mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-09-19 23:02:31 +00:00
Merge remote-tracking branch 'Monogramm/feat/groupofnames'
This commit is contained in:
Khanh Ngo
commit
bb3829c8a1
@ -42,7 +42,9 @@ class Setting(db.Model):
|
|||||||
'ldap_admin_username': '',
|
'ldap_admin_username': '',
|
||||||
'ldap_admin_password': '',
|
'ldap_admin_password': '',
|
||||||
'ldap_filter_basic': '',
|
'ldap_filter_basic': '',
|
||||||
|
'ldap_filter_group': '',
|
||||||
'ldap_filter_username': '',
|
'ldap_filter_username': '',
|
||||||
|
'ldap_filter_groupname': '',
|
||||||
'ldap_sg_enabled': False,
|
'ldap_sg_enabled': False,
|
||||||
'ldap_admin_group': '',
|
'ldap_admin_group': '',
|
||||||
'ldap_operator_group': '',
|
'ldap_operator_group': '',
|
||||||
|
|||||||
@ -223,6 +223,8 @@ class User(db.Model):
|
|||||||
LDAP_BASE_DN = Setting().get('ldap_base_dn')
|
LDAP_BASE_DN = Setting().get('ldap_base_dn')
|
||||||
LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic')
|
LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic')
|
||||||
LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username')
|
LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username')
|
||||||
|
LDAP_FILTER_GROUP = Setting().get('ldap_filter_group')
|
||||||
|
LDAP_FILTER_GROUPNAME = Setting().get('ldap_filter_groupname')
|
||||||
LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group')
|
LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group')
|
||||||
LDAP_OPERATOR_GROUP = Setting().get('ldap_operator_group')
|
LDAP_OPERATOR_GROUP = Setting().get('ldap_operator_group')
|
||||||
LDAP_USER_GROUP = Setting().get('ldap_user_group')
|
LDAP_USER_GROUP = Setting().get('ldap_user_group')
|
||||||
@ -269,21 +271,23 @@ class User(db.Model):
|
|||||||
if LDAP_GROUP_SECURITY_ENABLED:
|
if LDAP_GROUP_SECURITY_ENABLED:
|
||||||
try:
|
try:
|
||||||
if LDAP_TYPE == 'ldap':
|
if LDAP_TYPE == 'ldap':
|
||||||
if (self.ldap_search(searchFilter,
|
groupSearchFilter = "(&({0}={1}){2})".format(LDAP_FILTER_GROUPNAME, ldap_username, LDAP_FILTER_GROUP)
|
||||||
|
current_app.logger.debug('Ldap groupSearchFilter {0}'.format(groupSearchFilter))
|
||||||
|
if (self.ldap_search(groupSearchFilter,
|
||||||
LDAP_ADMIN_GROUP)):
|
LDAP_ADMIN_GROUP)):
|
||||||
role_name = 'Administrator'
|
role_name = 'Administrator'
|
||||||
current_app.logger.info(
|
current_app.logger.info(
|
||||||
'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'
|
'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'
|
||||||
.format(self.username,
|
.format(self.username,
|
||||||
LDAP_ADMIN_GROUP))
|
LDAP_ADMIN_GROUP))
|
||||||
elif (self.ldap_search(searchFilter,
|
elif (self.ldap_search(groupSearchFilter,
|
||||||
LDAP_OPERATOR_GROUP)):
|
LDAP_OPERATOR_GROUP)):
|
||||||
role_name = 'Operator'
|
role_name = 'Operator'
|
||||||
current_app.logger.info(
|
current_app.logger.info(
|
||||||
'User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin'
|
'User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin'
|
||||||
.format(self.username,
|
.format(self.username,
|
||||||
LDAP_OPERATOR_GROUP))
|
LDAP_OPERATOR_GROUP))
|
||||||
elif (self.ldap_search(searchFilter,
|
elif (self.ldap_search(groupSearchFilter,
|
||||||
LDAP_USER_GROUP)):
|
LDAP_USER_GROUP)):
|
||||||
current_app.logger.info(
|
current_app.logger.info(
|
||||||
'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'
|
'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'
|
||||||
|
|||||||
@ -651,8 +651,12 @@ def setting_authentication():
|
|||||||
request.form.get('ldap_admin_password'))
|
request.form.get('ldap_admin_password'))
|
||||||
Setting().set('ldap_filter_basic',
|
Setting().set('ldap_filter_basic',
|
||||||
request.form.get('ldap_filter_basic'))
|
request.form.get('ldap_filter_basic'))
|
||||||
|
Setting().set('ldap_filter_group',
|
||||||
|
request.form.get('ldap_filter_group'))
|
||||||
Setting().set('ldap_filter_username',
|
Setting().set('ldap_filter_username',
|
||||||
request.form.get('ldap_filter_username'))
|
request.form.get('ldap_filter_username'))
|
||||||
|
Setting().set('ldap_filter_groupname',
|
||||||
|
request.form.get('ldap_filter_groupname'))
|
||||||
Setting().set(
|
Setting().set(
|
||||||
'ldap_sg_enabled', True
|
'ldap_sg_enabled', True
|
||||||
if request.form.get('ldap_sg_enabled') == 'ON' else False)
|
if request.form.get('ldap_sg_enabled') == 'ON' else False)
|
||||||
|
|||||||
@ -17,9 +17,11 @@
|
|||||||
function ldapSelection() {
|
function ldapSelection() {
|
||||||
if (document.getElementById('ldap').checked) {
|
if (document.getElementById('ldap').checked) {
|
||||||
document.getElementById('ldap_openldap_fields').style.display = 'block';
|
document.getElementById('ldap_openldap_fields').style.display = 'block';
|
||||||
|
document.getElementById('ldap_openldap_group_filters').style.display = 'block';
|
||||||
