From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.wagner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 364A392B08
 for <pbs-devel@lists.proxmox.com>; Tue, 14 Feb 2023 14:27:36 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 167558476
 for <pbs-devel@lists.proxmox.com>; Tue, 14 Feb 2023 14:27:06 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pbs-devel@lists.proxmox.com>; Tue, 14 Feb 2023 14:27:04 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A2F4246FEB
 for <pbs-devel@lists.proxmox.com>; Tue, 14 Feb 2023 14:27:04 +0100 (CET)
From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Tue, 14 Feb 2023 14:26:47 +0100
Message-Id: <20230214132652.749737-1-l.wagner@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.169 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [auth.rs, proxmox.com, ldap.rs]
Subject: [pbs-devel] [PATCH v4 proxmox-widget-toolkit 0/5] add LDAP realm
 support UI
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 13:27:36 -0000

This patch series adds support for adding LDAP realms, including user sync.

The GUI is mostly based on the implementation from PVE, with some slight
adaptations - for details, please refer to the commit messages.
The GUI components were added to the widget-toolkit repo, at some point PVE
could be adapted to use the same implemention as PBS.

Changes v3 --> v4:
  * Only include the widget-toolkit patches, since the rest has already been
    applied.
  * use the `let me = this` pattern in the sync ui - strictly it is not needed,
    but it may prevent errors if the code is ever modified.
  * Fix bug reported by Friedrich [1], where a particular combination of
    attributes could trigger a `value not defined in enumeration` error

Changes v2 --> v3:
  * Dropped the `Ldap` prefix for structs from the `proxmox-ldap` crate
  * minor clippy fixes
  * added a `OpenIdAuthenticator` that implements dummy-implements
    `ProxmoxAuthenticator` - otherwise, manually adding users to
    OpenId realms does not work
  * Changed the naming of the different authenticators in `auth.rs`
    e.g PAM --> PamAuthenticator, LDAP --> LdapAuthenticator
    This allows us to drop some clippy-allow directives

Changes v1 --> v2:
  * add pbs_config::exists helper function
  * Remove now unused `password` field from `LdapRealmConfig`, add
    additional password paramter to routes which need it
  * Only log a warning instead of failing completely when removing a
    stored password does not work
  * Proper naming for `DeleteableProperty` struct
  * Document that the domain config lock must be held when
    the LDAP password helper functions are called.
    Also added a &BackupLockGuard as a parameter, to make sure that
    at least *something* is locked.
  * moved `handle_worker` function to the `proxmox_rest_server` crate,
    so that it is usable for both, the LDAP management CLI and the debug
    CLI.
  * Made user authentication async,
   `ProxmoxAuthenticator::authenticate_user` now returns a boxed future
  * Promoted `src/server/ldap.rs` to be its own crate - this will be
    useful when PVE uses the same LDAP implemenation via perlmod one
    day.


[1] https://lists.proxmox.com/pipermail/pbs-devel/2023-February/005938.html

Lukas Wagner (5):
  auth ui: add LDAP realm edit panel
  auth ui: add LDAP sync UI
  auth ui: add `onlineHelp` for AuthEditLDAP
  auth ui: add `firstname` and `lastname` sync-attribute fields
  auth ui: fix `value not defined in enumeration` error

 src/Makefile               |   2 +
 src/Schema.js              |  12 ++
 src/panel/AuthView.js      |  24 +++
 src/window/AuthEditLDAP.js | 376 +++++++++++++++++++++++++++++++++++++
 src/window/SyncWindow.js   | 192 +++++++++++++++++++
 5 files changed, 606 insertions(+)
 create mode 100644 src/window/AuthEditLDAP.js
 create mode 100644 src/window/SyncWindow.js

-- 
2.30.2