-
-
-
-
-
+
{% endblock %}
{% block extrascripts %}
-{% assets "js_validation" -%}
-
-{%- endassets %}
+ {% assets "js_validation" -%}
+
+ {%- endassets %}
-
+
{% endblock %}
{% block modals %}
-
Authentication Settings
+
+
-
+{% endblock %}
+
+{% block content %}
+
+
-
+
+
- Authentication Settings
- {% if result %}
-
-
- {{ result['msg'] }}
-
- {% endif %}
-
-
+ -
-
- - General - -
- - LDAP - -
- - Google OAuth - -
- - Github OAuth - -
- - Microsoft OAuth - -
- - OpenID Connect OAuth - -
-
-
-
-
-
-
-
-
-
- {% if error %}
-
-
-
-
- {% endif %}
-
- Error!
- {{ error }} -
-
-
- -
-
- Enable LDAP Authentication -
- Turn on / off the LDAP authentication. -
- Type -
- Select your current directory service type.
-
-
-
- - OpenLDAP - Open source implementation of the Lightweight Directory Access Protocol. - -
- - Active Directory - Active Directory is a directory service that Microsoft developed for the Windows domain networks. - -
- - ADMINISTRATOR INFO -
- Your LDAP connection string and admin credential used by PDA to query user information.
-
-
-
- - LDAP URI - The fully qualified domain names of your directory servers. (e.g. ldap://127.0.0.1:389) - -
- - LDAP Base DN - The point from where a PDA will search for users. - -
- - LDAP admin username - Your LDAP administrator user which has permission to query information in the Base DN above. Not needed for Active Directory authentication. - -
- - LDAP admin password - The password of LDAP administrator user. Not needed for Active Directory authentication. - -
- - Active Directory domain - Active Directory domain used. - -
- - FILTERS -
- Define how you want to filter your user in LDAP query.
-
-
-
- - Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. (objectClass=inetorgperson) for OpenLDAP and (objectClass=organizationalPerson) for Active Directory) - -
- - Username field - The field PDA will look for user's username. (e.g. uid for OpenLDAP and sAMAccountName for Active Directory) - -
- - Group filter - The filter that will be applied to all LDAP group queries by PDA. (e.g. (objectClass=groupOfNames) for OpenLDAP) - -
- - Group name field - The field PDA will look for group names. (e.g. member for OpenLDAP) - -
- - GROUP SECURITY -
- User can be assigned to PDA's User or Admin group by matching following LDAP Group.
-
-
-
- - Status - Turn on / off group security feature. - -
- - Admin group - Your LDAP admin group. - -
- - Operator group - Your LDAP operator group. - -
- - User group - Your LDAP user group. - -
- - ADVANCE -
- Provision PDA user privileges based on LDAP Object Attributes. Alternative to Group Security Role Management.
-
-
-
- - Roles Autoprovisioning - If toggled on, the PDA Role and the associations of users found in the local db, will be instantly updated from the LDAP server every time they log in. - -
- - Roles provisioning field - The attribute in the ldap server populated by the urn values where PDA will look for a new Role and/or new associations to domains/accounts. - -
- - Urn prefix - The prefix used before the static keyword "powerdns-admin" for your entitlements in the ldap server. Must comply with RFC no.8141. - -
-
- Purge Roles If Empty - If toggled on, ldap entries that have no valid "powerdns-admin" records to their autoprovisioning field, will lose all their associations with any domain or account, also reverting to a User in the process, despite their current role in the local db.
If toggled off, in the same scenario they get to keep their existing associations and their current Role. - -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Help
-
-
- Fill in all the fields in the left form.
-Make sure you add PDA redirection URI (e.g http://localhost:9191/google/authorized) to your Google App Credentials Restriction.
-
-
-
-
-
-
-
-
-
-
- Fill in all the fields in the left form.
-
-
-
-
-
-
-
-
-
-
- Fill in all the fields in the left form.
-You first need to define an Application Registration in your Azure Active Directory, with the appropriate HTTPS URL for this endpoint, and with the appropriate rights, as explained in the documentation.
--
-
- Under the Azure Active Directory, select App Registrations, and create a new one. Give it any name you want, and the Redirect URI shoule be type 'Web' and of the format https://powerdnsadmin/azure/authorized (replace the host name approriately). -
- Select the newly-created registration -
- On the Overview page, the Application ID is your new Client ID to use with PowerDNS-Admin -
- On the Overview page, make a note of your Directory/Tenant ID - you need it for the API URLs later -
- Ensure Access Tokens are enabled in the Authentication section -
- Under Certificates and Secrets, create a new Client Secret. Note this secret as it is the new Client Secret to use with PowerDNS-Admin -
- Under API Permissions, you need to add permissions. Add permissions for Graph API, Delegated. Add: email, openid, profile, GroupMember.Read, User.Read and possibly User.Read.All. You then need to grant admin approval for your organisation. -
- For the Scope, use User.Read openid mail profile -
- Replace the [tenantID] in the default URLs for authorize and token with your Tenant ID. -
If AZURE GROUP ACCOUNT SYNC/CREATION is enabled, Accounts will be created automatically based on group membership. If an Account exists, an authenticated user with group membership is added to the Account
- -
-
-
-
-
-
-
-
-
-
- Fill in all the fields in the left form.
