protocol. It allows clients to verify the identity of the user, based on
authentication performed by an external authorization server.
+[[user-realms-pam]]
Linux PAM Standard Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
authentication realm.
+[[user-realms-pve]]
{pve} Authentication Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~
required to set a password for this type of user upon creation.
+[[user-realms-ldap]]
LDAP
~~~~
be carried out automatically with <<pveum_ldap_sync, syncing>>.
+[[user-realms-ad]]
Microsoft Active Directory (AD)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* `Preview` (`dry-run`): No data is written to the config. This is useful if you
want to see which users and groups would get synced to the `user.cfg`.
+[[pveum_ldap_reserved_characters]]
+Reserved characters
+^^^^^^^^^^^^^^^^^^^
+
+Certain characters are reserved (see https://www.ietf.org/rfc/rfc2253.txt[RFC2253]) and cannot be
+easily used in attribute values in DNs without being escaped properly.
+
+Following characters need escaping:
+
+* Space ( ) at the beginning or end
+* Number sign (`#`) at the beginning
+* Comma (`,`)
+* Plus sign (`+`)
+* Double quote (`"`)
+* Forward slashes (`/`)
+* Angle brackets (`<>`)
+* Semicolon (`;`)
+* Equals sign (`=`)
+
+To use such characters in DNs, surround the attribute value in double quotes.
+For example, to bind with a user with the CN (Common Name) `Example, User`, use
+`CN="Example, User",OU=people,DC=example,DC=com` as value for `bind_dn`.
+
+This applies to the `base_dn`, `bind_dn`, and `group_dn` attributes.
+
+NOTE: Users with colons and forward slashes cannot be synced since these are
+reserved characters in usernames.
[[pveum_openid]]
OpenID Connect