password then has to be stored in `/etc/pve/priv/ldap/<realmname>.pw`
(e.g. `/etc/pve/priv/ldap/my-ldap.pw`). This file should contain a
single line containing the raw password.
++
+To verify certificates, you need to to set `capath`. You can set it either
+directly to the CA certificate of your LDAP server, or to the system path
+containing all trusted CA certificates (`/etc/ssl/certs`).
+Additionally, you need to set the `verify` option, which can also be doen over
+the web interface.
Microsoft Active Directory::
Syncing LDAP-based realms
~~~~~~~~~~~~~~~~~~~~~~~~~
+[thumbnail="screenshot/gui-datacenter-realm-add-ldap.png"]
+
It is possible to sync users and groups for LDAP based realms. You can use the
CLI command
----
- pveum sync <realm>
+ pveum realm sync <realm>
----
or in the `Authentication` panel of the GUI. Users and groups are synced to the
cluster-wide user configuration file `/etc/pve/user.cfg`.
Options
^^^^^^^
+[thumbnail="screenshot/gui-datacenter-realm-add-ldap-sync-options.png"]
+
The main options for syncing are:
* `dry-run`: No data is written to the config. This is useful if you want to
Please refer to the https://developers.yubico.com/OTP/[YubiKey OTP]
documentation for how to use the
https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or
-https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation_Servers/[host
+https://developers.yubico.com/Software_Projects/Yubico_OTP/YubiCloud_Validation_Servers/[host
your own verification server].
[[pveum_user_configured_totp]]