From 607ca5742b580292a7d90705aa692b8210615058 Mon Sep 17 00:00:00 2001 From: Lenin Alevski Date: Fri, 11 Mar 2022 00:18:46 -0800 Subject: [PATCH] Adding missing lookup fields for LDAP configuration in UI (#1698) Signed-off-by: Lenin Alevski --- models/idp_configuration.go | 9 -- operatorapi/embedded_spec.go | 27 ----- operatorapi/operator_tenant_add.go | 8 -- .../screens/Console/Configurations/utils.tsx | 111 +++++++++--------- .../Console/Tenants/AddTenant/AddTenant.tsx | 7 -- .../AddTenant/Steps/IdentityProvider.tsx | 109 ++++++----------- .../src/screens/Console/Tenants/reducer.ts | 6 - .../src/screens/Console/Tenants/types.ts | 3 - swagger-operator.yml | 6 - 9 files changed, 92 insertions(+), 194 deletions(-) diff --git a/models/idp_configuration.go b/models/idp_configuration.go index fc844c7e6..e70e2f49f 100644 --- a/models/idp_configuration.go +++ b/models/idp_configuration.go @@ -230,9 +230,6 @@ func (m *IdpConfiguration) UnmarshalBinary(b []byte) error { // swagger:model IdpConfigurationActiveDirectory type IdpConfigurationActiveDirectory struct { - // group name attribute - GroupNameAttribute string `json:"group_name_attribute,omitempty"` - // group search base dn GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"` @@ -266,12 +263,6 @@ type IdpConfigurationActiveDirectory struct { // user dns UserDNS []string `json:"user_dns"` - - // username format - UsernameFormat string `json:"username_format,omitempty"` - - // username search filter - UsernameSearchFilter string `json:"username_search_filter,omitempty"` } // Validate validates this idp configuration active directory diff --git a/operatorapi/embedded_spec.go b/operatorapi/embedded_spec.go index 92acdb0ac..d3a9d9e52 100644 --- a/operatorapi/embedded_spec.go +++ b/operatorapi/embedded_spec.go @@ -2437,9 +2437,6 @@ func init() { "url" ], "properties": { - "group_name_attribute": { - "type": "string" - }, "group_search_base_dn": { "type": "string" }, @@ -2475,12 +2472,6 @@ func init() { "items": { "type": "string" } - }, - "username_format": { - "type": "string" - }, - "username_search_filter": { - "type": "string" } } }, @@ -5962,9 +5953,6 @@ func init() { "url" ], "properties": { - "group_name_attribute": { - "type": "string" - }, "group_search_base_dn": { "type": "string" }, @@ -6000,12 +5988,6 @@ func init() { "items": { "type": "string" } - }, - "username_format": { - "type": "string" - }, - "username_search_filter": { - "type": "string" } } }, @@ -7192,9 +7174,6 @@ func init() { "url" ], "properties": { - "group_name_attribute": { - "type": "string" - }, "group_search_base_dn": { "type": "string" }, @@ -7230,12 +7209,6 @@ func init() { "items": { "type": "string" } - }, - "username_format": { - "type": "string" - }, - "username_search_filter": { - "type": "string" } } }, diff --git a/operatorapi/operator_tenant_add.go b/operatorapi/operator_tenant_add.go index 7d4100928..dcde7d7b4 100644 --- a/operatorapi/operator_tenant_add.go +++ b/operatorapi/operator_tenant_add.go @@ -151,9 +151,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre if tenantReq.Idp.ActiveDirectory != nil { tenantExternalIDPConfigured = true serverAddress := *tenantReq.Idp.ActiveDirectory.URL - userNameFormat := tenantReq.Idp.ActiveDirectory.UsernameFormat - userNameSearchFilter := tenantReq.Idp.ActiveDirectory.UsernameSearchFilter - groupNameAttribute := tenantReq.Idp.ActiveDirectory.GroupNameAttribute tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure lookupBindDN := tenantReq.Idp.ActiveDirectory.LookupBindDn @@ -176,10 +173,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre tenantConfigurationENV["MINIO_IDENTITY_LDAP_SERVER_STARTTLS"] = "on" } - // LDAP Username - tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_FORMAT"] = userNameFormat - tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER"] = userNameSearchFilter - // LDAP Lookup tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN"] = lookupBindDN tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD"] = lookupBindPassword @@ -189,7 +182,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre tenantConfigurationENV["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER"] = userDNSearchFilter // LDAP Group - tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE"] = groupNameAttribute tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"] = groupSearchBaseDN tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"] = groupSearchFilter diff --git a/portal-ui/src/screens/Console/Configurations/utils.tsx b/portal-ui/src/screens/Console/Configurations/utils.tsx index 91982a259..c974f16ad 100644 --- a/portal-ui/src/screens/Console/Configurations/utils.tsx +++ b/portal-ui/src/screens/Console/Configurations/utils.tsx @@ -404,59 +404,7 @@ export const fieldsConfigurations: any = { label: "Server Addr", tooltip: 'AD/LDAP server address e.g. "myldapserver.com:636"', type: "string", - placeholder: "Enter Server Address", - }, - { - name: "username_format", - required: true, - label: "Username Format", - tooltip: - 'List of username bind DNs e.g. "uid=%s","cn=accounts","dc=myldapserver" or "dc=com", you can write one per field', - type: "csv", - placeholder: "Enter Username Format", - }, - { - name: "username_search_filter", - required: true, - label: "Username Search Filter", - tooltip: - 'User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"', - type: "string", - placeholder: "Enter Username Search Filter", - }, - { - name: "group_search_filter", - required: true, - label: "Group Search Filter", - tooltip: - 'Search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"', - type: "string", - placeholder: "Enter Group Search Filter", - }, - { - name: "username_search_base_dn", - required: false, - label: "Username Search Base DN", - tooltip: "List of username search DNs, you can write one per field", - type: "csv", - placeholder: "Enter Username Search Base DN", - }, - { - name: "group_name_attribute", - required: false, - label: "Group Name Attribute", - tooltip: 'Search attribute for group name e.g. "cn"', - type: "string", - placeholder: "Enter Group Name Attribute", - }, - { - name: "sts_expiry", - required: false, - label: "STS Expiry", - tooltip: - 'temporary credentials validity duration in s,m,h,d. Default is "1h"', - type: "string", - placeholder: "Enter STS Expiry", + placeholder: "myldapserver.com:636", }, { name: "tls_skip_verify", @@ -474,6 +422,63 @@ export const fieldsConfigurations: any = { 'Allow plain text connection to AD/LDAP server, defaults to "off"', type: "on|off", }, + { + name: "server_starttls", + required: false, + label: "Start TLS connection to AD/LDAP server", + tooltip: "Use StartTLS connection to AD/LDAP server", + type: "on|off", + }, + { + name: "lookup_bind_dn", + required: true, + label: "Lookup Bind DN", + tooltip: + "DN for LDAP read-only service account used to perform DN and group lookups", + type: "string", + placeholder: "cn=admin,dc=min,dc=io", + }, + { + name: "lookup_bind_password", + required: false, + label: "Lookup Bind Password", + tooltip: + "Password for LDAP read-only service account used to perform DN and group lookups", + type: "string", + placeholder: "admin", + }, + { + name: "user_dn_search_base_dn", + required: false, + label: "User DN Search Base DN", + tooltip: "Base LDAP DN to search for user DN", + type: "csv", + placeholder: "dc=myldapserver", + }, + { + name: "user_dn_search_filter", + required: false, + label: "User DN Search Filter", + tooltip: "Search filter to lookup user DN", + type: "string", + placeholder: "(sAMAcountName=%s)", + }, + { + name: "group_search_filter", + required: false, + label: "Group Search Filter", + tooltip: "Search filter for groups", + type: "string", + placeholder: "(&(objectclass=groupOfNames)(member=%d))", + }, + { + name: "group_search_base_dn", + required: false, + label: "Group Search Base DN", + tooltip: "list of group search base