From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.wagner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id C55F48C09
 for <pve-devel@lists.proxmox.com>; Fri,  1 Sep 2023 09:02:53 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id A7ABB1238C
 for <pve-devel@lists.proxmox.com>; Fri,  1 Sep 2023 09:02:53 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Fri,  1 Sep 2023 09:02:53 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D73C647CDF
 for <pve-devel@lists.proxmox.com>; Fri,  1 Sep 2023 09:02:52 +0200 (CEST)
Message-ID: <7c13ede7-a760-462c-b95c-cbc215aef131@proxmox.com>
Date: Fri, 1 Sep 2023 09:02:51 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: de-AT, en-US
To: pve-devel@lists.proxmox.com
References: <20230727085747.231753-1-l.wagner@proxmox.com>
From: Lukas Wagner <l.wagner@proxmox.com>
In-Reply-To: <20230727085747.231753-1-l.wagner@proxmox.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.033 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [values.secure]
Subject: Re: [pve-devel] [PATCH manager 1/3] ui: ldap: ad: support 'mode'
 paramter, replacing 'secure'
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 01 Sep 2023 07:02:53 -0000

Ping. Still applies on master.

On 7/27/23 10:57, Lukas Wagner wrote:
> The backend has supported the 'mode' parameter for quite a while,
> however it has not yet been exposed in the GUI, contrary to PMG
> and PBS.
> 
> The benefit of 'mode' is that it supports LDAP, LDAPS and LDAP via
> STARTTLS, compared to just LDAP/LDAPS for the 'secure' parameter.
> 
> The modified AuthEdit{LDAP,AD} panel will now automatically migrate
> to the new paramter by hooking into onGetValues/onSetValues.
> 
> Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
> ---
>   www/manager6/dc/AuthEditAD.js   | 43 +++++++++++++++++++++++++++------
>   www/manager6/dc/AuthEditLDAP.js | 42 ++++++++++++++++++++++++++------
>   2 files changed, 71 insertions(+), 14 deletions(-)
> 
> diff --git a/www/manager6/dc/AuthEditAD.js b/www/manager6/dc/AuthEditAD.js
> index a1999cb7..bd46faaa 100644
> --- a/www/manager6/dc/AuthEditAD.js
> +++ b/www/manager6/dc/AuthEditAD.js
> @@ -49,18 +49,26 @@ Ext.define('PVE.panel.ADInputPanel', {
>   		submitEmptyText: false,
>   	    },
>   	    {
> -		xtype: 'proxmoxcheckbox',
> -		fieldLabel: 'SSL',
> -		name: 'secure',
> -		uncheckedValue: 0,
> +		xtype: 'proxmoxKVComboBox',
> +		name: 'mode',
> +		fieldLabel: gettext('Mode'),
> +		editable: false,
> +		comboItems: [
> +		    ['__default__', Proxmox.Utils.defaultText + ' (LDAP)'],
> +		    ['ldap', 'LDAP'],
> +		    ['ldap+starttls', 'STARTTLS'],
> +		    ['ldaps', 'LDAPS'],
> +		],
> +		value: '__default__',
> +		deleteEmpty: !me.isCreate,
>   		listeners: {
>   		    change: function(field, newValue) {
>   			let verifyCheckbox = field.nextSibling('proxmoxcheckbox[name=verify]');
> -			if (newValue === true) {
> -			    verifyCheckbox.enable();
> -			} else {
> +			if (newValue === 'ldap' || newValue === '__default__') {
>   			    verifyCheckbox.disable();
>   			    verifyCheckbox.setValue(0);
> +			} else {
> +			    verifyCheckbox.enable();
>   			}
>   		    },
>   		},
> @@ -91,6 +99,27 @@ Ext.define('PVE.panel.ADInputPanel', {
>   	    delete values.verify;
>   	}
>   
> +	if (!me.isCreate) {
> +	    // Delete old `secure` parameter. It has been deprecated in favor to the
> +	    // `mode` parameter. Migration happens automatically in `onSetValues`.
> +	    Proxmox.Utils.assemble_field_data(values, { 'delete': 'secure' });
> +	}
> +
> +
> +	return me.callParent([values]);
> +    },
> +
> +    onSetValues(values) {
> +	let me = this;
> +
> +	if (values.secure !== undefined && !values.mode) {
> +	    // If `secure` is set, use it to determine the correct setting for `mode`
> +	    // `secure` is later deleted by `onSetValues` .
> +	    // In case *both* are set, we simply ignore `secure` and use
> +	    // whatever `mode` is set to.
> +	    values.mode = values.secure ? 'ldaps' : 'ldap';
> +	}
> +
>   	return me.callParent([values]);
>       },
>   });
> diff --git a/www/manager6/dc/AuthEditLDAP.js b/www/manager6/dc/AuthEditLDAP.js
> index 2ce16e58..721ea971 100644
> --- a/www/manager6/dc/AuthEditLDAP.js
> +++ b/www/manager6/dc/AuthEditLDAP.js
> @@ -49,18 +49,26 @@ Ext.define('PVE.panel.LDAPInputPanel', {
>   		submitEmptyText: false,
>   	    },
>   	    {
> -		xtype: 'proxmoxcheckbox',
> -		fieldLabel: 'SSL',
> -		name: 'secure',
> -		uncheckedValue: 0,
> +		xtype: 'proxmoxKVComboBox',
> +		name: 'mode',
> +		fieldLabel: gettext('Mode'),
> +		editable: false,
> +		comboItems: [
> +		    ['__default__', Proxmox.Utils.defaultText + ' (LDAP)'],
> +		    ['ldap', 'LDAP'],
> +		    ['ldap+starttls', 'STARTTLS'],
> +		    ['ldaps', 'LDAPS'],
> +		],
> +		value: '__default__',
> +		deleteEmpty: !me.isCreate,
>   		listeners: {
>   		    change: function(field, newValue) {
>   			let verifyCheckbox = field.nextSibling('proxmoxcheckbox[name=verify]');
> -			if (newValue === true) {
> -			    verifyCheckbox.enable();
> -			} else {
> +			if (newValue === 'ldap' || newValue === '__default__') {
>   			    verifyCheckbox.disable();
>   			    verifyCheckbox.setValue(0);
> +			} else {
> +			    verifyCheckbox.enable();
>   			}
>   		    },
>   		},
> @@ -91,6 +99,26 @@ Ext.define('PVE.panel.LDAPInputPanel', {
>   	    delete values.verify;
>   	}
>   
> +	if (!me.isCreate) {
> +	    // Delete old `secure` parameter. It has been deprecated in favor to the
> +	    // `mode` parameter. Migration happens automatically in `onSetValues`.
> +	    Proxmox.Utils.assemble_field_data(values, { 'delete': 'secure' });
> +	}
> +
> +	return me.callParent([values]);
> +    },
> +
> +    onSetValues(values) {
> +	let me = this;
> +
> +	if (values.secure !== undefined && !values.mode) {
> +	    // If `secure` is set, use it to determine the correct setting for `mode`
> +	    // `secure` is later deleted by `onSetValues` .
> +	    // In case *both* are set, we simply ignore `secure` and use
> +	    // whatever `mode` is set to.
> +	    values.mode = values.secure ? 'ldaps' : 'ldap';
> +	}
> +
>   	return me.callParent([values]);
>       },
>   });

-- 
- Lukas