-
+
-
+
- Home +
- Authentication Settings +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Settings Editor
+
+ {% if result %}
+
+
+
+
+ {{ result['msg'] }}
+
+ {% endif %}
+
+
+
+ -
+
- + General + +
- + LDAP + +
- + Google + OAuth + +
- + Github + OAuth + +
- + Microsoft + OAuth + +
- + OpenID + Connect OAuth + +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {% if error %}
+
+
+
+
+ {% endif %}
+
+ Error!
+ {{ error }} +
+
+
+ -
+
- Enable LDAP Authentication +
- Turn on / off the LDAP authentication. +
- Type +
- Select your current directory service type.
+
-
+
- + OpenLDAP - Open source implementation of the Lightweight + Directory Access Protocol. + +
- + Active Directory - Active Directory is a directory + service that Microsoft developed for the Windows domain + networks. + +
+ - ADMINISTRATOR INFO +
- Your LDAP connection string and admin credential used by PDA to
+ query user information.
+
-
+
- + LDAP URI - The fully qualified domain names of your + directory servers. (e.g. ldap://127.0.0.1:389) + +
- + LDAP Base DN - The point from where a PDA will search + for users. + +
- + LDAP admin username - Your LDAP administrator user which + has permission to query information in the Base DN + above. Not needed for Active Directory authentication. + +
- + LDAP admin password - The password of LDAP administrator + user. Not needed for Active Directory authentication. + +
- + Active Directory domain - Active Directory domain used. + +
+ - FILTERS +
- Define how you want to filter your user in LDAP query.
+
-
+
- + Basic filter - The filter that will be applied to all + LDAP query by PDA. (e.g. + (objectClass=inetorgperson) for OpenLDAP and (objectClass=organizationalPerson) + for Active Directory) + +
- + Username field - The field PDA will look for user's + username. (e.g. uid for OpenLDAP and sAMAccountName + for Active Directory) + +
- + Group filter - The filter that will be applied to all + LDAP group queries by PDA. (e.g. (objectClass=groupOfNames) + for OpenLDAP) + +
- + Group name field - The field PDA will look for group + names. (e.g. member for OpenLDAP) + +
+ - GROUP SECURITY +
- User can be assigned to PDA's User or Admin group by matching
+ following LDAP Group.
+
-
+
- + Status - Turn on / off group security feature. + +
- + Admin group - Your LDAP admin group. + +
- + Operator group - Your LDAP operator group. + +
- + User group - Your LDAP user group. + +
+ - ADVANCE +
- Provision PDA user privileges based on LDAP Object Attributes.
+ Alternative to Group Security Role Management.
+
-
+
- + Roles Autoprovisioning - If toggled on, the PDA Role and + the associations of users found in the local db, will be + instantly updated from the LDAP server every time they + log in. + +
- + Roles provisioning field - The attribute in the ldap + server populated by the urn values where PDA will look + for a new Role and/or new associations to + domains/accounts. + +
- + Urn prefix - The prefix used before the static keyword + "powerdns-admin" for your entitlements in the ldap + server. Must comply with RFC no.8141. + +
-
+ Purge Roles If Empty - If toggled on, ldap entries that
+ have no valid "powerdns-admin" records to their
+ autoprovisioning field, will lose all their associations
+ with any domain or account, also reverting to a User in
+ the process, despite their current role in the local db.
+ If toggled off, in the same scenario they get to keep + their existing associations and their current Role. + +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Help
+
+
+ Fill in all the fields in the left form.
+Make sure you add PDA redirection URI (e.g + http://localhost:9191/google/authorized) to your Google App + Credentials Restriction.
+
+
+
+
+
+
+
+
+
+
+
+
+ Fill in all the fields in the left form.
+
+
+
+
+
+
+
+
+
+
+
+
+ Fill in all the fields in the left form.
+You first need to define an Application Registration in your Azure + Active Directory, with the appropriate HTTPS URL for this endpoint, + and with the appropriate rights, as explained in the + documentation.
++
-
+
- Under the Azure Active Directory, select App Registrations, and + create a new one. Give it any name you want, and the Redirect + URI shoule be type 'Web' and of the format https://powerdnsadmin/azure/authorized + (replace the host name approriately). + +
- Select the newly-created registration +
- On the Overview page, the Application ID is your new Client ID + to use with PowerDNS-Admin + +
- On the Overview page, make a note of your Directory/Tenant ID - + you need it for the API URLs later + +
- Ensure Access Tokens are enabled in the Authentication section + +
- Under Certificates and Secrets, create a new Client Secret. Note + this secret as it is the new Client Secret to use with + PowerDNS-Admin + +
- Under API Permissions, you need to add permissions. Add + permissions for Graph API, Delegated. Add: email, openid, + profile, GroupMember.Read, User.Read and possibly User.Read.All. + You then need to grant admin approval for your organisation. + +
- For the Scope, use User.Read openid mail profile +
- Replace the [tenantID] in the default URLs for authorize and + token with your Tenant ID. + +
If AZURE GROUP ACCOUNT SYNC/CREATION is enabled, Accounts will + be created automatically based on group membership. If an Account + exists, an authenticated user with group membership is added to the + Account
+ +
+
+
+
+
+
+
+
+
+
+
+
+ Fill in all the fields in the left form.
+
-
-
-
-
-
- Confirmation
-
-
-
-
-
-
+
-
+
-
+
+
+
+
+ Confirmation
+
+
+
+
+
+
+
-
-
-
-
-
- Warning
-
-
-
-
-
+
{% endblock %}
+
-
+
+
+
+
+ Warning
+
+
+
+
+
+