DNs", + type: "csv", + placeholder: "dc=minioad,dc=local", + }, { name: "comment", required: false, diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/AddTenant.tsx b/portal-ui/src/screens/Console/Tenants/AddTenant/AddTenant.tsx index d6d8139c9..fefd1f98f 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/AddTenant.tsx +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/AddTenant.tsx @@ -118,13 +118,9 @@ const AddTenant = ({ const ADURL = fields.identityProvider.ADURL; const ADSkipTLS = fields.identityProvider.ADSkipTLS; const ADServerInsecure = fields.identityProvider.ADServerInsecure; - const ADUserNameSearchFilter = - fields.identityProvider.ADUserNameSearchFilter; const ADGroupSearchBaseDN = fields.identityProvider.ADGroupSearchBaseDN; const ADGroupSearchFilter = fields.identityProvider.ADGroupSearchFilter; - const ADGroupNameAttribute = fields.identityProvider.ADGroupNameAttribute; const ADUserDNs = fields.identityProvider.ADUserDNs; - const ADUserNameFormat = fields.identityProvider.ADUserNameFormat; const ADLookupBindDN = fields.identityProvider.ADLookupBindDN; const ADLookupBindPassword = fields.identityProvider.ADLookupBindPassword; const ADUserDNSearchBaseDN = fields.identityProvider.ADUserDNSearchBaseDN; @@ -600,11 +596,8 @@ const AddTenant = ({ url: ADURL, skip_tls_verification: ADSkipTLS, server_insecure: ADServerInsecure, - username_format: ADUserNameFormat, - username_search_filter: ADUserNameSearchFilter, group_search_base_dn: ADGroupSearchBaseDN, group_search_filter: ADGroupSearchFilter, - group_name_attribute: ADGroupNameAttribute, user_dns: ADUserDNs, lookup_bind_dn: ADLookupBindDN, lookup_bind_password: ADLookupBindPassword, diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/IdentityProvider.tsx b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/IdentityProvider.tsx index 3c2963615..e15abc1ab 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/IdentityProvider.tsx +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/IdentityProvider.tsx @@ -55,12 +55,9 @@ interface IIdentityProviderProps { ADURL: string; ADSkipTLS: boolean; ADServerInsecure: boolean; - ADUserNameSearchFilter: string; ADGroupSearchBaseDN: string; ADGroupSearchFilter: string; - ADGroupNameAttribute: string; ADUserDNs: string[]; - ADUserNameFormat: string; ADLookupBindDN: string; ADLookupBindPassword: string; ADUserDNSearchBaseDN: string; @@ -136,12 +133,9 @@ const IdentityProvider = ({ ADURL, ADSkipTLS, ADServerInsecure, - ADUserNameSearchFilter, ADGroupSearchBaseDN, ADGroupSearchFilter, - ADGroupNameAttribute, ADUserDNs, - ADUserNameFormat, ADLookupBindDN, ADLookupBindPassword, ADUserDNSearchBaseDN, @@ -236,6 +230,11 @@ const IdentityProvider = ({ required: true, value: ADURL, }, + { + fieldKey: "ad_lookupBindDN", + required: true, + value: ADLookupBindDN, + }, ]; // validate user DNs for (let i = 0; i < ADUserDNs.length; i++) { @@ -253,16 +252,15 @@ const IdentityProvider = ({ setValidationErrors(commonVal); }, [ + ADLookupBindDN, idpSelection, accessKeys, secretKeys, openIDClientID, openIDSecretID, ADURL, - ADUserNameSearchFilter, ADGroupSearchBaseDN, ADGroupSearchFilter, - ADGroupNameAttribute, ADUserDNs, isPageValid, openIDConfigurationURL, @@ -601,76 +599,19 @@ const IdentityProvider = ({ label={"Start TLS connection to AD/LDAP server"} /> - - ) => { - updateField("ADUserNameFormat", e.target.value); - }} - label="Username Format" - value={ADUserNameFormat} - placeholder="uid=%s,cn=accounts,dc=myldapserver,dc=com" - /> - - - ) => { - updateField("ADUserNameSearchFilter", e.target.value); - }} - label="Username Search Filter" - value={ADUserNameSearchFilter} - placeholder="(|(objectclass=posixAccount)(uid=%s))" - /> - - - ) => { - updateField("ADGroupSearchBaseDN", e.target.value); - }} - label="Group Search Base DN" - value={ADGroupSearchBaseDN} - placeholder="ou=hwengg,dc=min,dc=io;ou=swengg,dc=min,dc=io" - /> - - - ) => { - updateField("ADGroupSearchFilter", e.target.value); - }} - label="Group