Adding missing lookup fields for LDAP configuration in UI (#1698)
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
GitHub
@@ -230,9 +230,6 @@ func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
|
||||
// swagger:model IdpConfigurationActiveDirectory
|
||||
type IdpConfigurationActiveDirectory struct {
|
||||
|
||||
// group name attribute
|
||||
GroupNameAttribute string `json:"group_name_attribute,omitempty"`
|
||||
|
||||
// group search base dn
|
||||
GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
|
||||
|
||||
@@ -266,12 +263,6 @@ type IdpConfigurationActiveDirectory struct {
|
||||
|
||||
// user dns
|
||||
UserDNS []string `json:"user_dns"`
|
||||
|
||||
// username format
|
||||
UsernameFormat string `json:"username_format,omitempty"`
|
||||
|
||||
// username search filter
|
||||
UsernameSearchFilter string `json:"username_search_filter,omitempty"`
|
||||
}
|
||||
|
||||
// Validate validates this idp configuration active directory
|
||||
|
||||
@@ -2437,9 +2437,6 @@ func init() {
|
||||
"url"
|
||||
],
|
||||
"properties": {
|
||||
"group_name_attribute": {
|
||||
"type": "string"
|
||||
},
|
||||
"group_search_base_dn": {
|
||||
"type": "string"
|
||||
},
|
||||
@@ -2475,12 +2472,6 @@ func init() {
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"username_format": {
|
||||
"type": "string"
|
||||
},
|
||||
"username_search_filter": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -5962,9 +5953,6 @@ func init() {
|
||||
"url"
|
||||
],
|
||||
"properties": {
|
||||
"group_name_attribute": {
|
||||
"type": "string"
|
||||
},
|
||||
"group_search_base_dn": {
|
||||
"type": "string"
|
||||
},
|
||||
@@ -6000,12 +5988,6 @@ func init() {
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"username_format": {
|
||||
"type": "string"
|
||||
},
|
||||
"username_search_filter": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -7192,9 +7174,6 @@ func init() {
|
||||
"url"
|
||||
],
|
||||
"properties": {
|
||||
"group_name_attribute": {
|
||||
"type": "string"
|
||||
},
|
||||
"group_search_base_dn": {
|
||||
"type": "string"
|
||||
},
|
||||
@@ -7230,12 +7209,6 @@ func init() {
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"username_format": {
|
||||
"type": "string"
|
||||
},
|
||||
"username_search_filter": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -151,9 +151,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
|
||||
if tenantReq.Idp.ActiveDirectory != nil {
|
||||
tenantExternalIDPConfigured = true
|
||||
serverAddress := *tenantReq.Idp.ActiveDirectory.URL
|
||||
userNameFormat := tenantReq.Idp.ActiveDirectory.UsernameFormat
|
||||
userNameSearchFilter := tenantReq.Idp.ActiveDirectory.UsernameSearchFilter
|
||||
groupNameAttribute := tenantReq.Idp.ActiveDirectory.GroupNameAttribute
|
||||
tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification
|
||||
serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
|
||||
lookupBindDN := tenantReq.Idp.ActiveDirectory.LookupBindDn
|
||||
@@ -176,10 +173,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_SERVER_STARTTLS"] = "on"
|
||||
}
|
||||
|
||||
// LDAP Username
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_FORMAT"] = userNameFormat
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER"] = userNameSearchFilter
|
||||
|
||||
// LDAP Lookup
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN"] = lookupBindDN
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD"] = lookupBindPassword
|
||||
@@ -189,7 +182,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER"] = userDNSearchFilter
|
||||
|
||||
// LDAP Group
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE"] = groupNameAttribute
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"] = groupSearchBaseDN
|
||||
tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"] = groupSearchFilter
|
||||
|
||||
|
||||
@@ -404,59 +404,7 @@ export const fieldsConfigurations: any = {
|
||||
label: "Server Addr",
|
||||
tooltip: 'AD/LDAP server address e.g. "myldapserver.com:636"',
|
||||
type: "string",
|
||||
placeholder: "Enter Server Address",
|
||||
},
|
||||
{
|
||||
name: "username_format",
|
||||
required: true,
|
||||
label: "Username Format",
|
||||
tooltip:
|
||||
'List of username bind DNs e.g. "uid=%s","cn=accounts","dc=myldapserver" or "dc=com", you can write one per field',
|
||||
type: "csv",
|
||||
placeholder: "Enter Username Format",
|
||||
},
|
||||
{
|
||||
name: "username_search_filter",
|
||||
required: true,
|
||||
label: "Username Search Filter",
|
||||
tooltip:
|
||||
'User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"',
|
||||
type: "string",
|
||||
placeholder: "Enter Username Search Filter",
|
||||
},
|
||||
{
|
||||
name: "group_search_filter",
|
||||
required: true,
|
||||
label: "Group Search Filter",
|
||||
tooltip:
|
||||
'Search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"',
|
||||
type: "string",
|
||||
placeholder: "Enter Group Search Filter",
|
||||
},
|
||||
{
|
||||
name: "username_search_base_dn",
|
||||
required: false,
|
||||
label: "Username Search Base DN",
|
||||
tooltip: "List of username search DNs, you can write one per field",
|
||||
type: "csv",
|
||||
placeholder: "Enter Username Search Base DN",
|
||||
},
|
||||
{
|
||||
name: "group_name_attribute",
|
||||
required: false,
|
||||
label: "Group Name Attribute",
|
||||
tooltip: 'Search attribute for group name e.g. "cn"',
|
||||
type: "string",
|
||||
placeholder: "Enter Group Name Attribute",
|
||||
},
|
||||
{
|
||||
name: "sts_expiry",
|
||||
required: false,
|
||||
label: "STS Expiry",
|
||||
tooltip:
|
||||
'temporary credentials validity duration in s,m,h,d. Default is "1h"',
|
||||
type: "string",
|
||||
placeholder: "Enter STS Expiry",
|
||||
placeholder: "myldapserver.com:636",
|
||||
},
|
||||
{
|
||||
name: "tls_skip_verify",
|
||||
@@ -474,6 +422,63 @@ export const fieldsConfigurations: any = {
|
||||
'Allow plain text connection to AD/LDAP server, defaults to "off"',
|
||||
type: "on|off",
|
||||
},
|
||||
{
|
||||
name: "server_starttls",
|
||||
required: false,
|
||||
label: "Start TLS connection to AD/LDAP server",
|
||||
tooltip: "Use StartTLS connection to AD/LDAP server",
|
||||
type: "on|off",
|
||||
},
|
||||
{
|
||||
name: "lookup_bind_dn",
|
||||
required: true,
|
||||
label: "Lookup Bind DN",
|
||||
tooltip:
|
||||
"DN for LDAP read-only service account used to perform DN and group lookups",
|
||||
type: "string",
|
||||
placeholder: "cn=admin,dc=min,dc=io",
|
||||
},
|
||||
{
|
||||
name: "lookup_bind_password",
|
||||
required: false,
|
||||
label: "Lookup Bind Password",
|
||||
tooltip:
|
||||
"Password for LDAP read-only service account used to perform DN and group lookups",
|
||||
type: "string",
|
||||
placeholder: "admin",
|
||||
},
|
||||
{
|
||||
name: "user_dn_search_base_dn",
|
||||
required: false,
|
||||
label: "User DN Search Base DN",
|
||||
tooltip: "Base LDAP DN to search for user DN",
|
||||
type: "csv",
|
||||
placeholder: "dc=myldapserver",
|
||||
},
|
||||
{
|
||||
name: "user_dn_search_filter",
|
||||
required: false,
|
||||
label: "User DN Search Filter",
|
||||
tooltip: "Search filter to lookup user DN",
|
||||
type: "string",
|
||||
placeholder: "(sAMAcountName=%s)",
|
||||
},
|
||||
{
|
||||
name: "group_search_filter",
|
||||
required: false,
|
||||
label: "Group Search Filter",
|
||||
tooltip: "Search filter for groups",
|
||||
type: "string",
|
||||
placeholder: "(&(objectclass=groupOfNames)(member=%d))",
|
||||
},
|
||||
{
|
||||
name: "group_search_base_dn",
|
||||
required: false,
|
||||
label: "Group Search Base DN",
|
||||
tooltip: "list of group search base DNs",
|
||||
type: "csv",
|
||||
placeholder: "dc=minioad,dc=local",
|
||||
},
|
||||
{
|
||||
name: "comment",
|
||||
required: false,
|
||||
|
||||
@@ -118,13 +118,9 @@ const AddTenant = ({
|
||||
const ADURL = fields.identityProvider.ADURL;
|
||||
const ADSkipTLS = fields.identityProvider.ADSkipTLS;
|
||||
const ADServerInsecure = fields.identityProvider.ADServerInsecure;
|
||||
const ADUserNameSearchFilter =
|
||||
fields.identityProvider.ADUserNameSearchFilter;
|
||||
const ADGroupSearchBaseDN = fields.identityProvider.ADGroupSearchBaseDN;
|
||||
const ADGroupSearchFilter = fields.identityProvider.ADGroupSearchFilter;
|
||||
const ADGroupNameAttribute = fields.identityProvider.ADGroupNameAttribute;
|
||||
const ADUserDNs = fields.identityProvider.ADUserDNs;
|
||||
const ADUserNameFormat = fields.identityProvider.ADUserNameFormat;
|
||||
const ADLookupBindDN = fields.identityProvider.ADLookupBindDN;
|
||||
const ADLookupBindPassword = fields.identityProvider.ADLookupBindPassword;
|
||||
const ADUserDNSearchBaseDN = fields.identityProvider.ADUserDNSearchBaseDN;
|
||||
@@ -600,11 +596,8 @@ const AddTenant = ({
|
||||
url: ADURL,
|
||||
skip_tls_verification: ADSkipTLS,
|
||||
server_insecure: ADServerInsecure,
|
||||
username_format: ADUserNameFormat,
|
||||
username_search_filter: ADUserNameSearchFilter,
|
||||
group_search_base_dn: ADGroupSearchBaseDN,
|
||||
group_search_filter: ADGroupSearchFilter,
|
||||
group_name_attribute: ADGroupNameAttribute,
|
||||
user_dns: ADUserDNs,
|
||||
lookup_bind_dn: ADLookupBindDN,
|
||||
lookup_bind_password: ADLookupBindPassword,
|
||||
|
||||
@@ -55,12 +55,9 @@ interface IIdentityProviderProps {
|
||||
ADURL: string;
|
||||
ADSkipTLS: boolean;
|
||||
ADServerInsecure: boolean;
|
||||
ADUserNameSearchFilter: string;
|
||||
ADGroupSearchBaseDN: string;
|
||||
ADGroupSearchFilter: string;
|
||||
ADGroupNameAttribute: string;
|
||||
ADUserDNs: string[];
|
||||
ADUserNameFormat: string;
|
||||
ADLookupBindDN: string;
|
||||
ADLookupBindPassword: string;
|
||||
ADUserDNSearchBaseDN: string;
|
||||
@@ -136,12 +133,9 @@ const IdentityProvider = ({
|
||||
ADURL,
|
||||
ADSkipTLS,
|
||||
ADServerInsecure,
|
||||
ADUserNameSearchFilter,
|
||||
ADGroupSearchBaseDN,
|
||||
ADGroupSearchFilter,
|
||||
ADGroupNameAttribute,
|
||||
ADUserDNs,
|
||||
ADUserNameFormat,
|
||||
ADLookupBindDN,
|
||||
ADLookupBindPassword,
|
||||
ADUserDNSearchBaseDN,
|
||||
@@ -236,6 +230,11 @@ const IdentityProvider = ({
