From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7409AD03A for ; Wed, 12 Jul 2023 15:54:01 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 536422FB49 for ; Wed, 12 Jul 2023 15:54:01 +0200 (CEST) Received: from gmmr-4.centrum.cz (gmmr-4.centrum.cz [IPv6:2a00:da80:1:502::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 12 Jul 2023 15:54:00 +0200 (CEST) Received: from gmmr-4.centrum.cz (localhost [127.0.0.1]) by gmmr-4.centrum.cz (Postfix) with ESMTP id 257BD2C54 for ; Wed, 12 Jul 2023 15:53:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=volny.cz; s=mail; t=1689170028; bh=eKRt5J+uFOXh0RQnxTiObgehBpl6rC6rbrLBGCEqXZA=; h=From:Subject:Date:To:From; b=AFbaTTzB8fIrKu/GgI6I3/Zc18L8ClzVbwENmPdGLM9d0IIQJJCeLe7B1l39jDm78 ETMzw9oF0PRH7OAJzQAnBGCFjlCMUf42Thl8Jg5omCdQAAezsOMufgSCZ/rwyT1rdO 2LRihnEsdIZyMsZt7bztjhG+c9zHQgd1zhStU8lM= Received: from antispam30.centrum.cz (unknown [10.30.208.30]) by gmmr-4.centrum.cz (Postfix) with ESMTP id 23B4720089DA for ; Wed, 12 Jul 2023 15:53:48 +0200 (CEST) X-IPAS-Result: =?us-ascii?q?A2AmAAARr65k/03h/y5aHAEBAQEBAQcBARIBAQQEAQFJg?= =?us-ascii?q?TIHAQELAYlUiB2JPYQ5jHxeigyBVoF+DwEBAQEBAQEBAQlEBAEBiyomNAkNA?= =?us-ascii?q?QECBAEBAQEDAgECAQEBAQEBAwEBAQIDAQEBAQEBBgMBAYEchS9Ggjcig1VvD?= =?us-ascii?q?gEjCAEDBgKDcIJdjTacMYEyGgJlgmKCFKtJgkkfgWiBQgGHZRoBBWBjAYhvg?= =?us-ascii?q?g2BPByHSAEBCGiDCzmCLgSLT4JQhVYHMoI6B4sWgSdvgR43Z3oCCQIRZ4EIC?= =?us-ascii?q?F+Bbj4CDVULC2OBHIFUeQICEToUU18ZGwMHA4EFEC8HBDImBgkYLyUGUQcXF?= =?us-ascii?q?iQJExVBBINTCoEIPxUOEYJQIgIHNjsbTYEogUIJFwg7U34QMQQUHX42AwkDB?= =?us-ascii?q?wUsHUADCxgNSxEsNRQbBkOBBRdjgXRIolaDVzNKG3yBJQZFAhQIEZJ/jliiU?= =?us-ascii?q?4QVgV2CZ5xXBC+XPwOSF4dhkEWiUCkHDFoBhFeBY4IPBk04HkcBgj0+ExmiH?= =?us-ascii?q?oEuAgcBCgEBAwmJFII0AQE?= IronPort-PHdr: A9a23:TigvyB+seXFPkf9uWXG8ngc9DxPPW53KNwIYoqAql6hJOvz6uci4Y gqEv74z3BfgZsby07p8ke3YsqTtCyQrwK2qlzQ8SqFKTAIPks4MngYtU4avAEz/K+P2PWRhR JwRHFBq8GumPkdLBc3we0PdomGo7T4VBx7zKRd5Kv76F4LMjsm7ze6/94PcbwhJhze2fK9/I gixoQjNrMcdnJFsKrw2yhvHo3tIf/pZyGZ1Ll+NnBjy+9m98od7/ytfp/wu+chAUb7nf6sjV rxXEC4mM2Eu68L1sxTIUBaC6WEdUmUSlRpIHhTF4RTnVZr/rif2quxw0zScMMbrT747RC6i4 r9rRhD0hygJKj03/m/JhMJ3l69Uug6tpxllzo7UfI2YNvxzdb7dc9MAQmpBW95cWShbDYO6c oAAAO4BMvxEoIn9ulADqhm+ChOqBOPy0T9FnWH23ao+0+QnEQDKxhAvHtMXvXnSsd76O7scX /qvw6nU0TXMcelW2THl5YXKbx0sof+CU71tfcfT10UiEw3Lg1Gep4H7IT6Y1PoAv3aG4+d9V eyihGEqpxx/rDavx8oglojEip8ax1za6Sh0xps+K96gSENjbtOpEYFcuz+aOoZ2WM8uXX9kt SYgxrAEu5O2ejUBxo49yB7FcfOHdpCF4hfkVOmMPzh1nGlleLejhxaq9kig1/H8WtG00FlUq ipFlcHBtn8I1xDK8ciHT+d9/l+81TqTzQzc9v9LIUYolarBNp4hx6Q8mYYSsEjbHy/2nlv5j