cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-19 14:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working on first-round updates for the authentication settings view.

Browse Source
This commit is contained in:
Matt Scott 2023-02-20 10:42:25 -05:00
parent 772c1129f5
commit 764b83b5d5
1 changed files with 160 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -98,7 +98,7 @@
<div class="tab-pane" id="tabs-ldap">
<div class="row">
<div class="col-4">
<div class="col-12 col-sm-6 col-lg-4">
{% if error %}
<div class="alert alert-danger alert-dismissible">
<button type="button" class="close" data-dismiss="alert"
@ -379,8 +379,12 @@
</div>
</form>
</div>
<div class="col-8">
<legend>Help</legend>
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">LDAP Settings Help</h3>
</div>
<div class="card-body">
<dl class="dl-horizontal">
<dt>Enable LDAP Authentication</dt>
<dd>Turn on / off the LDAP authentication.</dd>
@ -388,39 +392,51 @@
<dd>Select your current directory service type.
<ul>
<li>
OpenLDAP - Open source implementation of the Lightweight
OpenLDAP - Open source implementation of the
Lightweight
Directory Access Protocol.
</li>
<li>
Active Directory - Active Directory is a directory
service that Microsoft developed for the Windows domain
Active Directory - Active Directory is a
directory
service that Microsoft developed for the Windows
domain
networks.
</li>
</ul>
</dd>
<dt>ADMINISTRATOR INFO</dt>
<dd>Your LDAP connection string and admin credential used by PDA to
<dd>Your LDAP connection string and admin credential used by
PDA to
query user information.
<ul>
<li>
LDAP URI - The fully qualified domain names of your
LDAP URI - The fully qualified domain names of
your
directory servers. (e.g. ldap://127.0.0.1:389)
</li>
<li>
LDAP Base DN - The point from where a PDA will search
LDAP Base DN - The point from where a PDA will
search
for users.
</li>
<li>
LDAP admin username - Your LDAP administrator user which
has permission to query information in the Base DN
above. Not needed for Active Directory authentication.
LDAP admin username - Your LDAP administrator
user which
has permission to query information in the Base
DN
above. Not needed for Active Directory
authentication.
</li>
<li>
LDAP admin password - The password of LDAP administrator
user. Not needed for Active Directory authentication.
LDAP admin password - The password of LDAP
administrator
user. Not needed for Active Directory
authentication.
</li>
<li>
Active Directory domain - Active Directory domain used.
Active Directory domain - Active Directory
domain used.
</li>
</ul>
</dd>
@ -428,29 +444,35 @@
<dd>Define how you want to filter your user in LDAP query.
<ul>
<li>
Basic filter - The filter that will be applied to all
Basic filter - The filter that will be applied
to all
LDAP query by PDA. (e.g.
<i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i>
<i>(objectClass=inetorgperson)</i> for OpenLDAP
and <i>(objectClass=organizationalPerson)</i>
for Active Directory)
</li>
<li>
Username field - The field PDA will look for user's
Username field - The field PDA will look for
user's
username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i>
for Active Directory)
</li>
<li>
Group filter - The filter that will be applied to all
Group filter - The filter that will be applied
to all
LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i>
for OpenLDAP)
</li>
<li>
Group name field - The field PDA will look for group
Group name field - The field PDA will look for
group
names. (e.g. <i>member</i> for OpenLDAP)
</li>
</ul>
</dd>
<dt>GROUP SECURITY</dt>
<dd>User can be assigned to PDA's User or Admin group by matching
<dd>User can be assigned to PDA's User or Admin group by
matching
following LDAP Group.
<ul>
<li>
@ -468,34 +490,48 @@
</ul>
</dd>
<dt>ADVANCE</dt>
<dd> Provision PDA user privileges based on LDAP Object Attributes.
<dd> Provision PDA user privileges based on LDAP Object
Attributes.
Alternative to Group Security Role Management.
<ul>
<li>
Roles Autoprovisioning - If toggled on, the PDA Role and
the associations of users found in the local db, will be
instantly updated from the LDAP server every time they
Roles Autoprovisioning - If toggled on, the PDA
Role and
the associations of users found in the local db,
will be
instantly updated from the LDAP server every
time they
log in.
</li>
<li>
Roles provisioning field - The attribute in the ldap
server populated by the urn values where PDA will look
Roles provisioning field - The attribute in the
ldap
server populated by the urn values where PDA
will look
for a new Role and/or new associations to
domains/accounts.
</li>
<li>
Urn prefix - The prefix used before the static keyword
"powerdns-admin" for your entitlements in the ldap
Urn prefix - The prefix used before the static
keyword
"powerdns-admin" for your entitlements in the
ldap
server. Must comply with RFC no.8141.
</li>
<li>
Purge Roles If Empty - If toggled on, ldap entries that
Purge Roles If Empty - If toggled on, ldap
entries that
have no valid "powerdns-admin" records to their
autoprovisioning field, will lose all their associations
with any domain or account, also reverting to a User in
the process, despite their current role in the local db.<br>
If toggled off, in the same scenario they get to keep
their existing associations and their current Role.
autoprovisioning field, will lose all their
associations
with any domain or account, also reverting to a
User in
the process, despite their current role in the
local db.<br>
If toggled off, in the same scenario they get to
keep
their existing associations and their current
Role.
</li>
</ul>
@ -504,6 +540,8 @@
</div>
</div>
</div>
</div>
</div>
<!-- /.tab-pane -->
<div class="tab-pane" id="tabs-google">