|
||||
required: true,
|
||||
value: ADURL,
|
||||
},
|
||||
{
|
||||
fieldKey: "ad_lookupBindDN",
|
||||
required: true,
|
||||
value: ADLookupBindDN,
|
||||
},
|
||||
];
|
||||
// validate user DNs
|
||||
for (let i = 0; i < ADUserDNs.length; i++) {
|
||||
@@ -253,16 +252,15 @@ const IdentityProvider = ({
|
||||
|
||||
setValidationErrors(commonVal);
|
||||
}, [
|
||||
ADLookupBindDN,
|
||||
idpSelection,
|
||||
accessKeys,
|
||||
secretKeys,
|
||||
openIDClientID,
|
||||
openIDSecretID,
|
||||
ADURL,
|
||||
ADUserNameSearchFilter,
|
||||
ADGroupSearchBaseDN,
|
||||
ADGroupSearchFilter,
|
||||
ADGroupNameAttribute,
|
||||
ADUserDNs,
|
||||
isPageValid,
|
||||
openIDConfigurationURL,
|
||||
@@ -601,76 +599,19 @@ const IdentityProvider = ({
|
||||
label={"Start TLS connection to AD/LDAP server"}
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_userNameFormat"
|
||||
name="ad_userNameFormat"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADUserNameFormat", e.target.value);
|
||||
}}
|
||||
label="Username Format"
|
||||
value={ADUserNameFormat}
|
||||
placeholder="uid=%s,cn=accounts,dc=myldapserver,dc=com"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_userNameFilter"
|
||||
name="ad_userNameFilter"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADUserNameSearchFilter", e.target.value);
|
||||
}}
|
||||
label="Username Search Filter"
|
||||
value={ADUserNameSearchFilter}
|
||||
placeholder="(|(objectclass=posixAccount)(uid=%s))"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_groupSearchBaseDN"
|
||||
name="ad_groupSearchBaseDN"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADGroupSearchBaseDN", e.target.value);
|
||||
}}
|
||||
label="Group Search Base DN"
|
||||
value={ADGroupSearchBaseDN}
|
||||
placeholder="ou=hwengg,dc=min,dc=io;ou=swengg,dc=min,dc=io"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_groupSearchFilter"
|
||||
name="ad_groupSearchFilter"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADGroupSearchFilter", e.target.value);
|
||||
}}
|
||||
label="Group Search Filter"
|
||||
value={ADGroupSearchFilter}
|
||||
placeholder="(&(objectclass=groupOfNames)(member=%s))"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_groupNameAttribute"
|
||||
name="ad_groupNameAttribute"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADGroupNameAttribute", e.target.value);
|
||||
}}
|
||||
label="Group Name Attribute"
|
||||
value={ADGroupNameAttribute}
|
||||
placeholder="cn"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_lookupBindDN"
|
||||
name="ad_lookupBindDN"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADLookupBindDN", e.target.value);
|
||||
cleanValidation("ad_lookupBindDN");
|
||||
}}
|
||||
label="Lookup Bind DN"
|
||||
value={ADLookupBindDN}
|
||||
placeholder="cn=admin,dc=min,dc=io"
|
||||
error={validationErrors["ad_lookupBindDN"] || ""}
|
||||
required
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
@@ -706,7 +647,31 @@ const IdentityProvider = ({
|
||||
}}
|
||||
label="User DN Search Filter"
|
||||
value={ADUserDNSearchFilter}
|
||||
placeholder="(uid=%s)"
|
||||
placeholder="(sAMAcountName=%s)"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_groupSearchBaseDN"
|
||||
name="ad_groupSearchBaseDN"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADGroupSearchBaseDN", e.target.value);
|
||||
}}
|