LOOe0gr++Wk8frrb7Xmq5OGKYN4lAHzPr4sl8G9Geg4NxIBX2mf+eSyzr3j+kj5Ta1IjvIsl KnZrYvaKN8Fpq6+Bw9V1IYi5wyjADanyNgYm2III0pfeB2bl4jpJ03OIPfgAPuim1isiitkx +jaPr39BZXANmDDkKn/crpk9k5c0xQ8zcpE6pJQC7EBO+7zWlTruNzAFB85NAO1w+PgCNRyz I8RRWWPAqrKeJ/V5EeW66cyOOSWTIsUoyrmbeA/4O7rim9/klgYLoez2p5CSnm+VspiKk6ZK S7ui9EcCk8UuQ44XarhmgvRAnZoe3+uUvdktXkAA4W8ANKbLr0= IronPort-Data: A9a23:g8WOBamEVi3QBNfyeJU278jo5gwnJERdPkR7XQ2eYbSJt1+Wr1Gzt xJNDD/UbP2KNGH2fdB0a4Tip0IOuJ7WxoViSAVkrn1nEy4T+ZvOCP2ndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6j+fRLlbFILSsEjhrQgN5QzsWhxtmmuoo6qZlmtHR7zml4 LsemOWBfgf8s9JIGjhMsfnb90o15K6aVA4w5zTSW9ga4TcyqFFKVPrzFYnpR1PkT49dGPKNR uqr5NlVKUuEl/uFIorNfofTKiXmcJaLVeS9oiM+t5yZv/R3jndaPpDXlBYrQRw/Zz2hx7idw TjW3HC6YV9B0qbkwIzxX/TEes1zFfUuxVPJHZSwmey2lnScXFfM+cg0PXE7HpVC1Lo0GUgbo JT0KBhVBvyCr+2zham+VvE13oIoIc/3Jp4a/Hpypd3bJap4B8qeHuOQv4Ieg2hYasNmRJ4yY +IbYDxydzzeZBlJKxEcGvrSmc/x3CGjKGQI9wv9Sawf0jn90Akg06nRPPXSaIy6G8JIj12Wq TeTl4j+KlRAXDCF8hKd7H/pm/TChwv/WZkOD/ug7Pl6hVqDgGcUDXUruUCT/af/0BPjHYgFd gpLpULCsJQPyaBidfGlNzXQnZJOlkd0twZ4ewHi1Dyw9w== IronPort-HdrOrdr: A9a23:6ARf6KD3uwZEeLrlHenJ55DYdb4zR+YMi2TDtnoddfU7SK2lfq yV9sjzqyWbtN9hYh0dcLm7UcHqfZq2z/FICOcqXYtKJDOW21eVEA== X-Talos-CUID: 9a23:bvd2923hr3sLNW8u8aqXCbxfOuV8Syfy4FfqHhWJOWtKUOe7FRyI0fYx X-Talos-MUID: 9a23:O9HhNQjlVtVtBwjYI/WG1sMpBZZG/6H/C1ExnboBqZm0ayttKiyTg2Hi X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.01,199,1684792800"; d="scan'208,217";a="120431871" Received: from unknown (HELO gm-smtp10.centrum.cz) ([46.255.225.77]) by antispam30.centrum.cz with ESMTP; 12 Jul 2023 15:53:47 +0200 Received: from smtpclient.apple (unknown [10.128.64.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gm-smtp10.centrum.cz (Postfix) with ESMTPSA id CA672B8A42 for ; Wed, 12 Jul 2023 15:53:47 +0200 (CEST) From: Jan Vlach Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) Message-Id: <847090B6-B75A-47F7-80EC-5868B1C8CDFA@volny.cz> Date: Wed, 12 Jul 2023 15:53:37 +0200 To: pve-user@lists.proxmox.com X-Mailer: Apple Mail (2.3731.600.7) X-SPAM-LEVEL: Spam detection results: 0 AWL -0.196 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy HTML_MESSAGE 0.001 HTML included in message KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [PVE-User] PBS3 - can't add LDAP realm, same settings work fine with PVE7 X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2023 13:54:01 -0000 Hello, I=E2=80=99m preparing upgrade of our PVE7.4 + PBS2.4 infrastructure, = I=E2=80=99ve started with PBS that boots in UEFI mode to verify that I = have a re-bootable machine as per notes in upgrade guide. I have LDAP authentication working successfully in PVE, but I can=E2=80=99= t get it working in the PBS3 I=E2=80=99m trying to copy the settings from PVE, I=E2=80=99m missing = Group classes and Group filter in PBS and I get weird error message on = trying to add: Could not search LDAP realm, base_dn could be incorrect: LDAP operation = result rc=3D4 (sizeLimitExceeded), dn: =E2=80=9C=E2=80=9D, text: =E2=80=9C= =E2=80=9D: rc=3D4 (sizeLimitExceeded), dn: =E2=80=9C=E2=80=9D, text: = =E2=80=9C=E2=80=9D bind user and server are redacted, there is no fallback server, password = is managed by 1Password and is same. I can successfully lookup via = ldapsearch from cli (no firewall). There=E2=80=99s no encryption. What am I doing wrong?=20 Thank you, JV Detailed settings follow: =3D=3D=3D PVE7.4-15 settings =3D=3D=3D TAB: GENERAL TAB: Realm: ldap Base Domain Name: dc=3Deconomia,dc=3Dcz User Attribute Name: sAMAccountName Default: True Server: Fallback Server: Port: Default SSL: False Verify Certificate: False, greyed out Require TFA: none Comment: LDAP TAB: SYNC OPTIONS: Bind User: CN=3D,CN=3DUsers,DC=3Deconomia,DC=3Dcz Bind Password: Unchanged, greyed out (I know this) E-mail attribute: mail Groupname attr.: sAMAccountName Default Sync Options Scope: Users and Groups User classes: user Group classes: group User Filter: = (MemberOf=3DCN=3DIT_OPS,OU=3DExternal,OU=3DGroups,DC=3Deconomia,DC=3Dcz) Group Filter: (|(sAMAccountName=3DIT_OPS)) Enable new users: Yes (Default) Remove vanished options ACL: True Entry: True Properties: True =3D=3D=3D PBS3 settings =3D=3D=3D=3D TAB: GENERAL Realm: ldap Base Domain Name: dc=3Deconomia,dc=3Dcz User Attribute Name: sAMAccountName Anonymous search: false Bind Domain Name: CN=3D,CN=3DUsers,DC=3Deconomia,DC=3Dcz // = same user as above Bind Password: Server: Fallback Server: Port: Default Mode: LDAP Verify certificate: greyed out, false TAB: SYNC OPTINS: First Name attribute: givenName // verified with cli ldapsearch Last Name attribute: sn E-Mail attribute: mail Default sync options Enable new users: Yes (Default) User classes: user User filter: = (MemberOf=3DCN=3DIT_OPS,OU=3DExternal,OU=3DGroups,DC=3Deconomia,DC=3Dcz) !! I miss group classes !! I miss Group Filter Remove vanished options ACL: True Entry: True Properties: True On pressing add I get: Could not search LDAP realm, base_dn could be incorrect: LDAP operation = result rc=3D4 (sizeLimitExceeded), dn: =E2=80=9C=E2=80=9D, text: =E2=80=9C= =E2=80=9D: rc=3D4 (sizeLimitExceeded), dn: =E2=80=9C=E2=80=9D, text: = =E2=80=9C=E2=80=9D=