* [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
@ 2025-03-18 15:38 Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
0 siblings, 2 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-18 15:38 UTC (permalink / raw)
To: pve-devel
Add LDAP_UDP macro to the firewall to support LDAP implementations
that use UDP as well, such as Windows AD [1]
[1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-ve-config/resources/macros.json | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/proxmox-ve-config/resources/macros.json b/proxmox-ve-config/resources/macros.json
index 2fcc0fb..1c9a661 100644
--- a/proxmox-ve-config/resources/macros.json
+++ b/proxmox-ve-config/resources/macros.json
@@ -377,6 +377,15 @@
],
"desc": "Lightweight Directory Access Protocol traffic"
},
+ "LDAP_UDP": {
+ "code": [
+ {
+ "dport": "389",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Lightweight Directory Access Protocol traffic via UDP"
+ },
"LDAPS": {
"code": [
{
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH pve-firewall 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
@ 2025-03-18 15:38 ` Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
1 sibling, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-18 15:38 UTC (permalink / raw)
To: pve-devel
Add LDAP_UDP macro to the firewall to support LDAP implementations
that use UDP as well, such as Windows AD [1]
[1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Firewall.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 533f2a2..bb546c7 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -360,6 +360,10 @@ my $pve_fw_macros = {
"Lightweight Directory Access Protocol traffic",
{ action => 'PARAM', proto => 'tcp', dport => '389' },
],
+ 'LDAP_UDP' => [
+ "Lightweight Directory Access Protocol traffic via UDP",
+ { action => 'PARAM', proto => 'udp', dport => '389' },
+ ],
'LDAPS' => [
"Secure Lightweight Directory Access Protocol traffic",
{ action => 'PARAM', proto => 'tcp', dport => '636' },
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
@ 2025-03-19 8:50 ` Christoph Heiss
2025-03-19 8:56 ` Stefan Hanreich
1 sibling, 1 reply; 4+ messages in thread
From: Christoph Heiss @ 2025-03-19 8:50 UTC (permalink / raw)
To: Stefan Hanreich; +Cc: Proxmox VE development discussion
On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
> Add LDAP_UDP macro to the firewall to support LDAP implementations
> that use UDP as well, such as Windows AD [1]
>
> [1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
> [..]
> --- a/proxmox-ve-config/resources/macros.json
> +++ b/proxmox-ve-config/resources/macros.json
> @@ -377,6 +377,15 @@
> ],
> "desc": "Lightweight Directory Access Protocol traffic"
> },
> + "LDAP_UDP": {
What about naming it "AD" instead and including both the TCP and UDP
rule instead? I.e. making it completely separate from the "normal" LDAP
rule.
Naming it "LDAP_UDP" could be confusing to users, in that it might be
required for actual, compliant LDAP servers as well, not just AD.
> + "code": [
> + {
> + "dport": "389",
> + "proto": "udp"
> + }
> + ],
> + "desc": "Lightweight Directory Access Protocol traffic via UDP"
> + },
> "LDAPS": {
> "code": [
> {
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
@ 2025-03-19 8:56 ` Stefan Hanreich
0 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-03-19 8:56 UTC (permalink / raw)
To: Christoph Heiss; +Cc: Proxmox VE development discussion
On 3/19/25 09:50, Christoph Heiss wrote:
> On Tue Mar 18, 2025 at 4:38 PM CET, Stefan Hanreich wrote:
>> Add LDAP_UDP macro to the firewall to support LDAP implementations
>> that use UDP as well, such as Windows AD [1]
>>
>> [1] https://learn.microsoft.com/de-de/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts
>> [..]
>> --- a/proxmox-ve-config/resources/macros.json
>> +++ b/proxmox-ve-config/resources/macros.json
>> @@ -377,6 +377,15 @@
>> ],
>> "desc": "Lightweight Directory Access Protocol traffic"
>> },
>> + "LDAP_UDP": {
>
> What about naming it "AD" instead and including both the TCP and UDP
> rule instead? I.e. making it completely separate from the "normal" LDAP
> rule.
The idea was to not suddenly open up a port for users that are using
that macro currently (and it works fine for them).
> Naming it "LDAP_UDP" could be confusing to users, in that it might be
> required for actual, compliant LDAP servers as well, not just AD.
Agreed, that the name might not be optimal, I'm open to suggestions.
>> + "code": [
>> + {
>> + "dport": "389",
>> + "proto": "udp"
>> + }
>> + ],
>> + "desc": "Lightweight Directory Access Protocol traffic via UDP"
>> + },
>> "LDAPS": {
>> "code": [
>> {
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-03-19 8:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-18 15:38 [pve-devel] [PATCH proxmox-ve-rs 1/1] partial fix #6226: macros: add LDAP_UDP macro Stefan Hanreich
2025-03-18 15:38 ` [pve-devel] [PATCH pve-firewall " Stefan Hanreich
2025-03-19 8:50 ` [pve-devel] [PATCH proxmox-ve-rs " Christoph Heiss
2025-03-19 8:56 ` Stefan Hanreich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal