From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E804ACCD2 for ; Wed, 16 Aug 2023 16:49:08 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D680318195 for ; Wed, 16 Aug 2023 16:49:06 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 16 Aug 2023 16:49:05 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C7CA44102C for ; Wed, 16 Aug 2023 16:49:04 +0200 (CEST) From: Christoph Heiss To: pbs-devel@lists.proxmox.com Date: Wed, 16 Aug 2023 16:47:42 +0200 Message-ID: <20230816144746.1265108-13-c.heiss@proxmox.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230816144746.1265108-1-c.heiss@proxmox.com> References: <20230816144746.1265108-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.040 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-widget-toolkit v2 12/15] window: add Active Directory auth panel X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2023 14:49:08 -0000 As AD realms are mostly just LDAP, reuse the LDAP panel and just show/hide some elements based on the type. Signed-off-by: Christoph Heiss --- Changes v1 -> v2: * Change AD bind-dn `emptyText to use AD syntax * Add tooltip to bind-dn field to inform user that LDAP syntax can be used as well * Move case-sensitive checkbox to separate patch src/Makefile | 1 + src/Schema.js | 10 ++++++++++ src/window/AuthEditAD.js | 14 ++++++++++++++ src/window/AuthEditLDAP.js | 25 ++++++++++++++++++++++--- 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 src/window/AuthEditAD.js diff --git a/src/Makefile b/src/Makefile index 21fbe76..52094c5 100644 --- a/src/Makefile +++ b/src/Makefile @@ -95,6 +95,7 @@ JSSRC= \ window/AuthEditBase.js \ window/AuthEditOpenId.js \ window/AuthEditLDAP.js \ + window/AuthEditAD.js \ window/TfaWindow.js \ window/AddTfaRecovery.js \ window/AddTotp.js \ diff --git a/src/Schema.js b/src/Schema.js index a7ffdf8..7f491f2 100644 --- a/src/Schema.js +++ b/src/Schema.js @@ -29,6 +29,16 @@ Ext.define('Proxmox.Schema', { // a singleton pwchange: false, sync: true, }, + ad: { + name: gettext('Active Directory Server'), + ipanel: 'pmxAuthADPanel', + syncipanel: 'pmxAuthADSyncPanel', + add: true, + edit: true, + tfa: true, + pwchange: false, + sync: true, + }, }, // to add or change existing for product specific ones overrideAuthDomains: function(extra) { diff --git a/src/window/AuthEditAD.js b/src/window/AuthEditAD.js new file mode 100644 index 0000000..0de7494 --- /dev/null +++ b/src/window/AuthEditAD.js @@ -0,0 +1,14 @@ +Ext.define('Proxmox.panel.ADInputPanel', { + extend: 'Proxmox.panel.LDAPInputPanel', + xtype: 'pmxAuthADPanel', + + type: 'ad', + onlineHelp: 'user-realms-ad', +}); + +Ext.define('Proxmox.panel.ADSyncInputPanel', { + extend: 'Proxmox.panel.LDAPSyncInputPanel', + xtype: 'pmxAuthADSyncPanel', + + type: 'ad', +}); diff --git a/src/window/AuthEditLDAP.js b/src/window/AuthEditLDAP.js index 6aafb98..8cb7c80 100644 --- a/src/window/AuthEditLDAP.js +++ b/src/window/AuthEditLDAP.js @@ -64,6 +64,12 @@ Ext.define('Proxmox.panel.LDAPInputPanel', { return values; }, + cbindData: function(config) { + return { + isLdap: this.type === 'ldap', + isAd: this.type === 'ad', + }; + }, column1: [ { @@ -80,15 +86,21 @@ Ext.define('Proxmox.panel.LDAPInputPanel', { xtype: 'proxmoxtextfield', fieldLabel: gettext('Base Domain Name'), name: 'base-dn', - allowBlank: false, emptyText: 'cn=Users,dc=company,dc=net', + cbind: { + hidden: '{!isLdap}', + allowBlank: '{!isLdap}', + }, }, { xtype: 'proxmoxtextfield', fieldLabel: gettext('User Attribute Name'), name: 'user-attr', - allowBlank: false, emptyText: 'uid / sAMAccountName', + cbind: { + hidden: '{!isLdap}', + allowBlank: '{!isLdap}', + }, }, { xtype: 'proxmoxcheckbox', @@ -103,7 +115,14 @@ Ext.define('Proxmox.panel.LDAPInputPanel', { fieldLabel: gettext('Bind Domain Name'), name: 'bind-dn', allowBlank: false, - emptyText: 'cn=user,dc=company,dc=net', + cbind: { + emptyText: get => get('isAd') ? 'user@company.net' : 'cn=user,dc=company,dc=net', + autoEl: get => get('isAd') ? { + tag: 'div', + 'data-qtip': + gettext('LDAP DN syntax can be used as well, e.g. cn=user,dc=company,dc=net'), + } : {}, + }, bind: { disabled: "{anonymous_search}", }, -- 2.41.0