Hi @jlarionov_2030,
I haven't tested or tried it, but I can't help but wonder the API is responding with some kind of "license required" error, and blocking the seting.
I suppose we could investigate and try to resolve the error, but automated setup with a license key isn't so common of a requirement.... if tis is not really something you will do that often, perhaps it's not worth the effort.
Let us know your thoughts.
Thanks,
Steve
Hi @jlarionov_2030 ,
As of ProGet 2023 (or maybe earlier?), license keys are no longer requested / entered at installation time, but in the software itself now. This only matters on new instances.
You can use pgutil settings to set a license key if you'd like.
Thanks,
Steve
Hi @parthu-reddy,
Thanks for discovering/confirming that; unfortunately we're not able to reproduce this issue, as the multi-part / chunked uploads already take into account multiple servers.
ChunkedUploads table)Would you be able to dig into the request patterns a little more? I suspect there's "something" configured on the load-balancer that's "doing something weird" with these ranged requests.
The Multipart Upload API explains what's happening behind the scenes, and you may find that using pgutil assets upload is easier to troubleshoot.
Thanks,
Steve
Hi @jw ,
It definitely looks like there's some "drift" in the documentation and behavior. I already see some stuff about "allowedFeeds" in there, which isn't even a thing since policies. And you're right, you can't update code/title, which aligns with the pgutil behavior as well.
We'd rather have "no documentation" than wrong documentation, any suggestions on what to delete from here? https://github.com/inedo/inedo-docs/blob/master/Content/proget/api/licenses/update.md
Feel free to submit a PR if you've got a clear idea.
In general, we want to make sure the pgutil docs are accurate (those are very easy to test), and we figure... someone can just look at the pgutil code to learn the HTTP endpoint or library.
Thanks,
Steve
Hi @udi-moshe_0021 ,
My guess is that your proxy server is blocking certain things or having issues with redirects; you'd really have to monitor the back-and-forth traffic to see what's going on.
As you can see, there are a lot of "redirects" going on and URLS/Domains that you will not expect and can be hard to predict.
Thanks,
Steve
Hi @it_9582,
First and foremost, we don't recommend the "package promotion" feature as a means to indicate which "stage" (i.e. tested quality) a package is in relative to a CI/CD pipeline.
Instead, repackaging should be used:
https://docs.inedo.com/docs/proget/packages/repackaging
Having multiple feeds is fine; we do that for Products and PreReleaseProducts on proget.inedo.com, but that's to make it "harder" for someone to accidently use a prerelease version. Otherwise, you can just use one feed and have retention policies cleanup the "-ci" builds.
As for having the "build promotion" feature in ProGet be used as a workflow engine (i.e. to trigger actions upon promotion), I don't think we would consider that. At the most, we would do a webhook of sorts... though it doesn't make a ton of sense to be honest.
The reason is that ProGet isn't intended as the "source of truth" for build status - the idea is that you would have something like a pipeline in BuildMaster) update the statuses in ProGet.
The main benefit to having this status in ProGet is retention of builds/SBOMs.
Hope that helps,
Steve
Hi @it_9582 ,
You can specify licensing information in the description or in a custom metadata field like _licenseCode or something. It's not something that ProGet "reads" or "understands", mostly we didn't imagine users would package and upload third-party content with unwanted licenses.
If that's a use case that your mid/long-term implementation, we could definitely explore working together and properly adding/supporting it as a feature. It's not something we'd want to just "quickly throw in" from a forum post :)
Definitely chat with your account manager / point of contact once you're closer to or past the "purchase" side of things and we can make it happen. I've forwarded this message to him as well.
Thanks,
Steve
Hi @mickey-durden_1899 ,
Just to double check, can you try.... resetting to disk-based storage, reconfiguring cloud storage, and then making sure that DisablePayloadSigning is checked. And tehn open settings, to make sure DisablePayloadSigning is checked and stays checked.
Thanks,
Steve
Hi @alexvanini_5999 ,
I would try using the Inedo Agent instead; if you are getting this error, it most certainly means that there is some kind of security/hardening/account setting that is blocking WinRM. This is the underlying technology that PS Remoting and the PowerShell-based agent use.
In this state, it's a real pain to get working - and the Inedo Agent is much more stable, anyway. It will not be "randomly blocked" by a new GPO or Patch Tuesday bug as we've seen a lot with WMI.
Otherwise, you'll need to scour the web for obscure settings that may have been applied to the server. You may see information logged on the target machine under Windows Event Log under Windows Logs → Application or System related to WinRM.
It's possible that the domain account lacks needed rights, even though it's a local admin. Sometimes subtle rights (like SeRemoteInteractiveLogonRight, etc.) can block initialization.
Good luck, let us know what you find!
Thanks,
Steve
Hi @jw ,
I'm not able to reproduce any issues on my end; I'm not entirely sure how you're testing, but let me share with you the code on the server side in ProGet:
private static async Task UpdateLicenseAsync(AhHttpContext context, LoggedResponseStream output, WebApiContext apiContext)
{
EnsureMethod(context, "POST");
EnsureCanManageLicenses(apiContext);
var input = await JsonSerializer.DeserializeAsync(context.Request.InputStream, LicenseApiJsonContext.Default.LicenseInfo, context.CancellationToken)
?? throw new HttpException(400, "Expected license object.");
var license = await DB.Licenses_GetLicenseAsync(External_Id: input.Code)
?? throw new HttpException(404, "License not found.");
List<int>? nameIds = null;
if (input.PackageNames?.Count > 0)
{
nameIds = [];
foreach (var n in input.PackageNames)
{
if (!PackageNameId.TryParse(n, out var nameId))
throw new HttpException(400, $"Invalid package name: {n}");
nameIds.Add((await nameId.EnsureDatabaseIdAsync()).Id!.Value);
}
}
List<int>? versionIds = null;
if (input.Purls?.Count > 0)
{
versionIds = [];
foreach (var v in input.Purls)
{
if (!PUrl.TryParse(v, out var purl))
throw new HttpException(400, $"Invalid purl: {v}");
versionIds.Add((await ((PackageVersionId)purl).EnsureDatabaseIdAsync()).Id!.Value);
}
}
await DB.Licenses_UpdateLicenseDataAsync(
License_Id: license.License_Id,
PackageVersionIds_Csv: versionIds?.Count > 0 ? string.Join(',', versionIds) : null,
PackageNameIds_Csv: nameIds?.Count > 0 ? string.Join(',', nameIds) : null,
SpdxIds_Csv: input.Spdx?.Count > 0 ? string.Join(',', input.Spdx) : null,
Urls_Csv: input.Urls?.Count > 0 ? string.Join(',', input.Urls) : null
);
}
I'm not sure if that's helpful, but if not... can you put a specific reproduction case?
Also note that the license data in the UI is cached, but it's invalidated when you visit the /licenses page and others.
Thanks,
Steve
Hi @fabrice-mejean ,
I'm not sure what you mean by "Custom OSS provider", can you clarify?
Thanks,
Steve
@aristo_4359 oh I see! The "search" function does not work by version in that case
I'm afraid a "search by file hash" isn't supported, but you could relatively easily write a script to iterate through the feeds using pgutil. Or you could just search in the databse as well (FeedPackageVersions_Extended).
Thanks,
steve
Hi @aristo_4359,
You can see "all versions" of a package in the UI by clicking the package name in the breadcrumb or by selecting "All Versions" in the multi-button dropdown.
Thanks,
Steve
Hi @pmsensi ,
Can you take a look at this thread?
I believe that new API proposal ( pgutil packages metadata) would contain that information -- please share your thoughts in that thread so we can keep it in one place.
Thanks,
Steve
Hi @wechselberg-nisboerge_3629 ,
Given how you uploaded the file, the only scenario that I could see this happening is if the file on disk is somehow corrupted. For example, if you were to locate one of the .rpm files on disk and change a few bytes with a hex editor, I would expect this exact error to occur.
A feed reindex could would never fix this and obviously files cannot "heal themselves". However, this is exactly how hardware behaves, so I would look into that.
Thanks,
Steve
Hi @wechselberg-nisboerge_3629 ,
This error is the result of a "bad rpm package" (basically one that is compressed using a method we don't support) getting accepted into ProGet. It should have been rejected on load -- if ProGet cannot open a package file due to unsupported compression, then I'm not sure how it would have indexed the package.
You should be able to find which package it is by going to the "packages" tab at the top of the UI; when you click on the rpm package, it will give a similar error.
How did you add this package? What package is it? This is an error we can definitely fix if we can figurer out how you got the unsupported package in there.
