Setting up LDAP Authentication for ProxMox VE 🌱

NOTE: ProxMox does not like spaces in user or group names

Create VMAdmins Group

  1. Click the Start button > Windows Administrative Tools > Active Directory Users and Computers
  2. Expand the domain name
  3. Right click on the Users container > New > Group
  4. Name the group VMAdmins > Click OK
  5. Double click the newly created VMAdmins group
  6. Select the Members tab > Click the Add... button
  7. Add users who will be administrators for the ProxMox host

Configuring LDAP Authentication in ProxMox VE

  1. Open a web browser and navigate to the ProxMox VE web UI
  2. Log in
  3. Select Datacenter in the left navigation menu
  4. Select Permissions > Authentication in the left sub navigation menu
  5. Click the Add dropdown > LDAP Server
  6. Fill out the LDAP Server form as shown below

    Realm: i12bretro.local
    Base Domain Name: CN=Users,DC=i12bretro,DC=local
    Server: 10.10.27.1
    User Attribute Name: sAMAccountName

  7. Click the Sync Options button at the top
  8. Fill out the Sync Options form as shown below

    Bind User: CN=readonly_svc,CN=Users,DC=i12bretro,DC=local
    Bind Password: Read0nly!!
    E-Mail attribute: mail
    User classes: person, user
    Group classes: group
    User Filter: (&(memberOf=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))
    Group Filter: (&(distinguishedName=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))
    Scope: Users and Groups
    Enable new users: Yes
    Full: Yes
    Purge: Yes

  9. Click the Add button
  10. Back on the Authentication page, select the new ldap authentication and click the Sync button
  11. Click the Preview button to test the sync without creating or modifying anything
  12. If the users and groups display as expected, close the preview and re-run the sync to create the users and groups
  13. Select Permissions in the left sub navigation menu
  14. Click Add > Group Permission from the dropdown at the top of the page
  15. Set the path to /, select the VMAdmins group from the dropdown and select the desired Role > Click Add
  16. Select the user dropdown in the top right of the screen > Logout
  17. Log in with one of the LDAP users in the VMAdmins group, making sure to set the Realm to the domain realm created earlier