Feb 2022 15:24:58 +0100 Message-Id: <20220204142501.1461441-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.160 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH access-control/manager v2] fix #3668: improving realm sync X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2022 14:25:32 -0000 this deprecates the 'full' sync option and replaces it with a 'mode' option, where we add a third one that updates the current users (while retaining their custom set attributes not exisiting in the source) and removing users that don't exist anymore in the source sorry for the long time between versions, i was distracted by various different things... one "weird" thing that happens is when having a cluster and not all nodes are on the newest version if someone adds this option to the realm config. then everytime when the config is parsed on the older nodes, a warning is printed into the journal though this is the same for all new options in the domains.cfg, so i don't really see a way around this (besides allowing additionalProperties, but this would also first work on the next update) changes from v1: * replace the 'remove-vanished' by a new 'mode' selection and adding an appropriate mode pve-access-control: Dominik Csapak (2): realm-sync: replace 'full' option with 'mode' fix #3668: realm-sync: add mode 'sync' src/PVE/API2/Domains.pm | 59 ++++++++++++++++++++++++++++++++++------- src/PVE/Auth/Plugin.pm | 20 +++++++++++--- 2 files changed, 66 insertions(+), 13 deletions(-) pve-manager: Dominik Csapak (1): ui: realm sync: replace 'full' with 'mode' www/manager6/dc/AuthEditLDAP.js | 11 ++++++----- www/manager6/dc/SyncWindow.js | 9 +++++---- 2 files changed, 11 insertions(+), 9 deletions(-) -- 2.30.2