||||
label="Group Search Base DN"
|
||||
value={ADGroupSearchBaseDN}
|
||||
placeholder="ou=hwengg,dc=min,dc=io;ou=swengg,dc=min,dc=io"
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12} className={classes.formFieldRow}>
|
||||
<InputBoxWrapper
|
||||
id="ad_groupSearchFilter"
|
||||
name="ad_groupSearchFilter"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("ADGroupSearchFilter", e.target.value);
|
||||
}}
|
||||
label="Group Search Filter"
|
||||
value={ADGroupSearchFilter}
|
||||
placeholder="(&(objectclass=groupOfNames)(member=%s))"
|
||||
/>
|
||||
</Grid>
|
||||
<fieldset className={classes.fieldGroup}>
|
||||
@@ -742,17 +707,11 @@ const mapState = (state: AppState) => ({
|
||||
ADSkipTLS: state.tenants.createTenant.fields.identityProvider.ADSkipTLS,
|
||||
ADServerInsecure:
|
||||
state.tenants.createTenant.fields.identityProvider.ADServerInsecure,
|
||||
ADUserNameSearchFilter:
|
||||
state.tenants.createTenant.fields.identityProvider.ADUserNameSearchFilter,
|
||||
ADGroupSearchBaseDN:
|
||||
state.tenants.createTenant.fields.identityProvider.ADGroupSearchBaseDN,
|
||||
ADGroupSearchFilter:
|
||||
state.tenants.createTenant.fields.identityProvider.ADGroupSearchFilter,
|
||||
ADGroupNameAttribute:
|
||||
state.tenants.createTenant.fields.identityProvider.ADGroupNameAttribute,
|
||||
ADUserDNs: state.tenants.createTenant.fields.identityProvider.ADUserDNs,
|
||||
ADUserNameFormat:
|
||||
state.tenants.createTenant.fields.identityProvider.ADUserNameFormat,
|
||||
ADLookupBindDN:
|
||||
state.tenants.createTenant.fields.identityProvider.ADLookupBindDN,
|
||||
ADLookupBindPassword:
|
||||
|
||||
@@ -133,12 +133,9 @@ const initialState: ITenantState = {
|
||||
ADURL: "",
|
||||
ADSkipTLS: false,
|
||||
ADServerInsecure: false,
|
||||
ADUserNameSearchFilter: "",
|
||||
ADGroupSearchBaseDN: "",
|
||||
ADGroupSearchFilter: "",
|
||||
ADGroupNameAttribute: "",
|
||||
ADUserDNs: [""],
|
||||
ADUserNameFormat: "",
|
||||
ADLookupBindDN: "",
|
||||
ADLookupBindPassword: "",
|
||||
ADUserDNSearchBaseDN: "",
|
||||
@@ -685,12 +682,9 @@ export function tenantsReducer(
|
||||
ADURL: "",
|
||||
ADSkipTLS: false,
|
||||
ADServerInsecure: false,
|
||||
ADUserNameSearchFilter: "",
|
||||
ADGroupSearchBaseDN: "",
|
||||
ADGroupSearchFilter: "",
|
||||
ADGroupNameAttribute: "",
|
||||
ADUserDNs: [""],
|
||||
ADUserNameFormat: "",
|
||||
ADLookupBindDN: "",
|
||||
ADLookupBindPassword: "",
|
||||
ADUserDNSearchBaseDN: "",
|
||||
|
||||
@@ -240,11 +240,8 @@ export interface IIdentityProviderFields {
|
||||
ADURL: string;
|
||||
ADSkipTLS: boolean;
|
||||
ADServerInsecure: boolean;
|
||||
ADUserNameSearchFilter: string;
|
||||
ADUserNameFormat: string;
|
||||
ADGroupSearchBaseDN: string;
|
||||
ADGroupSearchFilter: string;
|
||||
ADGroupNameAttribute: string;
|
||||
ADUserDNs: string[];
|
||||
ADLookupBindDN: string;
|
||||
ADLookupBindPassword: string;
|
||||
|
||||
@@ -1646,16 +1646,10 @@ definitions:
|
||||
properties:
|
||||
url:
|
||||
type: string
|
||||
username_format:
|
||||
type: string
|
||||
username_search_filter:
|
||||
type: string
|
||||
group_search_base_dn:
|
||||
type: string
|
||||
group_search_filter:
|
||||
type: string
|
||||
group_name_attribute:
|
||||
type: string
|
||||
skip_tls_verification:
|
||||
type: boolean
|
||||
server_insecure:
|
||||
|
||||
Reference in New Issue
Block a user