Proxmox-group-mapper is a little Python script that enables you to map a local group (or managed via LDAP, NIS, etc…) into a Proxmox group.
The idea came from the fact that on my deployed Proxmox servers I already manage user/groups via an LDAP tree so I did not want to have an additional user management layer. The goal of that script is to map users from a local group into a Proxmox one by creating/modifying Proxmox users via the API. That way users will be able to log using their local/ldap accounts into Proxmox having the predefined access rights.
This script uses the local Proxmox API (to avoid needing authentication) so you will have to run it locally on the Proxmox host.
Usage is pretty simple :
usage: proxmox-group-mapper.py [-h] --local-group LOCAL_GROUP --pve-group PVE_GROUP --pve-role PVE_ROLE --pve-path PVE_PATH [--debug] optional arguments: -h, --help show this help message and exit --local-group LOCAL_GROUP Local group name or id --pve-group PVE_GROUP Proxmox group name --pve-role PVE_ROLE Role granted to the group on path --pve-path PVE_PATH Path to apply role for group --debug Show debugging messages (default: False)
Let's give you a good example to illustrate
I have a local 'sysadmins' group containing 3 users. I want a 'PVE-Admins' Proxmox group containing that 3 users with Administrator rights on '/' :
proxmox-group-mapper --local-group sysadmins \ --pve-group PVE-Admins \ --pve-role Administrator \ --pve-path /
If the 'PVE-Admins' group does not exists on Proxmox it will automatically be created with the users also.
If some users already exsists on Proxmox but are not from the desired group, they will be modified to be added to the selected Proxmox group.
Here is the result of the script execution :
root@debian-test:~# getent group root:x:0: daemon:x:1: bin:x:2: [...] systemd-journal:x:102: systemd-timesync:x:103: systemd-network:x:104: systemd-resolve:x:105: systemd-bus-proxy:x:106: crontab:x:107: netdev:x:108:sysadmin messagebus:x:109: ssh:x:110: sysadmins:x:1001:admin1,admin2,admin3
Proxmox-group-mapper is distribued as a Debian package in order to ensure dependencies with 'Python' and 'pve-manager' (the Debian package providing the pvesh command).