From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 21D5F8431 for ; Thu, 27 Jul 2023 10:57:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0AFFA8BD4 for ; Thu, 27 Jul 2023 10:57:51 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 27 Jul 2023 10:57:50 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2F68340D04 for ; Thu, 27 Jul 2023 10:57:50 +0200 (CEST) From: Lukas Wagner To: pve-devel@lists.proxmox.com Date: Thu, 27 Jul 2023 10:57:45 +0200 Message-Id: <20230727085747.231753-1-l.wagner@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.055 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH manager 1/3] ui: ldap: ad: support 'mode' paramter, replacing 'secure' X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2023 08:57:51 -0000 The backend has supported the 'mode' parameter for quite a while, however it has not yet been exposed in the GUI, contrary to PMG and PBS. The benefit of 'mode' is that it supports LDAP, LDAPS and LDAP via STARTTLS, compared to just LDAP/LDAPS for the 'secure' parameter. The modified AuthEdit{LDAP,AD} panel will now automatically migrate to the new paramter by hooking into onGetValues/onSetValues. Signed-off-by: Lukas Wagner --- www/manager6/dc/AuthEditAD.js | 43 +++++++++++++++++++++++++++------ www/manager6/dc/AuthEditLDAP.js | 42 ++++++++++++++++++++++++++------ 2 files changed, 71 insertions(+), 14 deletions(-) diff --git a/www/manager6/dc/AuthEditAD.js b/www/manager6/dc/AuthEditAD.js index a1999cb7..bd46faaa 100644 --- a/www/manager6/dc/AuthEditAD.js +++ b/www/manager6/dc/AuthEditAD.js @@ -49,18 +49,26 @@ Ext.define('PVE.panel.ADInputPanel', { submitEmptyText: false, }, { - xtype: 'proxmoxcheckbox', - fieldLabel: 'SSL', - name: 'secure', - uncheckedValue: 0, + xtype: 'proxmoxKVComboBox', + name: 'mode', + fieldLabel: gettext('Mode'), + editable: false, + comboItems: [ + ['__default__', Proxmox.Utils.defaultText + ' (LDAP)'], + ['ldap', 'LDAP'], + ['ldap+starttls', 'STARTTLS'], + ['ldaps', 'LDAPS'], + ], + value: '__default__', + deleteEmpty: !me.isCreate, listeners: { change: function(field, newValue) { let verifyCheckbox = field.nextSibling('proxmoxcheckbox[name=verify]'); - if (newValue === true) { - verifyCheckbox.enable(); - } else { + if (newValue === 'ldap' || newValue === '__default__') { verifyCheckbox.disable(); verifyCheckbox.setValue(0); + } else { + verifyCheckbox.enable(); } }, }, @@ -91,6 +99,27 @@ Ext.define('PVE.panel.ADInputPanel', { delete values.verify; } + if (!me.isCreate) { + // Delete old `secure` parameter. It has been deprecated in favor to the + // `mode` parameter. Migration happens automatically in `onSetValues`. + Proxmox.Utils.assemble_field_data(values, { 'delete': 'secure' }); + } + + + return me.callParent([values]); + }, + + onSetValues(values) { + let me = this; + + if (values.secure !== undefined && !values.mode) { + // If `secure` is set, use it to determine the correct setting for `mode` + // `secure` is later deleted by `onSetValues` . + // In case *both* are set, we simply ignore `secure` and use + // whatever `mode` is set to. + values.mode = values.secure ? 'ldaps' : 'ldap'; + } + return me.callParent([values]); }, }); diff --git a/www/manager6/dc/AuthEditLDAP.js b/www/manager6/dc/AuthEditLDAP.js index 2ce16e58..721ea971 100644 --- a/www/manager6/dc/AuthEditLDAP.js +++ b/www/manager6/dc/AuthEditLDAP.js @@ -49,18 +49,26 @@ Ext.define('PVE.panel.LDAPInputPanel', { submitEmptyText: false, }, { - xtype: 'proxmoxcheckbox', - fieldLabel: 'SSL', - name: 'secure', - uncheckedValue: 0, + xtype: 'proxmoxKVComboBox', + name: 'mode', + fieldLabel: gettext('Mode'), + editable: false, + comboItems: [ + ['__default__', Proxmox.Utils.defaultText + ' (LDAP)'], + ['ldap', 'LDAP'], + ['ldap+starttls', 'STARTTLS'], + ['ldaps', 'LDAPS'], + ], + value: '__default__', + deleteEmpty: !me.isCreate, listeners: { change: function(field, newValue) { let verifyCheckbox = field.nextSibling('proxmoxcheckbox[name=verify]'); - if (newValue === true) { - verifyCheckbox.enable(); - } else { + if (newValue === 'ldap' || newValue === '__default__') { verifyCheckbox.disable(); verifyCheckbox.setValue(0); + } else { + verifyCheckbox.enable(); } }, }, @@ -91,6 +99,26 @@ Ext.define('PVE.panel.LDAPInputPanel', { delete values.verify; } + if (!me.isCreate) { + // Delete old `secure` parameter. It has been deprecated in favor to the + // `mode` parameter. Migration happens automatically in `onSetValues`. + Proxmox.Utils.assemble_field_data(values, { 'delete': 'secure' }); + } + + return me.callParent([values]); + }, + + onSetValues(values) { + let me = this; + + if (values.secure !== undefined && !values.mode) { + // If `secure` is set, use it to determine the correct setting for `mode` + // `secure` is later deleted by `onSetValues` . + // In case *both* are set, we simply ignore `secure` and use + // whatever `mode` is set to. + values.mode = values.secure ? 'ldaps' : 'ldap'; + } + return me.callParent([values]); }, }); -- 2.39.2