Search Filter" - value={ADGroupSearchFilter} - placeholder="(&(objectclass=groupOfNames)(member=%s))" - /> - - - ) => { - updateField("ADGroupNameAttribute", e.target.value); - }} - label="Group Name Attribute" - value={ADGroupNameAttribute} - placeholder="cn" - /> - ) => { updateField("ADLookupBindDN", e.target.value); + cleanValidation("ad_lookupBindDN"); }} label="Lookup Bind DN" value={ADLookupBindDN} placeholder="cn=admin,dc=min,dc=io" + error={validationErrors["ad_lookupBindDN"] || ""} + required /> @@ -706,7 +647,31 @@ const IdentityProvider = ({ }} label="User DN Search Filter" value={ADUserDNSearchFilter} - placeholder="(uid=%s)" + placeholder="(sAMAcountName=%s)" + /> + + + ) => { + updateField("ADGroupSearchBaseDN", e.target.value); + }} + label="Group Search Base DN" + value={ADGroupSearchBaseDN} + placeholder="ou=hwengg,dc=min,dc=io;ou=swengg,dc=min,dc=io" + /> + + + ) => { + updateField("ADGroupSearchFilter", e.target.value); + }} + label="Group Search Filter" + value={ADGroupSearchFilter} + placeholder="(&(objectclass=groupOfNames)(member=%s))" />
@@ -742,17 +707,11 @@ const mapState = (state: AppState) => ({ ADSkipTLS: state.tenants.createTenant.fields.identityProvider.ADSkipTLS, ADServerInsecure: state.tenants.createTenant.fields.identityProvider.ADServerInsecure, - ADUserNameSearchFilter: - state.tenants.createTenant.fields.identityProvider.ADUserNameSearchFilter, ADGroupSearchBaseDN: state.tenants.createTenant.fields.identityProvider.ADGroupSearchBaseDN, ADGroupSearchFilter: state.tenants.createTenant.fields.identityProvider.ADGroupSearchFilter, - ADGroupNameAttribute: - state.tenants.createTenant.fields.identityProvider.ADGroupNameAttribute, ADUserDNs: state.tenants.createTenant.fields.identityProvider.ADUserDNs, - ADUserNameFormat: - state.tenants.createTenant.fields.identityProvider.ADUserNameFormat, ADLookupBindDN: state.tenants.createTenant.fields.identityProvider.ADLookupBindDN, ADLookupBindPassword: diff --git a/portal-ui/src/screens/Console/Tenants/reducer.ts b/portal-ui/src/screens/Console/Tenants/reducer.ts index 1af0aeea1..ab560ee6d 100644 --- a/portal-ui/src/screens/Console/Tenants/reducer.ts +++ b/portal-ui/src/screens/Console/Tenants/reducer.ts @@ -133,12 +133,9 @@ const initialState: ITenantState = { ADURL: "", ADSkipTLS: false, ADServerInsecure: false, - ADUserNameSearchFilter: "", ADGroupSearchBaseDN: "", ADGroupSearchFilter: "", - ADGroupNameAttribute: "", ADUserDNs: [""], - ADUserNameFormat: "", ADLookupBindDN: "", ADLookupBindPassword: "", ADUserDNSearchBaseDN: "", @@ -685,12 +682,9 @@ export function tenantsReducer( ADURL: "", ADSkipTLS: false, ADServerInsecure: false, - ADUserNameSearchFilter: "", ADGroupSearchBaseDN: "", ADGroupSearchFilter: "", - ADGroupNameAttribute: "", ADUserDNs: [""], - ADUserNameFormat: "", ADLookupBindDN: "", ADLookupBindPassword: "", ADUserDNSearchBaseDN: "", diff --git a/portal-ui/src/screens/Console/Tenants/types.ts b/portal-ui/src/screens/Console/Tenants/types.ts index 37c89d327..965c4a42b 100644 --- a/portal-ui/src/screens/Console/Tenants/types.ts +++ b/portal-ui/src/screens/Console/Tenants/types.ts @@ -240,11 +240,8 @@ export interface IIdentityProviderFields { ADURL: string; ADSkipTLS: boolean; ADServerInsecure: boolean; - ADUserNameSearchFilter: string; - ADUserNameFormat: string; ADGroupSearchBaseDN: string; ADGroupSearchFilter: string; - ADGroupNameAttribute: string; ADUserDNs: string[]; ADLookupBindDN: string; ADLookupBindPassword: string; diff --git a/swagger-operator.yml b/swagger-operator.yml index 104ed3855..9f1649e56 100644 --- a/swagger-operator.yml +++ b/swagger-operator.yml @@ -1646,16 +1646,10 @@ definitions: properties: url: type: string - username_format: - type: string - username_search_filter: - type: string group_search_base_dn: type: string group_search_filter: type: string - group_name_attribute: - type: string skip_tls_verification: type: boolean server_insecure: