This fixes #3748 [0] by allowing reserved characters in `bind_dn` (and other properties of the same format) if they are properly quoted and adds some corresponding documentation regarding that.
This was tested by setting up a slapd server and creating a user with the CN `Test, User` much like in the bug report, then using this user as `bind_dn` in the sync options. I also tested some variants of that CN, including just `TestUser`.) One thing that still won't work is syncing of LDAP users with colons or slashes in their CNs. In such cases, the message value 'Test, User@ldap' does not look like a valid user name will pop up. This is due to spaces and colons being explicitly disallowed in usernames [1]. This probably means that such names can never be allowed, which is being documented too as part of patch 2. But with this series, such users can be at least used to bind for syncing. [0] https://bugzilla.proxmox.com/show_bug.cgi?id=3748 [1] https://git.proxmox.com/?p=pve-access-control.git;a=blob;f=src/PVE/Auth/Plugin.pm;hb=HEAD#l115 Christoph Heiss (1): ldap: Allow quoted values for DN attribute values src/PVE/Auth/LDAP.pm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) Christoph Heiss (1): pveum: Document reserved characters and quoting of LDAP DNs pveum.adoc | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) -- 2.34.1 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
