cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-12-30 15:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:johnwarburton/PowerDNS-Admin into feat/groupofnames

Browse Source 
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
This commit is contained in:
mathieu.brunot 2020-01-08 23:19:51 +01:00
commit b4b5673cf1
No known key found for this signature in database
GPG Key ID: 81584BEAF692D7E0
4 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
powerdnsadmin/models/setting.py
View File

@ -42,7 +42,9 @@ class Setting(db.Model):
'ldap_admin_username': '', 'ldap_admin_username': '',
'ldap_admin_password': '', 'ldap_admin_password': '',
'ldap_filter_basic': '', 'ldap_filter_basic': '',
'ldap_filter_group': '',
'ldap_filter_username': '', 'ldap_filter_username': '',
'ldap_filter_groupname': '',
'ldap_sg_enabled': False, 'ldap_sg_enabled': False,
'ldap_admin_group': '', 'ldap_admin_group': '',
'ldap_operator_group': '', 'ldap_operator_group': '',

10
powerdnsadmin/models/user.py
View File

@ -223,6 +223,8 @@ class User(db.Model):
LDAP_BASE_DN = Setting().get('ldap_base_dn') LDAP_BASE_DN = Setting().get('ldap_base_dn')
LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic') LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic')
LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username') LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username')
LDAP_FILTER_GROUP = Setting().get('ldap_filter_group')
LDAP_FILTER_GROUPNAME = Setting().get('ldap_filter_groupname')
LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group') LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group')
LDAP_OPERATOR_GROUP = Setting().get('ldap_operator_group') LDAP_OPERATOR_GROUP = Setting().get('ldap_operator_group')
LDAP_USER_GROUP = Setting().get('ldap_user_group') LDAP_USER_GROUP = Setting().get('ldap_user_group')
@ -269,21 +271,23 @@ class User(db.Model):
if LDAP_GROUP_SECURITY_ENABLED: if LDAP_GROUP_SECURITY_ENABLED:
try: try:
if LDAP_TYPE == 'ldap': if LDAP_TYPE == 'ldap':
if (self.ldap_search(searchFilter, groupSearchFilter = "(&({0}={1}){2})".format(LDAP_FILTER_GROUPNAME, ldap_username, LDAP_FILTER_GROUP)
logging.info('groupSearchFilter is {0}'.format(groupSearchFilter))
if (self.ldap_search(groupSearchFilter,
LDAP_ADMIN_GROUP)): LDAP_ADMIN_GROUP)):
role_name = 'Administrator' role_name = 'Administrator'
current_app.logger.info( current_app.logger.info(
'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin' 'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'
.format(self.username, .format(self.username,
LDAP_ADMIN_GROUP)) LDAP_ADMIN_GROUP))
elif (self.ldap_search(searchFilter, elif (self.ldap_search(groupSearchFilter,
LDAP_OPERATOR_GROUP)): LDAP_OPERATOR_GROUP)):
role_name = 'Operator' role_name = 'Operator'
current_app.logger.info( current_app.logger.info(
'User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin' 'User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin'
.format(self.username, .format(self.username,
LDAP_OPERATOR_GROUP)) LDAP_OPERATOR_GROUP))
elif (self.ldap_search(searchFilter, elif (self.ldap_search(groupSearchFilter,
LDAP_USER_GROUP)): LDAP_USER_GROUP)):
current_app.logger.info( current_app.logger.info(
'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin' 'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'

4
powerdnsadmin/routes/admin.py
View File

@ -651,8 +651,12 @@ def setting_authentication():
request.form.get('ldap_admin_password')) request.form.get('ldap_admin_password'))
Setting().set('ldap_filter_basic', Setting().set('ldap_filter_basic',
request.form.get('ldap_filter_basic')) request.form.get('ldap_filter_basic'))
Setting().set('ldap_filter_group',
request.form.get('ldap_filter_group'))
Setting().set('ldap_filter_username', Setting().set('ldap_filter_username',
request.form.get('ldap_filter_username')) request.form.get('ldap_filter_username'))
Setting().set('ldap_filter_groupname',
request.form.get('ldap_filter_groupname'))
Setting().set( Setting().set(
'ldap_sg_enabled', True 'ldap_sg_enabled', True
if request.form.get('ldap_sg_enabled') == 'ON' else False) if request.form.get('ldap_sg_enabled') == 'ON' else False)

22
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -141,6 +141,16 @@
<input type="text" class="form-control" name="ldap_filter_username" id="ldap_filter_username" placeholder="e.g. uid" data-error="Please input field for username filtering" value="{{ SETTING.get('ldap_filter_username') }}"> <input type="text" class="form-control" name="ldap_filter_username" id="ldap_filter_username" placeholder="e.g. uid" data-error="Please input field for username filtering" value="{{ SETTING.get('ldap_filter_username') }}">
<span class="help-block with-errors"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group">
<label for="ldap_filter_group">Group filter</label>
<input type="text" class="form-control" name="ldap_filter_group" id="ldap_filter_group" placeholder="e.g. (objectclass=groupOfNames)" data-error="Please input LDAP filter" value="{{ SETTING.get('ldap_filter_group') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="ldap_filter_groupname">Group name field</label>
<input type="text" class="form-control" name="ldap_filter_groupname" id="ldap_filter_groupname" placeholder="e.g. member" data-error="Please input field for group name filtering" value="{{ SETTING.get('ldap_filter_groupname') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset> </fieldset>
<fieldset> <fieldset>
<legend>GROUP SECURITY</legend> <legend>GROUP SECURITY</legend>
@ -222,6 +232,12 @@
<li> <li>
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory) Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
</li> </li>
<li>
Group filter - The filter that will be applied to all LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i> for OpenLDAP)
</li>
<li>
Group name field - The field PDA will look for group names. (e.g. <i>member</i> for OpenLDAP)
</li>
</ul> </ul>
</dd> </dd>
<dt>GROUP SECURITY</dt> <dt>GROUP SECURITY</dt>
@ -576,7 +592,9 @@
$('#ldap_domain').prop('required', true); $('#ldap_domain').prop('required', true);
} }
$('#ldap_filter_basic').prop('required', true); $('#ldap_filter_basic').prop('required', true);
$('#ldap_filter_group').prop('required', true);
$('#ldap_filter_username').prop('required', true); $('#ldap_filter_username').prop('required', true);
$('#ldap_filter_groupname').prop('required', true);
if ($('#ldap_sg_on').is(":checked")) { if ($('#ldap_sg_on').is(":checked")) {
$('#ldap_admin_group').prop('required', true); $('#ldap_admin_group').prop('required', true);
@ -590,7 +608,9 @@
$('#ldap_admin_username').prop('required', false); $('#ldap_admin_username').prop('required', false);
$('#ldap_admin_password').prop('required', false); $('#ldap_admin_password').prop('required', false);
$('#ldap_filter_basic').prop('required', false); $('#ldap_filter_basic').prop('required', false);
$('#ldap_filter_group').prop('required', false);
$('#ldap_filter_username').prop('required', false); $('#ldap_filter_username').prop('required', false);
$('#ldap_filter_groupname').prop('required', false);
if ($('#ldap_sg_on').is(":checked")) { if ($('#ldap_sg_on').is(":checked")) {
$('#ldap_admin_group').prop('required', false); $('#ldap_admin_group').prop('required', false);
@ -640,7 +660,9 @@
$('#ldap_domain').prop('required', true); $('#ldap_domain').prop('required', true);
} }
$('#ldap_filter_basic').prop('required', true); $('#ldap_filter_basic').prop('required', true);
$('#ldap_filter_group').prop('required', true);
$('#ldap_filter_username').prop('required', true); $('#ldap_filter_username').prop('required', true);
$('#ldap_filter_groupname').prop('required', true);
if ($('#ldap_sg_on').is(":checked")) { if ($('#ldap_sg_on').is(":checked")) {
$('#ldap_admin_group').prop('required', true); $('#ldap_admin_group').prop('required', true);