812c0b34ea
* feat(ldap): simplify ldap configuration refactor(auth): move ldap settings to a component feat(ldap): add username style autofill feat(ldap): customs for ad feat(app): introduce box selector refactor(auth-settings): use box selector feat(ldap): style changes refactor(ldap): move connectivity check button to a component refactor(settings): move ldap security settings to a component refactor(ldap): move user search to component refactor(ldap): move group search to component style(ldap): remove comment refactor(auth-settings): move auto-user-toggle to component feat(ldap): provide methods to search for users and groups refactor(ldap): move group/user settings into component refactor(ldap): provide labels for components refactor(ldap): separate custom and ad settings fix(ldap): search for users feat(ldap): search users feat(ldap): complete password if missing feat(ldap): search for users feat(ldap): show a list of users feat(ldap): get user uid feat(ldap): search groups without password feat(groups): show group results feat(ldap): add display types feat(ldap): search for groups refactor(ldap): clean code fix(ldap): sort users table fix(ldap): show settings by type feat(ldap): parse values from basedn feat(ldap): parse values feat(app): emit on change event from box-selector feat(ldap): user search filter feat(ldap): search username attribute feat(ldap): remove format around search filter feat(ldap): ad group search refactor(ldap): move dn builder to component feat(ldap): use base dn builder for group search feat(ldap): search for ad groups refactor(ldap): replace domain root object feat(ldap): openldap settings refactor(ldap): delete empty controllers feat(ldap): remove warning on wrong group filter feat(ldap): clear username and pass if not AD feat(ldap): clear basedn when switch from openldap to ad feat(ldap): clear ldap settings when switich from ldap to ad feat(ldap): set dn only if there are values feat(ldap): support more cases of domains feat(ldap): parse openldap domain correctly refactor(ldap): move server type check feat(ldap): move entries feat(ldap): show username format style(ldap): remove comments feat(ldap): clear group filter when no groups refactor(ldap): replace generic payload feat(ldap): allow the user to test login feat(ldap): add test login to custom and open ldap settings feat(ldap): style fixes fix(ldap): style fix fix(ldap): style fixes refactor(ldap): move components to module feat(ldap): add group entries feat(ldap): add borders around each group entry feat(ldap): parse user filter feat(ldap): add/remove group feat(ldap): set ad anonymous mode to false feat(ldap): add group name feat(ldap): fix parentheses feat(ldap): separate between each search config fix(ldap): fix parsing of group dn feat(ldap): style fixes feat(ldap): remove of change of filter refactor(ldap): remove user display style feat(ldap): rename group entries field refactor(auth): move auto user provision refactor(ldap): refactor box selector feat(ldap): move ad settings to be a global setting style(ldap): remove comments feat(ldap): add auto user toggle refactor(auth/ad): rename ad component fix(auth/ad): fix the use of a certificate refactor(ldap): rename components fix(ldap): show user and group search fix(ldap): design group settings feat(ldap): search users and groups feat(ldap): add margins refactor(ldap): separate ldap and ad settings refactor(auth): use central check for auth method feat(ldap): clear margins feat(ldap): add port if missing feat(ldap): fix ad name fix(ldap): rename fields feat(ldap): add domain root field feat(auth/ad): remove domain root field feat(ldap): rename base dn to root domain feat(ldap/openldap): get suffix feat(ldap/open): change base filter fix(ldap): align feat(db): introduce migration for ldap server type refactor(ldap): move service to ldap module refactor(ldap): sync between client and server constants fix(ldap): use post for check style(ldap): fix handler comments fix(ldap): check for errors style(ldap): fix tyop fix(ldap): check equality style(ldap): add comments fix(ldap): allow anonymous mode fix(ldap): show errors on search users feat(lasp): use custom settings for each server fix(ldap): supply default group filter fix(ldap): show domain suffix in new settings fix(ldap): replace icon with text refactor(components): remove box-selector-wrapper * fix(ldap): enable test when form is valid * fix(ldap): add port if missing
60 lines
1.7 KiB
Go
60 lines
1.7 KiB
Go
package ldap
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
"github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/filesystem"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
)
|
|
|
|
// Handler is the HTTP handler used to handle LDAP search Operations
|
|
type Handler struct {
|
|
*mux.Router
|
|
DataStore portainer.DataStore
|
|
FileService portainer.FileService
|
|
LDAPService portainer.LDAPService
|
|
}
|
|
|
|
// NewHandler returns a new Handler
|
|
func NewHandler(bouncer *security.RequestBouncer) *Handler {
|
|
h := &Handler{
|
|
Router: mux.NewRouter(),
|
|
}
|
|
|
|
h.Handle("/ldap/check",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.ldapCheck))).Methods(http.MethodPost)
|
|
h.Handle("/ldap/groups",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.ldapGroups))).Methods(http.MethodPost)
|
|
h.Handle("/ldap/users",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.ldapUsers))).Methods(http.MethodPost)
|
|
h.Handle("/ldap/test",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.ldapTestLogin))).Methods(http.MethodPost)
|
|
|
|
return h
|
|
}
|
|
|
|
func (handler *Handler) prefillSettings(ldapSettings *portainer.LDAPSettings) error {
|
|
if !ldapSettings.AnonymousMode && ldapSettings.Password == "" {
|
|
settings, err := handler.DataStore.Settings().Settings()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ldapSettings.Password = settings.LDAPSettings.Password
|
|
}
|
|
|
|
if (ldapSettings.TLSConfig.TLS || ldapSettings.StartTLS) && !ldapSettings.TLSConfig.TLSSkipVerify {
|
|
caCertPath, err := handler.FileService.GetPathForTLSFile(filesystem.LDAPStorePath, portainer.TLSFileCA)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ldapSettings.TLSConfig.TLSCACertPath = caCertPath
|
|
}
|
|
|
|
return nil
|
|
}
|