[pve-devel] [PATCH manager] ui: Fix #2827: Add verify SSL cert checkbox for ldap

[pve-devel] [PATCH manager] ui: Fix #2827: Add verify SSL cert checkbox for ldap

[Dominic Jäger]

Because the option is too important to be hidden in CLI.

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
---
I haven't managed to test this against an LDAP server yet, but the GUI elements
go on and off as I had it in mind and the options in /etc/pve/domains.cfg
change as expected.

 www/manager6/dc/AuthEditLDAP.js | 35 +++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/www/manager6/dc/AuthEditLDAP.js b/www/manager6/dc/AuthEditLDAP.js
index c5976769..ccaabc4e 100644
--- a/www/manager6/dc/AuthEditLDAP.js
+++ b/www/manager6/dc/AuthEditLDAP.js
@@ -53,11 +53,46 @@ Ext.define('PVE.panel.LDAPInputPanel', {
 		fieldLabel: 'SSL',
 		name: 'secure',
 		uncheckedValue: 0,
+		listeners: {
+		    change: function(me, newValue) {
+			let verifyCheckbox = me.nextSibling('proxmoxcheckbox[name=verify]');
+			if (newValue === true) {
+			    verifyCheckbox.enable();
+			} else {
+			    verifyCheckbox.disable();
+			    verifyCheckbox.setValue(0);
+			}
+		    },
+		},
+	    },
+	    {
+		xtype: 'proxmoxcheckbox',
+		fieldLabel: gettext('Verify Certificate'),
+		name: 'verify',
+		unceckedValue: 0,
+		disabled: true,
+		checked: false,
+		autoEl: {
+		    tag: 'div',
+		    'data-qtip': gettext('Verify SSL certificate of the server'),
+		},
 	    },
 	];
 
 	me.callParent();
     },
+    onGetValues: function(values) {
+	let me = this;
+
+	if (!values.verify) {
+	    if (!me.isCreate) {
+		Proxmox.Utils.assemble_field_data(values, { 'delete': 'verify' });
+	    }
+	    delete values.verify;
+	}
+
+	return me.callParent([values]);
+    },
 });
 
 Ext.define('PVE.panel.LDAPSyncInputPanel', {
-- 
2.20.1

[pve-devel] SPAM: [PATCH docs] pveum: Add information about realm certificates

[Dominic Jäger]

As explained by Dominik and Fabian [0].

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=2827

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
---
 pveum.adoc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pveum.adoc b/pveum.adoc
index 4fbaa86..57e1b37 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -163,6 +163,11 @@ configured via the `bind_dn` property in `/etc/pve/domains.cfg`. Its
 password then has to be stored in `/etc/pve/priv/ldap/<realmname>.pw`
 (e.g. `/etc/pve/priv/ldap/my-ldap.pw`). This file should contain a
 single line containing the raw password.
++
+To verify certificates, it is necessary to set `capath`, either directly to the 
+CA certificate of your LDAP server, or to the system path containing all 
+trusted CA certificates (`/etc/ssl/certs`).
+Additionally, the `verify` option has to be set.
 
 Microsoft Active Directory::
 
-- 
2.20.1

[pve-devel] applied: [PATCH manager] ui: Fix #2827: Add verify SSL cert checkbox for ldap

[Thomas Lamprecht]

On 15.10.20 12:00, Dominic Jäger wrote:
> Because the option is too important to be hidden in CLI.
> 
> Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
> ---
> I haven't managed to test this against an LDAP server yet, but the GUI elements
> go on and off as I had it in mind and the options in /etc/pve/domains.cfg
> change as expected.
> 
>  www/manager6/dc/AuthEditLDAP.js | 35 +++++++++++++++++++++++++++++++++
>  1 file changed, 35 insertions(+)
> 
>

applied, thanks! Did a s/me/field/ followup though, as overwriting me here could be come surprising.

Also, would this be relevant for AD too?

[pve-devel] applied: SPAM: [PATCH docs] pveum: Add information about realm certificates

[Thomas Lamprecht]

On 15.10.20 12:00, Dominic Jäger wrote:
> As explained by Dominik and Fabian [0].
> 
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=2827
> 
> Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
> ---
>  pveum.adoc | 5 +++++
>  1 file changed, 5 insertions(+)
> 
>

applied, thanks! I dropped some trailing white space and tried to use a more
active writing, more in line with our technical doc style guide.