From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 1D4421FF16B for ; Thu, 12 Dec 2024 06:51:20 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A2CEA149BA; Thu, 12 Dec 2024 06:51:23 +0100 (CET) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733982675; x=1734587475; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7cZxg2kVxi5iif39HhXf/+m2cf4c+aKFT4xqDIHD88I=; b=Trl3GIi0egfnKXCAwRYDL/RTwZKv871JNmKRnDE6c/CvA0Xim+WAydWBl6CFesSo4Z u83EgEfnvhcUuem5zRERhYcgozZWAL9mGDGIMZuXRju/YGJWaK7Ix9H4+QbW1p29Ohs4 UeIKM8CEqHj5BUdaaXomYr1JUnc/LNcPQg/uRzYvzfF8lMTnQQqoKEBI9TUmPVOoyyko cSCfIJ3xrm3G0/ZbHnWtZSR8kVHdr7Wjlu5PXoQcKX78Cwa4wHQK4mlQ2iysY++StLMY FVHEdGDiavQrJwyj8escgHzlGBzjMfCTqjaZI/pTCoziYy+hQCd9FbMx7wJZ5BXI6B7i u/iQ== X-Gm-Message-State: AOJu0YxuQZl6xzxXMW3Nfxasun5m70o7k4xtmG4+RyYad2vHP6a3ss6x xd2uHR9XG/Fp3W0gKvF2pc69ggtKy4msgCa/+XwMLR5UeSJkX7IXF4U7k2s5 X-Gm-Gg: ASbGncvWXRmUFACZBw76ug+cmI70dwwqcDjcPc2p950GeUrzugCotGadfQa2FTOATk/ nDWoJPBoOikCXa+MFbM1eS2pfa9dj3FiLFOqllqAqgSYw1wg6Eb1scEXKaVivbbpXJq7VTBls72 g7lwbAt/czJP1EZNP9IDUuJqrjxZz5DeHTBnMTy2w8JCDOylbJOOyTjS9xLcklLbJLmS1m2LNci JYP3DklCZuFK8sUv12SC80txQ8QAIxl9d3LxLgZuKSEHSDoRhJ5D0AFMMBfikIA3dHeVCMdJWzR 3OIigvamwgsdqpxikv4= X-Google-Smtp-Source: AGHT+IHpnctiSnwdoLftSg91eu1yAelYOsO7glBpgz0yqB9t+oR4bF+2nJNI8xWLYSywYL6SxMScYA== X-Received: by 2002:a17:906:9c9:b0:aa6:7f3d:4f9c with SMTP id a640c23a62f3a-aa6c1cefd42mr242577966b.38.1733982674957; Wed, 11 Dec 2024 21:51:14 -0800 (PST) X-Received: by 2002:a5d:5e81:0:b0:382:38e6:1eb3 with SMTP id ffacd0b85a97d-38787695681mr1344714f8f.30.1733982674442; Wed, 11 Dec 2024 21:51:14 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Thomas Skinner Date: Wed, 11 Dec 2024 23:50:48 -0600 X-Gmail-Original-Message-ID: Message-ID: To: m.limbeck@proxmox.com X-SPAM-LEVEL: Spam detection results: 0 AWL -0.197 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are different FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H3 0.001 Good reputation (+3) RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH SERIES openid/access-control/docs/manager] fix #4411: add support for openid groups X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" > It seemed to work reliably once Keycloak was configured correctly. One > thing that was confusing, even with `Overwrite Groups` no groups are set > if they aren't already configured on the PVE cluster. This is by design (and mentioned in docs patch) to prevent an arbitrary number of groups being created in the event there are other groups in the claim that do not exist in PVE (e.g. imagine every group for a large directory service is included in the claim but not all of them apply to PVE). There could be an option added to auto-create groups (maybe default disabled) to allow users to have this capability, too. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel