cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-09 15:10:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working on first-round updates for the authentication settings view.

Browse Source
This commit is contained in:
Matt Scott 2023-02-20 10:42:25 -05:00
parent 772c1129f5
commit 764b83b5d5
1 changed files with 160 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

282
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -98,7 +98,7 @@
<div class="tab-pane" id="tabs-ldap"> <div class="tab-pane" id="tabs-ldap">
<div class="row"> <div class="row">
<div class="col-4"> <div class="col-12 col-sm-6 col-lg-4">
{% if error %} {% if error %}
<div class="alert alert-danger alert-dismissible"> <div class="alert alert-danger alert-dismissible">
<button type="button" class="close" data-dismiss="alert" <button type="button" class="close" data-dismiss="alert"
@ -379,128 +379,166 @@
</div> </div>
</form> </form>
</div> </div>
<div class="col-8"> <div class="col-12 col-sm-6 col-lg-8">
<legend>Help</legend> <div class="card">
<dl class="dl-horizontal"> <div class="card-header">
<dt>Enable LDAP Authentication</dt> <h3 class="card-title">LDAP Settings Help</h3>
<dd>Turn on / off the LDAP authentication.</dd> </div>
<dt>Type</dt> <div class="card-body">
<dd>Select your current directory service type. <dl class="dl-horizontal">
<ul> <dt>Enable LDAP Authentication</dt>
<li> <dd>Turn on / off the LDAP authentication.</dd>
OpenLDAP - Open source implementation of the Lightweight <dt>Type</dt>
Directory Access Protocol. <dd>Select your current directory service type.
</li> <ul>
<li> <li>
Active Directory - Active Directory is a directory OpenLDAP - Open source implementation of the
service that Microsoft developed for the Windows domain Lightweight
networks. Directory Access Protocol.
</li> </li>
</ul> <li>
</dd> Active Directory - Active Directory is a
<dt>ADMINISTRATOR INFO</dt> directory
<dd>Your LDAP connection string and admin credential used by PDA to service that Microsoft developed for the Windows
query user information. domain
<ul> networks.
<li> </li>
LDAP URI - The fully qualified domain names of your </ul>
directory servers. (e.g. ldap://127.0.0.1:389) </dd>
</li> <dt>ADMINISTRATOR INFO</dt>
<li> <dd>Your LDAP connection string and admin credential used by
LDAP Base DN - The point from where a PDA will search PDA to
for users. query user information.
</li> <ul>
<li> <li>
LDAP admin username - Your LDAP administrator user which LDAP URI - The fully qualified domain names of
has permission to query information in the Base DN your
above. Not needed for Active Directory authentication. directory servers. (e.g. ldap://127.0.0.1:389)
</li> </li>
<li> <li>
LDAP admin password - The password of LDAP administrator LDAP Base DN - The point from where a PDA will
user. Not needed for Active Directory authentication. search
</li> for users.
<li> </li>
Active Directory domain - Active Directory domain used. <li>
</li> LDAP admin username - Your LDAP administrator
</ul> user which
</dd> has permission to query information in the Base
<dt>FILTERS</dt> DN
<dd>Define how you want to filter your user in LDAP query. above. Not needed for Active Directory
<ul> authentication.
<li> </li>
Basic filter - The filter that will be applied to all <li>
LDAP query by PDA. (e.g. LDAP admin password - The password of LDAP
<i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> administrator
for Active Directory) user. Not needed for Active Directory
</li> authentication.
<li> </li>
Username field - The field PDA will look for user's <li>
username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> Active Directory domain - Active Directory
for Active Directory) domain used.
</li> </li>
<li> </ul>
Group filter - The filter that will be applied to all </dd>
LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i> <dt>FILTERS</dt>
for OpenLDAP) <dd>Define how you want to filter your user in LDAP query.
</li> <ul>
<li> <li>
Group name field - The field PDA will look for group Basic filter - The filter that will be applied
names. (e.g. <i>member</i> for OpenLDAP) to all
</li> LDAP query by PDA. (e.g.
</ul> <i>(objectClass=inetorgperson)</i> for OpenLDAP
</dd> and <i>(objectClass=organizationalPerson)</i>
<dt>GROUP SECURITY</dt> for Active Directory)
<dd>User can be assigned to PDA's User or Admin group by matching </li>
following LDAP Group. <li>
<ul> Username field - The field PDA will look for
<li> user's
Status - Turn on / off group security feature. username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i>
</li> for Active Directory)
<li> </li>
Admin group - Your LDAP admin group. <li>
</li> Group filter - The filter that will be applied
<li> to all
Operator group - Your LDAP operator group. LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i>
</li> for OpenLDAP)
<li> </li>
User group - Your LDAP user group. <li>
</li> Group name field - The field PDA will look for
</ul> group
</dd> names. (e.g. <i>member</i> for OpenLDAP)
<dt>ADVANCE</dt> </li>
<dd> Provision PDA user privileges based on LDAP Object Attributes. </ul>
Alternative to Group Security Role Management. </dd>
<ul> <dt>GROUP SECURITY</dt>
<li> <dd>User can be assigned to PDA's User or Admin group by
Roles Autoprovisioning - If toggled on, the PDA Role and matching
the associations of users found in the local db, will be following LDAP Group.
instantly updated from the LDAP server every time they <ul>
log in. <li>
</li> Status - Turn on / off group security feature.
<li> </li>
Roles provisioning field - The attribute in the ldap <li>
server populated by the urn values where PDA will look Admin group - Your LDAP admin group.
for a new Role and/or new associations to </li>
domains/accounts. <li>
</li> Operator group - Your LDAP operator group.
<li> </li>
Urn prefix - The prefix used before the static keyword <li>
"powerdns-admin" for your entitlements in the ldap User group - Your LDAP user group.
server. Must comply with RFC no.8141. </li>
</li> </ul>
<li> </dd>
Purge Roles If Empty - If toggled on, ldap entries that <dt>ADVANCE</dt>
have no valid "powerdns-admin" records to their <dd> Provision PDA user privileges based on LDAP Object
autoprovisioning field, will lose all their associations Attributes.
with any domain or account, also reverting to a User in Alternative to Group Security Role Management.
the process, despite their current role in the local db.<br> <ul>
If toggled off, in the same scenario they get to keep <li>
their existing associations and their current Role. Roles Autoprovisioning - If toggled on, the PDA
Role and
the associations of users found in the local db,
will be
instantly updated from the LDAP server every
time they
log in.
</li>
<li>
Roles provisioning field - The attribute in the
ldap
server populated by the urn values where PDA
will look
for a new Role and/or new associations to
domains/accounts.
</li>
<li>
Urn prefix - The prefix used before the static
keyword
"powerdns-admin" for your entitlements in the
ldap
server. Must comply with RFC no.8141.
</li>
<li>
Purge Roles If Empty - If toggled on, ldap
entries that
have no valid "powerdns-admin" records to their
autoprovisioning field, will lose all their
associations
with any domain or account, also reverting to a
User in
the process, despite their current role in the
local db.<br>
If toggled off, in the same scenario they get to
keep
their existing associations and their current
Role.
</li> </li>
</ul> </ul>
</dd> </dd>
</dl> </dl>
</div>
</div>
</div> </div>
</div> </div>
</div> </div>