[pve-devel] [PATCH 0/2] Suppport for LDAP PosixGroups->memberUid

[pve-devel] [PATCH 0/2] Suppport for LDAP PosixGroups->memberUid

[Till Riedel via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 3372 bytes --]

From: Till Riedel <riedel@teco.edu>
To: pve-devel@lists.proxmox.com
Cc: Till Riedel <riedel@teco.edu>
Subject: [PATCH 0/2] Suppport for LDAP PosixGroups->memberUid
Date: Wed, 16 Apr 2025 22:55:31 +0200
Message-ID: <20250416205656.153451-2-riedel@teco.edu>

Citing https://ldapwiki.com/wiki/Wiki.jsp?page=PosixGroup

2307Bis says:
"Group members may either be login names (values of memberUid) or Distinguished Names (values of uniqueMember). In the uniqueMember, the Distinguished Names must be mapped to one or more login names by examining the name's RDN or, if it is not distinguished by uid, performing a base search on the DN with a filter of "(objectclass=*)".

Currently only DNs seem to be supported

Till Riedel (1):
  support login-names instead of DNs

 src/PVE/Auth/LDAP.pm | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.45.1



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH 1/2] Suppport for LDAP PosixGroups->memberUid

[Till Riedel via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 3788 bytes --]

From: Till Riedel <riedel@teco.edu>
To: pve-devel@lists.proxmox.com
Cc: Till Riedel <riedel@teco.edu>
Subject: [PATCH 1/2] Suppport for LDAP PosixGroups->memberUid
Date: Wed, 16 Apr 2025 22:55:32 +0200
Message-ID: <20250416205656.153451-3-riedel@teco.edu>

Signed-off-by: Till Riedel <riedel@teco.edu>
---
 src/PVE/LDAP.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/PVE/LDAP.pm b/src/PVE/LDAP.pm
index 16a0a8e..ab7df3e 100644
--- a/src/PVE/LDAP.pm
+++ b/src/PVE/LDAP.pm
@@ -208,7 +208,7 @@ sub query_groups {
 
     my $page = Net::LDAP::Control::Paged->new(size => 100);
 
-    my $attrs = [ 'member', 'uniqueMember' ];
+    my $attrs = [ '*' ];
     push @$attrs, $group_name_attr if $group_name_attr;
     my @args = (
 	base     => $base_dn,
@@ -241,6 +241,10 @@ sub query_groups {
 	    if (!scalar(@$members)) {
 		$members = [$entry->get_value('uniqueMember')];
 	    }
+            if (!scalar(@$members)) {
+               $members = [$entry->get_value('memberUid')];
+            }
+
 	    $group->{members} = $members;
 	    if ($group_name_attr && (my $name = $entry->get_value($group_name_attr))) {
 		$group->{name} = $name;
-- 
2.45.1



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH 2/2] Suppport for LDAP PosixGroups->memberUid

[Till Riedel via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 3323 bytes --]

From: Till Riedel <riedel@teco.edu>
To: pve-devel@lists.proxmox.com
Cc: Till Riedel <riedel@teco.edu>
Subject: [PATCH 2/2] Suppport for LDAP PosixGroups->memberUid
Date: Wed, 16 Apr 2025 22:55:33 +0200
Message-ID: <20250416205656.153451-4-riedel@teco.edu>

Signed-off-by: Till Riedel <riedel@teco.edu>
---
 src/PVE/Auth/LDAP.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
index bf7e968..ff05f02 100755
--- a/src/PVE/Auth/LDAP.pm
+++ b/src/PVE/Auth/LDAP.pm
@@ -383,6 +383,10 @@ sub get_groups {
 		if (my $user = $dnmap->{lc($member)}) {
 		    $ret->{$name}->{users}->{$user} = 1;
 		}
+                else
+                {
+                    $ret->{$name}->{users}->{"$member\@$realm"} = 1;
+                }
 	    }
 	}
     }
-- 
2.45.1



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel