Hello all, wanted to seek some guidance on my L...
Hello all, wanted to seek some guidance on my LDAP queries. It appears proxmox or lldap don't seem to like wildcard searches, or at least I am writing them wrong, any suggestions on better ways to write these two filter queries?
Solution:Jump to solution
LLDAP doesn't support wildcards everywhere, that might just be a missing feature. I don't remember exactly where we support them, but I'm pretty sure we don't support wildcard UIDs (or CNs)
9 Replies
Here's a brand new thread for you! Please keep the discussion for this problem in this thread.
First thing that comes to mind is that you seem to be missing a set of parentheses around the entire filter: The syntax is
(&(...)(...)(...))
(if you know lisp, it's basically calling the &
function, so you need the syntax (function_name arg1 arg2 arg3)
Although the technical term would probably be s-expressionAye, that definitely helps my understanding, will included this bit. Proxmox seems quite forgiving with my queries here (although doesn't like wildcards [* or %])
It depends how you use the wildcards, they cannot just go anywhere in the filter. Can you give me an example?
Are kinda what I am aiming for, would like to copy all groups that start with
proxmox_*
, and then copy all users that are members of proxmox_*
groups.
Reading some of the proxmox support issue though, and trying to educate myself, is it usually better to have permissions/groups be additative (IE everyone has proxmox_user, then admins have proxmox_admin?) It seems like "it depends" as in each app is setup a little differently.Solution
LLDAP doesn't support wildcards everywhere, that might just be a missing feature. I don't remember exactly where we support them, but I'm pretty sure we don't support wildcard UIDs (or CNs)
Gotcha, yeah in my case at least for at home, my original queries (above) are working just great. Kinda thinking out loud as this doesn't seem to scale well, for 10s or 100s of groups.
[Which I would guess also kinda wanders outside of the aim of lldap as a project, but feel free to correct me.]
yeah, that's not really the objective of LLDAP. If we can support those usecases just by making the small server usecase better, that's nice, but I'm not going to make sacrifices just to support huge workloads
But in this case, adding support for wildcards there would improve the project
If you feel like it, you can create an issue for that (which I'm not going to get to anytime soon, but that'll be nice to have when I'm bored and don't know what else to do, if that ever comes up 😄 )
Hehe, will look into it, would love to try and pick up some rust so I can pass a PR on for this. That said yeah time is a hard commodity to come by these days 🙂