From: Thomas Skinner <thomas@atskinner.net>
To: m.limbeck@proxmox.com
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH SERIES openid/access-control/docs/manager] fix #4411: add support for openid groups
Date: Wed, 11 Dec 2024 23:50:48 -0600 [thread overview]
Message-ID: <CALn9RMfYvF0+1AzOOq=+nTFQPqdd_p8ipapvHsBCRMVxbH4FaQ@mail.gmail.com> (raw)
In-Reply-To: <mailman.204.1731508602.391.pve-devel@lists.proxmox.com>
> It seemed to work reliably once Keycloak was configured correctly. One
> thing that was confusing, even with `Overwrite Groups` no groups are set
> if they aren't already configured on the PVE cluster.
This is by design (and mentioned in docs patch) to prevent an
arbitrary number of groups being created in the event there are other
groups in the claim that do not exist in PVE (e.g. imagine every group
for a large directory service is included in the claim but not all of
them apply to PVE). There could be an option added to auto-create
groups (maybe default disabled) to allow users to have this
capability, too.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next parent reply other threads:[~2024-12-12 5:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.204.1731508602.391.pve-devel@lists.proxmox.com>
2024-12-12 5:50 ` Thomas Skinner [this message]
2024-09-01 16:55 Thomas Skinner
2024-10-03 1:45 ` Thomas Skinner
2024-10-06 17:27 ` DERUMIER, Alexandre via pve-devel
2024-11-13 14:08 ` Mira Limbeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALn9RMfYvF0+1AzOOq=+nTFQPqdd_p8ipapvHsBCRMVxbH4FaQ@mail.gmail.com' \
--to=thomas@atskinner.net \
--cc=m.limbeck@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox