mirror of
https://github.com/portainer/portainer.git
synced 2025-08-05 13:55:21 +02:00
feat(authentication/ldap): Auto create and assign LDAP users (#2042)
This commit is contained in:
Olli Janatuinen
Anthony Lapenna
parent
ea7615d71c
commit
cec878b01d
14 changed files with 358 additions and 44 deletions
|
|
@ -3,6 +3,7 @@ function LDAPSettingsViewModel(data) {
|
|||
this.Password = data.Password;
|
||||
this.URL = data.URL;
|
||||
this.SearchSettings = data.SearchSettings;
|
||||
this.GroupSearchSettings = data.GroupSearchSettings;
|
||||
}
|
||||
|
||||
function LDAPSearchSettings(BaseDN, UsernameAttribute, Filter) {
|
||||
|
|
@ -10,3 +11,9 @@ function LDAPSearchSettings(BaseDN, UsernameAttribute, Filter) {
|
|||
this.UsernameAttribute = UsernameAttribute;
|
||||
this.Filter = Filter;
|
||||
}
|
||||
|
||||
function LDAPGroupSearchSettings(GroupBaseDN, GroupAttribute, GroupFilter) {
|
||||
this.GroupBaseDN = GroupBaseDN;
|
||||
this.GroupAttribute = GroupAttribute;
|
||||
this.GroupFilter = GroupFilter;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,10 +49,10 @@
|
|||
</div>
|
||||
<div class="form-group" ng-if="settings.AuthenticationMethod === 2">
|
||||
<span class="col-sm-12 text-muted small">
|
||||
When using LDAP authentication, Portainer will delegate user authentication to a LDAP server (exception for the <b>admin</b> user that always uses internal authentication).
|
||||
When using LDAP authentication, Portainer will delegate user authentication to a LDAP server and fallback to internal authentication if LDAP authentication fails.
|
||||
<p style="margin-top:5px;">
|
||||
<i class="fa fa-exclamation-triangle orange-icon" aria-hidden="true" style="margin-right: 2px;"></i>
|
||||
<u>Users still need to be created in Portainer beforehand.</u>
|
||||
<u>Portainer will create user(s) automatically with standard user role and assign them to team(s) which matches to LDAP group name(s).</u>
|
||||
</p>
|
||||
</span>
|
||||
</div>
|
||||
|
|
@ -229,12 +229,66 @@
|
|||
|
||||
<div class="form-group">
|
||||
<span class="label label-default interactive" style="margin-left: 10px;" ng-click="addSearchConfiguration()">
|
||||
<i class="fa fa-plus-circle" aria-hidden="true"></i> add search configuration
|
||||
<i class="fa fa-plus-circle" aria-hidden="true"></i> add user search configuration
|
||||
</span>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- !search-settings -->
|
||||
|
||||
<div class="col-sm-12 form-section-title">
|
||||
Group search configurations
|
||||
</div>
|
||||
|
||||
<!-- group-search-settings -->
|
||||
<div ng-repeat="groupConfig in LDAPSettings.GroupSearchSettings | limitTo: (1 - LDAPSettings.GroupSearchSettings)" style="margin-top: 5px;">
|
||||
|
||||
<div class="form-group" ng-if="$index > 0">
|
||||
<span class="col-sm-12 text-muted small">
|
||||
Extra search configuration
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="ldap_group_basedn_{{$index}}" class="col-sm-4 col-md-2 control-label text-left">
|
||||
Group Base DN
|
||||
<portainer-tooltip position="bottom" message="The distinguished name of the element from which the LDAP server will search for groups."></portainer-tooltip>
|
||||
</label>
|
||||
<div class="col-sm-8 col-md-4">
|
||||
<input type="text" class="form-control" id="ldap_group_basedn_{{$index}}" ng-model="groupConfig.GroupBaseDN" placeholder="dc=ldap,dc=domain,dc=tld">
|
||||
</div>
|
||||
|
||||
<label for="ldap_group_att_{{$index}}" class="col-sm-4 col-md-3 col-lg-2 margin-sm-top control-label text-left">
|
||||
Group Membership Attribute
|
||||
<portainer-tooltip position="bottom" message="LDAP attribute which denotes the group membership."></portainer-tooltip>
|
||||
</label>
|
||||
<div class="col-sm-8 col-md-3 col-lg-4 margin-sm-top">
|
||||
<input type="text" class="form-control" id="ldap_group_att_{{$index}}" ng-model="groupConfig.GroupAttribute" placeholder="member">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="ldap_group_filter_{{$index}}" class="col-sm-4 col-md-2 control-label text-left">
|
||||
Group Filter
|
||||
<portainer-tooltip position="bottom" message="The LDAP search filter used to select group elements, optional."></portainer-tooltip>
|
||||
</label>
|
||||
<div class="col-sm-7 col-md-9">
|
||||
<input type="text" class="form-control" id="ldap_group_filter_{{$index}}" ng-model="groupConfig.GroupFilter" placeholder="(objectClass=account)">
|
||||
</div>
|
||||
<div class="col-sm-1" ng-if="$index > 0">
|
||||
<button class="btn btn-sm btn-danger" type="button" ng-click="removeGroupSearchConfiguration($index)">
|
||||
<i class="fa fa-trash" aria-hidden="true"></i>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<span class="label label-default interactive" style="margin-left: 10px;" ng-click="addGroupSearchConfiguration()">
|
||||
<i class="fa fa-plus-circle" aria-hidden="true"></i> add group search configuration
|
||||
</span>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- !group-search-settings -->
|
||||
</div>
|
||||
|
||||
<!-- actions -->
|
||||
|
|
|
|||
|
|
@ -21,6 +21,14 @@ function ($q, $scope, Notifications, SettingsService, FileUploadService) {
|
|||
$scope.removeSearchConfiguration = function(index) {
|
||||
$scope.LDAPSettings.SearchSettings.splice(index, 1);
|
||||
};
|
||||
|
||||
$scope.addGroupSearchConfiguration = function() {
|
||||
$scope.LDAPSettings.GroupSearchSettings.push({ GroupBaseDN: '', GroupAttribute: '', GroupFilter: '' });
|
||||
};
|
||||
|
||||
$scope.removeGroupSearchConfiguration = function(index) {
|
||||
$scope.LDAPSettings.GroupSearchSettings.splice(index, 1);
|
||||
};
|
||||
|
||||
$scope.LDAPConnectivityCheck = function() {
|
||||
var settings = $scope.settings;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue