Hello, I’m preparing upgrade of our PVE7.4 + PBS2.4 infrastructure, I’ve started with PBS that boots in UEFI mode to verify that I have a re-bootable machine as per notes in upgrade guide.
I have LDAP authentication working successfully in PVE, but I can’t get it working in the PBS3 I’m trying to copy the settings from PVE, I’m missing Group classes and Group filter in PBS and I get weird error message on trying to add: Could not search LDAP realm, base_dn could be incorrect: LDAP operation result rc=4 (sizeLimitExceeded), dn: “”, text: “”: rc=4 (sizeLimitExceeded), dn: “”, text: “” bind user and server are redacted, there is no fallback server, password is managed by 1Password and is same. I can successfully lookup via ldapsearch from cli (no firewall). There’s no encryption. What am I doing wrong? Thank you, JV Detailed settings follow: === PVE7.4-15 settings === TAB: GENERAL TAB: Realm: ldap Base Domain Name: dc=economia,dc=cz User Attribute Name: sAMAccountName Default: True Server: <redacted> Fallback Server: <empty> Port: Default SSL: False Verify Certificate: False, greyed out Require TFA: none Comment: LDAP TAB: SYNC OPTIONS: Bind User: CN=<redacted>,CN=Users,DC=economia,DC=cz Bind Password: Unchanged, greyed out (I know this) E-mail attribute: mail Groupname attr.: sAMAccountName Default Sync Options Scope: Users and Groups User classes: user Group classes: group User Filter: (MemberOf=CN=IT_OPS,OU=External,OU=Groups,DC=economia,DC=cz) Group Filter: (|(sAMAccountName=IT_OPS)) Enable new users: Yes (Default) Remove vanished options ACL: True Entry: True Properties: True === PBS3 settings ==== TAB: GENERAL Realm: ldap Base Domain Name: dc=economia,dc=cz User Attribute Name: sAMAccountName Anonymous search: false Bind Domain Name: CN=<redacted>,CN=Users,DC=economia,DC=cz // same user as above Bind Password: <same as above, from 1Pass> Server: <redacted> Fallback Server: <empty> Port: Default Mode: LDAP Verify certificate: greyed out, false TAB: SYNC OPTINS: First Name attribute: givenName // verified with cli ldapsearch Last Name attribute: sn E-Mail attribute: mail Default sync options Enable new users: Yes (Default) User classes: user User filter: (MemberOf=CN=IT_OPS,OU=External,OU=Groups,DC=economia,DC=cz) !! I miss group classes !! I miss Group Filter Remove vanished options ACL: True Entry: True Properties: True On pressing add I get: Could not search LDAP realm, base_dn could be incorrect: LDAP operation result rc=4 (sizeLimitExceeded), dn: “”, text: “”: rc=4 (sizeLimitExceeded), dn: “”, text: “” _______________________________________________ pve-user mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