document.getElementById('ldap_ad_fields').style.display = 'none';
|
document.getElementById('ldap_ad_fields').style.display = 'none';
|
||||||
} else {
|
} else {
|
||||||
document.getElementById('ldap_openldap_fields').style.display = 'none';
|
document.getElementById('ldap_openldap_fields').style.display = 'none';
|
||||||
|
document.getElementById('ldap_openldap_group_filters').style.display = 'none';
|
||||||
document.getElementById('ldap_ad_fields').style.display = 'block';
|
document.getElementById('ldap_ad_fields').style.display = 'block';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -141,6 +143,18 @@
|
|||||||
<input type="text" class="form-control" name="ldap_filter_username" id="ldap_filter_username" placeholder="e.g. uid" data-error="Please input field for username filtering" value="{{ SETTING.get('ldap_filter_username') }}">
|
<input type="text" class="form-control" name="ldap_filter_username" id="ldap_filter_username" placeholder="e.g. uid" data-error="Please input field for username filtering" value="{{ SETTING.get('ldap_filter_username') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
|
<div id="ldap_openldap_group_filters">
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="ldap_filter_group">Group filter</label>
|
||||||
|
<input type="text" class="form-control" name="ldap_filter_group" id="ldap_filter_group" placeholder="e.g. (objectclass=groupOfNames)" data-error="Please input LDAP filter" value="{{ SETTING.get('ldap_filter_group') }}">
|
||||||
|
<span class="help-block with-errors"></span>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="ldap_filter_groupname">Group name field</label>
|
||||||
|
<input type="text" class="form-control" name="ldap_filter_groupname" id="ldap_filter_groupname" placeholder="e.g. member" data-error="Please input field for group name filtering" value="{{ SETTING.get('ldap_filter_groupname') }}">
|
||||||
|
<span class="help-block with-errors"></span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>GROUP SECURITY</legend>
|
<legend>GROUP SECURITY</legend>
|
||||||
@ -222,6 +236,12 @@
|
|||||||
<li>
|
<li>
|
||||||
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
|
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
|
||||||
</li>
|
</li>
|
||||||
|
<li>
|
||||||
|
Group filter - The filter that will be applied to all LDAP group queries by PDA. (e.g. <i>(objectClass=groupOfNames)</i> for OpenLDAP)
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Group name field - The field PDA will look for group names. (e.g. <i>member</i> for OpenLDAP)
|
||||||
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
<dt>GROUP SECURITY</dt>
|
<dt>GROUP SECURITY</dt>
|
||||||
@ -576,7 +596,9 @@
|
|||||||
$('#ldap_domain').prop('required', true);
|
$('#ldap_domain').prop('required', true);
|
||||||
}
|
}
|
||||||
$('#ldap_filter_basic').prop('required', true);
|
$('#ldap_filter_basic').prop('required', true);
|
||||||
|
$('#ldap_filter_group').prop('required', true);
|
||||||
$('#ldap_filter_username').prop('required', true);
|
$('#ldap_filter_username').prop('required', true);
|
||||||
|
$('#ldap_filter_groupname').prop('required', true);
|
||||||
|
|
||||||
if ($('#ldap_sg_on').is(":checked")) {
|
if ($('#ldap_sg_on').is(":checked")) {
|
||||||
$('#ldap_admin_group').prop('required', true);
|
$('#ldap_admin_group').prop('required', true);
|
||||||
@ -590,7 +612,9 @@
|
|||||||
$('#ldap_admin_username').prop('required', false);
|
$('#ldap_admin_username').prop('required', false);
|
||||||
$('#ldap_admin_password').prop('required', false);
|
$('#ldap_admin_password').prop('required', false);
|
||||||
$('#ldap_filter_basic').prop('required', false);
|
$('#ldap_filter_basic').prop('required', false);
|
||||||
|
$('#ldap_filter_group').prop('required', false);
|
||||||
$('#ldap_filter_username').prop('required', false);
|
$('#ldap_filter_username').prop('required', false);
|
||||||
|
$('#ldap_filter_groupname').prop('required', false);
|
||||||
|
|
||||||
if ($('#ldap_sg_on').is(":checked")) {
|
if ($('#ldap_sg_on').is(":checked")) {
|
||||||
$('#ldap_admin_group').prop('required', false);
|
$('#ldap_admin_group').prop('required', false);
|
||||||
@ -640,7 +664,9 @@
|
|||||||
$('#ldap_domain').prop('required', true);
|
$('#ldap_domain').prop('required', true);
|
||||||
}
|
}
|
||||||
$('#ldap_filter_basic').prop('required', true);
|
$('#ldap_filter_basic').prop('required', true);
|
||||||
|
$('#ldap_filter_group').prop('required', true);
|
||||||
$('#ldap_filter_username').prop('required', true);
|
$('#ldap_filter_username').prop('required', true);
|
||||||
|
$('#ldap_filter_groupname').prop('required', true);
|
||||||
|
|
||||||
if ($('#ldap_sg_on').is(":checked")) {
|
if ($('#ldap_sg_on').is(":checked")) {
|
||||||
$('#ldap_admin_group').prop('required', true);
|
$('#ldap_admin_group').prop('required', true);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user