cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-18 22:39:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working on first-round updates for the authentication settings view.

Browse Source
This commit is contained in:
Matt Scott 2023-02-20 10:42:25 -05:00
parent 772c1129f5
commit 764b83b5d5
1 changed files with 160 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

282
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -98,7 +98,7 @@
<div class="tab-pane" id="tabs-ldap">
<div class="row">
<div class="col-4">
<div class="col-12 col-sm-6 col-lg-4">
{% if error %}
<div class="alert alert-danger alert-dismissible">
<button type="button" class="close" data-dismiss="alert"
@ -379,128 +379,166 @@
</div>
</form>
</div>
<div class="col-8">
<legend>Help</legend>
<dl class="dl-horizontal">
<dt>Enable LDAP Authentication</dt>
<dd>Turn on / off the LDAP authentication.</dd>
<dt>Type</dt>
<dd>Select your current directory service type.
<ul>
<li>
OpenLDAP - Open source implementation of the Lightweight
Directory Access Protocol.
</li>
<li>
Active Directory - Active Directory is a directory
service that Microsoft developed for the Windows domain
networks.
</li>
</ul>
</dd>
<dt>ADMINISTRATOR INFO</dt>
<dd>Your LDAP connection string and admin credential used by PDA to
query user information.
<ul>
<li>
LDAP URI - The fully qualified domain names of your
directory servers. (e.g. ldap://127.0.0.1:389)
</li>
<li>
LDAP Base DN - The point from where a PDA will search
for users.
</li>
<li>
LDAP admin username - Your LDAP administrator user which
has permission to query information in the Base DN
above. Not needed for Active Directory authentication.
</li>
<li>
LDAP admin password - The password of LDAP administrator
user. Not needed for Active Directory authentication.
</li>
<li>
Active Directory domain - Active Directory domain used.
</li>
</ul>
</dd>
<dt>FILTERS</dt>
<dd>Define how you want to filter your user in LDAP query.
<ul>
<li>
Basic filter - The filter that will be applied to all
LDAP query by PDA. (e.g.
<i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i>
for Active Directory)
</li>
<li>
Username field - The field PDA will look for user's
username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i>
for Active Directory)
</li>
<li>
Group filter - The filter that will be applied to all
LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i>
for OpenLDAP)
</li>
<li>
Group name field - The field PDA will look for group
names. (e.g. <i>member</i> for OpenLDAP)
</li>
</ul>
</dd>
<dt>GROUP SECURITY</dt>
<dd>User can be assigned to PDA's User or Admin group by matching
following LDAP Group.
<ul>
<li>
Status - Turn on / off group security feature.
</li>
<li>
Admin group - Your LDAP admin group.
</li>
<li>
Operator group - Your LDAP operator group.
</li>
<li>
User group - Your LDAP user group.
</li>
</ul>
</dd>
<dt>ADVANCE</dt>
<dd> Provision PDA user privileges based on LDAP Object Attributes.
Alternative to Group Security Role Management.
<ul>
<li>
Roles Autoprovisioning - If toggled on, the PDA Role and
the associations of users found in the local db, will be
instantly updated from the LDAP server every time they
log in.
</li>
<li>
Roles provisioning field - The attribute in the ldap
server populated by the urn values where PDA will look
for a new Role and/or new associations to
domains/accounts.
</li>
<li>
Urn prefix - The prefix used before the static keyword
"powerdns-admin" for your entitlements in the ldap
server. Must comply with RFC no.8141.
</li>
<li>
Purge Roles If Empty - If toggled on, ldap entries that
have no valid "powerdns-admin" records to their
autoprovisioning field, will lose all their associations
with any domain or account, also reverting to a User in
the process, despite their current role in the local db.<br>
If toggled off, in the same scenario they get to keep
their existing associations and their current Role.
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">LDAP Settings Help</h3>
</div>
<div class="card-body">
<dl class="dl-horizontal">
<dt>Enable LDAP Authentication</dt>
<dd>Turn on / off the LDAP authentication.</dd>
<dt>Type</dt>
<dd>Select your current directory service type.
<ul>
<li>
OpenLDAP - Open source implementation of the
Lightweight
Directory Access Protocol.
</li>
<li>
Active Directory - Active Directory is a
directory
service that Microsoft developed for the Windows
domain
networks.
</li>
</ul>
</dd>
<dt>ADMINISTRATOR INFO</dt>
<dd>Your LDAP connection string and admin credential used by
PDA to
query user information.
<ul>
<li>
LDAP URI - The fully qualified domain names of
your
directory servers. (e.g. ldap://127.0.0.1:389)
</li>
<li>
LDAP Base DN - The point from where a PDA will
search
for users.
</li>
<li>
LDAP admin username - Your LDAP administrator
user which
has permission to query information in the Base
DN
above. Not needed for Active Directory
authentication.
</li>
<li>
LDAP admin password - The password of LDAP
administrator
user. Not needed for Active Directory
authentication.
</li>
<li>
Active Directory domain - Active Directory
domain used.
</li>
</ul>
</dd>
<dt>FILTERS</dt>
<dd>Define how you want to filter your user in LDAP query.
<ul>
<li>
Basic filter - The filter that will be applied
to all
LDAP query by PDA. (e.g.
<i>(objectClass=inetorgperson)</i> for OpenLDAP
and <i>(objectClass=organizationalPerson)</i>
for Active Directory)
</li>
<li>
Username field - The field PDA will look for
user's
username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i>
for Active Directory)
</li>
<li>
Group filter - The filter that will be applied
to all
LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i>
for OpenLDAP)
</li>
<li>
Group name field - The field PDA will look for
group
names. (e.g. <i>member</i> for OpenLDAP)
</li>
</ul>
</dd>
<dt>GROUP SECURITY</dt>
<dd>User can be assigned to PDA's User or Admin group by
matching
following LDAP Group.
<ul>
<li>
Status - Turn on / off group security feature.
</li>
<li>
Admin group - Your LDAP admin group.
</li>
<li>
Operator group - Your LDAP operator group.
</li>
<li>
User group - Your LDAP user group.
</li>
</ul>
</dd>
<dt>ADVANCE</dt>
<dd> Provision PDA user privileges based on LDAP Object
Attributes.
Alternative to Group Security Role Management.
<ul>
<li>
Roles Autoprovisioning - If toggled on, the PDA
Role and
the associations of users found in the local db,
will be
instantly updated from the LDAP server every
time they
log in.
</li>
<li>
Roles provisioning field - The attribute in the
ldap
server populated by the urn values where PDA
will look
for a new Role and/or new associations to
domains/accounts.
</li>
<li>
Urn prefix - The prefix used before the static
keyword
"powerdns-admin" for your entitlements in the
ldap
server. Must comply with RFC no.8141.
</li>
<li>
Purge Roles If Empty - If toggled on, ldap
entries that
have no valid "powerdns-admin" records to their
autoprovisioning field, will lose all their
associations
with any domain or account, also reverting to a
User in
the process, despite their current role in the
local db.<br>
If toggled off, in the same scenario they get to
keep
their existing associations and their current
Role.
</li>
</ul>
</dd>
</dl>
</li>
</ul>
</dd>
</dl>
</div>
</div>
</div>
</div>
</div>