Thanks,
Steve
Hi @wechselberg-nisboerge_3629 ,
These specific errors would have no impact on performance, feed loading, nor would they cause ProGet to "break down" in any manner. And rebooting would most definitely not help, since they stem from bad/corrupt data.
One possibility is that you have bad hardware - that causes peculiar and sporadic errors just like these that cannot be reproduced,.
I can only imagine how frustrating this is, but your experience is atypical and without reproduction cases we really don't know how to help. I would focus on trying to reproduce -- if it's indeed "bad data" that you are uploading, it would happen every single time.
Thanks,
Steve
@albert-pender_6390 great news!
And thanks for the heads up, I just updated the docs
Hi @albert-pender_6390 ,
This was renamed to proget, so it would just bew
/usr/local/proget/service/proget upgradedb
Thanks,
Steve
Hi @wechselberg-nisboerge_3629 ,
These messages are all unrelated and seem to stem mostly from a combination of bad/corrupt input data. Honestly I've never seen these errors before, but that's what they all sound like to me.
Are these impacting any actual usage, or are you simply "seeing" them in the Diagnostic Center?
If they are impacting usage, please put together a reproduction case so that you can consistently recreate the problem and we can study it.
Otherwise, if they are jjust "showing up" then you can disregard them. The Diagnostic Center is not intended for "proactive health" checking, just to troubleshoot usage errors. Messages logged there many not be problems at all, especially if users are doing things like uploading bad data.
Thanks,
Steve
Hi @wechselberg-nisboerge_3629,
I'm not sure what I'm looking at in the screenshot, but it's most certainly not a piece of process memory. Based on the string literal, it's likely a compiled library (i.e. DLL) that's invoking methods in that system library; you'd need to study the contents in a hex view look for executable headers if you really wanted to know.
Anyway, when it comes to downloading files, those are streamed directly from disk. In every instance of "corrupt downloads" that we've encountered, it was either due to network errors or hardware failures. And those are equally "impossible" to reproduce and nearly impossible to detect.
I would just try new hardware, that usually does the trick. We see this quite a bit in cloud environments (Azure mostly, but every now and then AWS and GCP).
Thanks,
Steve
In retrospect, I don't think pgutil would display the output like that exactly, but you get the idea. It'd basically be a bunch of label/text pairs -- basically not that different from what's in the ProGet UI
Hi @fabrice-mejean,
This begs the question of whether [obsolescence] should remain this way or if it should be managed more globally, similar to how vulnerabilities are handled. However, that would go beyond a simple API addition.
I could see this making sense for OSS packages hosted at their official source (e.g. NuGet.org, npmjs, etc) -- but you're right, much more than an API change and we should limit scope for now :)
Additionally, I would like to ask about the use of 'pgutil packages audit' and whether it indicates compliant or non-compliant. Does this status utilize all the rules (license, vulnerability, and others), and is there a plan to provide insights into the reasons behind the result? If it takes into account all the rules, then the 'other rules' are dependent on the feed, making the 'feed' parameter essential.
Good point -- the feed parameter would be important if you wanted feed-scoped policies. Otherwise, only the global policy could apply... which is limiting.
As for "reasons behind the result", there is a short text available in the compliance system that is displayed in the UI and error messages for non-compliant results. So I think we could bring that into the pgutil output like this:
$> pgutil packages metadata --feed=myNugetFeed --package=Junk.Package --version=1.2.3
Junk.Packge-1.2.3 (Deprecated, Unlisted)
Compliance : Warn (Deprecated; Unknown License)
License : RSGPL
Vulnerabilities : None
So to summarize my understanding... here's what I'm thinking.
pgutil packages metadata command will provide package metadata (i.e. from the manifest file), server metadata (listed, unlistd), vulnerabilities, and compliance -- similar to what the ProGet UI showspackages commands, which require a feed parameterpgutil packages audit command afterall, since we don't have an easy way to work on a "set of packages" with regards to feedsAnd of course, the new API call would return the data in a structured manner. We can share that as we get closer to implementation.
How's this sound?
Thanks,
Steve
Hi @shijiyong_6709 ,
This is a known limitation; when we implemented our Maven2 feed, we followed the 20+ year old Maven rule that "versions begin with numbers, artifacts begin with letters". Unfortunately there are some "ancient artifacts" and "broken versions" that don't follow this rule.
Since ProGet is not just a "dumb file server", knowing whether Arabba-SR13 is a version or artifact is important - and it's a nontrivial effort to address these "bad" artifacts. We will consider doing that in the future but it doesn't seem to impact a lot of artifactsa nd hasn't been a priority
Thanks,
Steve
@aristo_4359 thanks for letting us know! You are the first person to inquire about it over very many years :)
We'll see if anyone else is interested in this and then we can consider adding it!
We have already assessed the vulnerabilities; the container image is not susceptible to any of these vulnerabilities. Only two ports are exposed on the container (for http/https) and the overwhelming majority of packages built-in to the base container image (debian) are not used.
Thanks,
Steve
proget.inedo.com points to one of our edge node in an ProGet Edge Computing Edition network and is continuously replicating content from our hub server. Currently, we do not support replicating "non-content" (i.e. vulnerability assessments, license assignments, policies, etc.) -- only packages, containers, and assets.
Technically... that vulnerability information should not be displayed at all, since we disabled the feature on the feed. So that must be a bug of some kind.
Long story short, please disregard - we check all this on our central hub, but it's just not replicated to edge nodes.
Thanks,
Steve
Hi @parthu-reddy ,
That image is not actually hosted on Docker Hub, but in MCR (mcr.microsoft.com).
Confusingly, the Docker Hub is now used to "advertise" third-party containers in other registries, in addition to its own. In this case, there are no "tags" published on the docker hub page, so you know it's just an "ad" and not a real image
Thanks,
Steve
Hi @aristo_4359 ,
As you noticed, the feed does not support that endpoint. So there's no really way to get it working aside from us writing code to support it :)
Thanks,
Steve
Hi @fabrice-mejean,
Good point, it would not have PackageStatus. So let's jus say we add that in, like this:
Azure.Core-1.35.0 (Deprecated)
Compliance : Compliant
License : MIT
Vulnerabilities : None
Obviously the API would return it in a structure manner, and it could also show downloads etc.
However, all this data (including package status) means we need a feed in context. So the command would have to look like:
pgutil packages audit --project=c:\projects\MyProject.csproj --feed myFeed
I'm not sure how I feel about that. Packages can be in multiple feeds, and often times users build from multiple feeds.
Anyway.... I have a new idea... what do you think about this:
pgutil packages metadata --feed=myNugetFeed --package=myNugetPackage --version=1.2.3
That could return the normal metadata, but also server-side metadata (package status, downloads, etc).
I guess it would require multiple API calls, though I doubt that's going to cause any more performance overhead than a "bulk" kind of API call that just "looped" over packages and looked them up in the same manner.
Let me know your thoughts.
Thanks,
Steve
Hi @pariv_0352,
Thanks! I'd try out 25.0.10-ci.10 -- it should work in theory! And if not then we'll just need to fix it anyway :)
Thanks,
Steve
Hi @inedo_1308 ,
This is likely a regression due to PG-3074 -- we'll take a look and report back!
Thanks for letting us know.
-- Dean
When one of the connectors reports a 404, ProGet should move on to the next connector to search. Can you help set up a reproduction case using the ProGet UI and URLS (perhaps some basic curl commands)? You should be able to do everything with basic GET requests, and see different results.
That'll make it a lot easier to test and see if we can reproduce the issue.
Thanks,
Steve
@yaakov-smith_7984 great news!
We are planning to include it as is in the next maintenance release, later today. So it's "stable enough" we figure :)
Hi @jim-borden_4965 ,
Thanks for the feedback! We will add a note to the migration wizard via PG-3080 that clarifies that mounting the volumes are required - there's no easy way for us to tell if the user did that.
Thanks,
Steve
Hi @arose_5538 , we will have this fixed in Friday's maintenance release via PG-3077
Thanks,
Steve
Hi @m-lee_3921 ,
Sounds like you're off to a great start with Universal Packages - that's exactly what we intended them for.
Great spot on the docs. In retrospect, using the word "deprecated" was incorrect - we should have said "legacy", for the exact reason you mentioned. We intended to add those capabilities to the common packages API when we wrote the docs, but priorities...
Anyway I clarified the docs:
Legacy Universal Feed Endpoints:
The following endpoints are duplicative of the Common Packages API endpoints and should be avoided when possible:
- List Universal Packages - lists specified packages
- List Universal Package Versions - describes versions of specified packages
- Delete Universal Package - deletes a specified package
- Download Universal Package - downloads a specified package
While we don't plan on removing them in the foreseeable future, they are considered legacy. Once the Common Packages API includes metadata queries, we will likely call these endpoints "deprecated".
It wouldn't be "too hard" to add metadata queries to common packages API now that everything has been refactored... but there hasn't been any real user demand for it. And it's already easy to do with upacks as you can see.
Anyway, when folks start asking for this from other package types, we'll add it to our roadmap. For now, "legacy" is good enough.
Thanks,
Steve
@yaakov-smith_7984 good news -- we're working on a new version of the Active Directory integration that may address this problem -- want to give it a shot?
It's in our pre-release feed:
https://docs.inedo.com/docs/proget/administration/extensions#pre-releases
The extension is InedoCore 3.0.5-CI.2:
https://proget.inedo.com/feeds/PrereleaseExtensions/inedox/InedoCore/3.0.5-CI.2
We have been running it in our environment for a while.
This would be an ideal place to fix the issue, or at least add some kind of option to make it work better.
Hi @fabrice-mejean_5174 ,
Thanks for the suggestion; to help move this forward, we thought about this from a technical standpoint. We're a little hesitant to call the command pgutil packages audit since there's already an audit command for builds and vulnerabilities.
One idea is to deprecate pgutil vulnerabilities audit and call it pgutil packages audit instead.
In any case, this new command is a combination of pgutil builds audit and pgutil vulns audit.
The pgutil packages audit command would input a project, something like this:
pgutil packages audit --project=c:\projects\MyProject.csproj
Behind the scenes, pgutil would parse and POST a packageset:
POST /api/sca/audit-packages
[
{
"name": myPackage
"version": 1.2.3
"type": "nuget"
},
{
"name": myPackage
"version": 1.2.3
"type": "nuget"
}
]
The API would return an array I suppose (we don't have any samples for that, but it's a serialized BuildInfo.cs), and the end result would look like this:
$> pgutil packages audit --project=c:\projects\MyProject.csproj
Parsing MyProject.csproj... found X packages.
Azure.Core-1.35.0
Compliance : Compliant
License : MIT
Vulnerabilities : None
Microsoft.Extensions.Configuration.EnvironmentVariables 8.0.0
Compliance : Noncompliant
License : MIT, Apache-2.0
Vulnerabilities : PG-123456 (High)
the vulnerability title of this vulnerability goes here
The API could obviously contain more info. It's documented via serialized .cs classes here:
https://github.com/Inedo/pgutil/tree/thousand/Inedo.ProGet
Thanks,
Steve
@alex_6102 thanks for the additional information! That makes sense - you are effectively looking for an external authority for content verification.
As far as I'm aware, Debian is the only packaging system that support this, although though NuGet has some limited concept of "signing" for author verification. We evaluated it and it simply doesn't make sense.
That being said, if you're willing to experiment with what we have in ProGet today, we might be able to make it work. It'll require a little database "hacking".
First, you'll need a new instance of ProGet without an encryption key set-up. That's the default configuration for a Docker image.
After creating a Debian feed, take a look in the Feeds table for the FeedConfiguration_Xml column. You will find a base-64 encoded property called FeedSigningKeyRing.
Here is how we generate that:
var bundle = new PgpKeyCollection { PgpKey.Generate(4096, $"{this.FeedName}@proget") };
this.FeedConfig.FeedSigningKeyRing = bundle.Encode();
Honestly I have no idea what that does or what format it's encoded as. This is a black box from the Org.BouncyCastle.Bcpg.OpenPgp library, and we just store the bytes as you can see.
Here is how we use those bytes:
context.Response.AppendHeader("Content-Disposition", $"attachment; filename=\"{feed.FeedName}.asc\"");
var keys = new PgpKeyCollection(feed.FeedConfig.FeedSigningKeyRing);
using var output = context.GetOutputStreamWithCompression();
keys.WritePublicKeys(output);
If you're able to "replace those bytes" with a format that works, then we can add a page that allows you to specify your own. If it's just UTF8-encoded ASCII, awesome. If not, we need some kind of instructions on how to replace those bytes too.
Otherwise, this is beyond our current understanding and would require us to (re-)learn how all this stuff works, test it, etc. Which is what makes it nontrivial.
Thanks,
Steve
Hi @mickey-durden_1899 ,
Great! I've added the property as discussed and published AWS v3.1.4-RC.1 to our prerelease feed.
You can download and manually install, or update to use the prerelease feed:
https://docs.inedo.com/docs/proget/administration/extensions#manual-installation
After installing the extension, the "Disable Payload Signing" will show up on the advanced tab - and that property will be forwarded to the Put Request. In theory that will work, at least according to the one post from above.
One other thing to test would be uploading Assets (i.e. creating an Asset Directory) via the Web UI. That is the easiest way to do multi-part upload testing. I did NOT see an option to DisablePayloadSigning on the multi-part uploads, just on Put.
Thanks,
Steve
Hi @yaakov-smith_7984 , sounds like progress.... can you try to do a "group lookup" using the AD testing tool (page)? That's what the permissions page will do prior to saving.
That might give you a clue to the queries that are happening.
Hi @caterina,
It looks like Consoleman is an internal Inedo NuGet library. It's available on https://proget.inedo.com/nuget/NuGetLibraries/v3/index.json but I think we should publish to nuget.org
Will discuss with team.
Thanks,
Steve
The built-in Configuration doesn't seem to include IPs, which means you'd want to create a PowerShell script that could read/set the configuration.
Alternatively, it could be added relatively easy as a property, assuming it's something that can be relatively easily configured with the library/code we're using:
This is something we could definitely help to do as a paid user, but we're not focused on Otter free/community at the moment. If you're working with someone on the sales side, I'd bring it up -- these days, the Otter sales tend to involve a lot of implementation services from our partners and a lot gets done with scripting - but if you're having success implementing on your own we could likely work together in that regard.
Cheers,
Steve
Hi @m-karing_2439 ,
The link on the "Dependencies" is provided for convenience; it's simply wrapping a <a href=... around items in the .nuspec file's Dependencies element. Without performing expensive lookups, there is no way to know if those packages are in the current feed, or if they're even valid packages or versions at all.
Keep in mind that, in many cases, dependencies won't even reference a single package (e.g. MyPackage-4.8.7) - but a whole range of versions (e.g. MyPackage-4.*). This is why it's impossible for ProGet (or any tool) to "resolve" the dependencies - it requires knowing all packages in project (plus the project's environmental configuration) to know which ranges to pick.
Note that, if those links yield a 404 then clients will also not be able to download them from thet feed.
Thanks,
Steve
Hi @yaakov-smith_7984 ,
Thanks for the additional details; so it sounds like the issue is that ProGet's Active Directory Integration does not support Active Directory group lookup using a "pre-Windows 2000" Group Name?
I'm not sure if this is something we'll want to support in the Active Directory integration. That integration is sensitive and performance-critical, so trying to add-in support for group names on domain configurations from the 1990's doesn't make a lot of sense.
For reference, here is our Active Directory Integration code:
https://github.com/Inedo/inedox-inedocore/tree/master/InedoCore/InedoExtension/UserDirectories/ActiveDirectory
Why Entra is using those ancient fields is beyond me, especially since all AD objects already have a unique ID. I suspect those are simply not intended to be queried or used by third-party tools. Maybe they're unstable and subject to change. I would try to get ahold of someone at Microsoft to get some answers on how to handle this.
That said, did you try the OpenLDAP/Generic directory? That will allow you to define your own LDAP queries. I think that's what you'll need to do.
Thanks,
Steve
@steviecoaster the main headaches come when you try to use a kind of CDN (Front Door) or anything else that will cache/manipulate/munge requests; it's often slower anyways so there's no real benefit
I know a few customers were hit with some kind of bug in Gateway that caused problems in clients (Docker particularly) - it was a long standing, multi-year bug in Gateway, so who knows if it ever got fixed
Hi @yaakov-smith_7984 ,
I'm afraid I'm not really sure what's happening; it's clear that they're doing something "pretty weird" behind the scenes, and the integration is designed to use Active Directory, not this system.
You can see the queries that ProGet is making -- and if those queries don't return those "weird" groups like $JQA200-TQZJ4H3I77X8, then it's not going to work.
Hopefully the system will work with LDAP queries. If you use the OpenLDAP/Generic directory, you can customize the property names and queries to hopefully get it working: https://docs.inedo.com/docs/installation/security-ldap-active-directory/various-ldap-openldap
Let us know what you find out,
Thanks,
Steve
@james-woods_8996 good to know - I've just removed that from the docs since I think that was an instruction from earlier versions (before ProGet 2022 maybe)