From 764b83b5d540fdbcd0c1c0e34ac9dfaca575181c Mon Sep 17 00:00:00 2001 From: Matt Scott Date: Mon, 20 Feb 2023 10:42:25 -0500 Subject: [PATCH] Working on first-round updates for the authentication settings view. --- .../admin_setting_authentication.html | 282 ++++++++++-------- 1 file changed, 160 insertions(+), 122 deletions(-) diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html index 32fca2a..9705169 100644 --- a/powerdnsadmin/templates/admin_setting_authentication.html +++ b/powerdnsadmin/templates/admin_setting_authentication.html @@ -98,7 +98,7 @@
-
+
{% if error %}
-
- Help -
-
Enable LDAP Authentication
-
Turn on / off the LDAP authentication.
-
Type
-
Select your current directory service type. -
    -
  • - OpenLDAP - Open source implementation of the Lightweight - Directory Access Protocol. -
  • -
  • - Active Directory - Active Directory is a directory - service that Microsoft developed for the Windows domain - networks. -
  • -
-
-
ADMINISTRATOR INFO
-
Your LDAP connection string and admin credential used by PDA to - query user information. -
    -
  • - LDAP URI - The fully qualified domain names of your - directory servers. (e.g. ldap://127.0.0.1:389) -
  • -
  • - LDAP Base DN - The point from where a PDA will search - for users. -
  • -
  • - LDAP admin username - Your LDAP administrator user which - has permission to query information in the Base DN - above. Not needed for Active Directory authentication. -
  • -
  • - LDAP admin password - The password of LDAP administrator - user. Not needed for Active Directory authentication. -
  • -
  • - Active Directory domain - Active Directory domain used. -
  • -
-
-
FILTERS
-
Define how you want to filter your user in LDAP query. -
    -
  • - Basic filter - The filter that will be applied to all - LDAP query by PDA. (e.g. - (objectClass=inetorgperson) for OpenLDAP and (objectClass=organizationalPerson) - for Active Directory) -
  • -
  • - Username field - The field PDA will look for user's - username. (e.g. uid for OpenLDAP and sAMAccountName - for Active Directory) -
  • -
  • - Group filter - The filter that will be applied to all - LDAP group queries by PDA. (e.g. (objectClass=groupOfNames) - for OpenLDAP) -
  • -
  • - Group name field - The field PDA will look for group - names. (e.g. member for OpenLDAP) -
  • -
-
-
GROUP SECURITY
-
User can be assigned to PDA's User or Admin group by matching - following LDAP Group. -
    -
  • - Status - Turn on / off group security feature. -
  • -
  • - Admin group - Your LDAP admin group. -
  • -
  • - Operator group - Your LDAP operator group. -
  • -
  • - User group - Your LDAP user group. -
  • -
-
-
ADVANCE
-
Provision PDA user privileges based on LDAP Object Attributes. - Alternative to Group Security Role Management. -
    -
  • - Roles Autoprovisioning - If toggled on, the PDA Role and - the associations of users found in the local db, will be - instantly updated from the LDAP server every time they - log in. -
  • -
  • - Roles provisioning field - The attribute in the ldap - server populated by the urn values where PDA will look - for a new Role and/or new associations to - domains/accounts. -
  • -
  • - Urn prefix - The prefix used before the static keyword - "powerdns-admin" for your entitlements in the ldap - server. Must comply with RFC no.8141. -
  • -
  • - Purge Roles If Empty - If toggled on, ldap entries that - have no valid "powerdns-admin" records to their - autoprovisioning field, will lose all their associations - with any domain or account, also reverting to a User in - the process, despite their current role in the local db.
    - If toggled off, in the same scenario they get to keep - their existing associations and their current Role. +
    +
    +
    +

    LDAP Settings Help

    +
    +
    +
    +
    Enable LDAP Authentication
    +
    Turn on / off the LDAP authentication.
    +
    Type
    +
    Select your current directory service type. +
      +
    • + OpenLDAP - Open source implementation of the + Lightweight + Directory Access Protocol. +
    • +
    • + Active Directory - Active Directory is a + directory + service that Microsoft developed for the Windows + domain + networks. +
    • +
    +
    +
    ADMINISTRATOR INFO
    +
    Your LDAP connection string and admin credential used by + PDA to + query user information. +
      +
    • + LDAP URI - The fully qualified domain names of + your + directory servers. (e.g. ldap://127.0.0.1:389) +
    • +
    • + LDAP Base DN - The point from where a PDA will + search + for users. +
    • +
    • + LDAP admin username - Your LDAP administrator + user which + has permission to query information in the Base + DN + above. Not needed for Active Directory + authentication. +
    • +
    • + LDAP admin password - The password of LDAP + administrator + user. Not needed for Active Directory + authentication. +
    • +
    • + Active Directory domain - Active Directory + domain used. +
    • +
    +
    +
    FILTERS
    +
    Define how you want to filter your user in LDAP query. +
      +
    • + Basic filter - The filter that will be applied + to all + LDAP query by PDA. (e.g. + (objectClass=inetorgperson) for OpenLDAP + and (objectClass=organizationalPerson) + for Active Directory) +
    • +
    • + Username field - The field PDA will look for + user's + username. (e.g. uid for OpenLDAP and sAMAccountName + for Active Directory) +
    • +
    • + Group filter - The filter that will be applied + to all + LDAP group queries by PDA. (e.g. (objectClass=groupOfNames) + for OpenLDAP) +
    • +
    • + Group name field - The field PDA will look for + group + names. (e.g. member for OpenLDAP) +
    • +
    +
    +
    GROUP SECURITY
    +
    User can be assigned to PDA's User or Admin group by + matching + following LDAP Group. +
      +
    • + Status - Turn on / off group security feature. +
    • +
    • + Admin group - Your LDAP admin group. +
    • +
    • + Operator group - Your LDAP operator group. +
    • +
    • + User group - Your LDAP user group. +
    • +
    +
    +
    ADVANCE
    +
    Provision PDA user privileges based on LDAP Object + Attributes. + Alternative to Group Security Role Management. +
      +
    • + Roles Autoprovisioning - If toggled on, the PDA + Role and + the associations of users found in the local db, + will be + instantly updated from the LDAP server every + time they + log in. +
    • +
    • + Roles provisioning field - The attribute in the + ldap + server populated by the urn values where PDA + will look + for a new Role and/or new associations to + domains/accounts. +
    • +
    • + Urn prefix - The prefix used before the static + keyword + "powerdns-admin" for your entitlements in the + ldap + server. Must comply with RFC no.8141. +
    • +
    • + Purge Roles If Empty - If toggled on, ldap + entries that + have no valid "powerdns-admin" records to their + autoprovisioning field, will lose all their + associations + with any domain or account, also reverting to a + User in + the process, despite their current role in the + local db.
      + If toggled off, in the same scenario they get to + keep + their existing associations and their current + Role. -
    • -
    -
    -
    +
  • +
+
+
+
+