Syncing LDAP-based realms
~~~~~~~~~~~~~~~~~~~~~~~~~
-It is possible to sync users and groups for LDAP based realms using
- pveum sync <realm>
-or in the `Authentication` panel of the GUI. Users and groups are synced
-to `/etc/pve/user.cfg`.
+[thumbnail="screenshot/gui-datacenter-realm-add-ldap.png"]
+
+It is possible to sync users and groups for LDAP based realms. You can use the
+CLI command
+
+----
+ pveum realm sync <realm>
+----
+or in the `Authentication` panel of the GUI. Users and groups are synced to the
+cluster-wide user configuration file `/etc/pve/user.cfg`.
Requirements and limitations
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The `bind_dn` is used to query the users and groups. This account
-needs access to all desired entries.
+The `bind_dn` is used to query the users and groups. This account needs access
+to all desired entries.
The fields which represent the names of the users and groups can be configured
via the `user_attr` and `group_name_attr` respectively. Only entries which
conflicts. Please make sure that a sync does not overwrite manually created
groups.
+[[pveum_ldap_sync_options]]
Options
^^^^^^^
+[thumbnail="screenshot/gui-datacenter-realm-add-ldap-sync-options.png"]
+
The main options for syncing are:
* `dry-run`: No data is written to the config. This is useful if you want to
Please refer to the https://developers.yubico.com/OTP/[YubiKey OTP]
documentation for how to use the
https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or
-https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation_Servers/[host
+https://developers.yubico.com/Software_Projects/Yubico_OTP/YubiCloud_Validation_Servers/[host
your own verification server].
[[pveum_user_configured_totp]]