outposts/ldap: cached bind (#2824)

* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/locales/de.po

@@ -672,6 +672,10 @@ msgstr "Bind Password"
 msgid "Bind flow"
 msgstr "Ablauf-Verknüpfung"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -718,6 +722,10 @@ msgstr "Standardmäßig werden für Quellen nur Symbole angezeigt. Aktiviere die
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "CA, anhand derer das Zertifikat des Endpunkts überprüft wird. Kann leer gelassen werden, um keine Validierung durchzuführen."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Gecachte Abläufe"
@@ -1045,6 +1053,10 @@ msgstr "Konfigurieren Sie, wie der Flow Executor eine ungültige Antwort auf ein
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Konfigurieren Sie, wie der Flow-Executor mit einer ungültigen Antwort auf eine Abfrage umgehen soll."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Konfigurieren Sie, wie der Outpost die Benutzer des Core-Authentik-Servers abfragt."
@@ -1586,6 +1598,10 @@ msgstr "Digest-Algorithmus"
 msgid "Digits"
 msgstr "Ziffern"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "Direkte Abfragen geben immer die neuesten Daten zurück, sind jedoch langsamer als zwischengespeicherte Abfragen."

web/src/locales/en.po

@@ -668,6 +668,10 @@ msgstr "Bind Password"
 msgid "Bind flow"
 msgstr "Bind flow"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr "Bind mode"
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -715,6 +719,10 @@ msgstr "By default, only icons are shown for sources. Enable this to show their
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Cached flows"
@@ -1050,6 +1058,10 @@ msgstr "Configure how the flow executor should handle an invalid response to a c
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Configure how the issuer field of the ID Token should be filled."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr "Configure how the outpost authenticates requests."
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Configure how the outpost queries the core authentik server's users."
@@ -1605,6 +1617,10 @@ msgstr "Digest algorithm"
 msgid "Digits"
 msgstr "Digits"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr "Direct querying, always execute the configured bind flow to authenticate the user."
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "Direct querying, always returns the latest data, but slower than cached querying."

web/src/locales/es.po

@@ -662,6 +662,10 @@ msgstr "Enlazar contraseña"
 msgid "Bind flow"
 msgstr "Flujo de enlace"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -708,6 +712,10 @@ msgstr "De forma predeterminada, solo se muestran los iconos de las fuentes. Act
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "CA con la que se verifica el certificado del punto final. Se puede dejar vacío para que no se valide."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Flujos almacenados en caché"
@@ -1036,6 +1044,10 @@ msgstr "Configure cómo el ejecutor de flujo debe gestionar una respuesta no vá
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Configure cómo se debe rellenar el campo emisor del token de ID."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Configure la forma en que el puesto avanzado consulta a los usuarios del servidor auténtico principal."
@@ -1577,6 +1589,10 @@ msgstr "algoritmo de resumen"
 msgid "Digits"
 msgstr "dígitos"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "La consulta directa siempre devuelve los datos más recientes, pero más lento que la consulta en caché."

web/src/locales/fr_FR.po

@@ -668,6 +668,10 @@ msgstr "Mot de passe"
 msgid "Bind flow"
 msgstr "Lier un flux"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -714,6 +718,10 @@ msgstr ""
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "AC auprès de laquelle le certificat du terminal est vérifié. Peut être laissé vide en l'absence de validation."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Flux mis en cache"
@@ -1045,6 +1053,10 @@ msgstr "Configure comment l'exécuteur de flux gère une réponse invalide à un
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Configure comment le champ émetteur du jeton ID sera rempli."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr ""
@@ -1590,6 +1602,10 @@ msgstr "Algorithme d'empreinte"
 msgid "Digits"
 msgstr "Chiffres"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr ""

web/src/locales/pl.po

@@ -659,6 +659,10 @@ msgstr "Powiąż hasło"
 msgid "Bind flow"
 msgstr "Powiąż przepływ"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -705,6 +709,10 @@ msgstr "Domyślnie dla źródeł wyświetlane są tylko ikony. Włącz tę opcj
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "CA względem którego weryfikowany jest certyfikat. Można pozostawić puste, aby nie sprawdzać poprawności."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Przepływy w pamięci podręcznej"
@@ -1033,6 +1041,10 @@ msgstr "Skonfiguruj sposób, w jaki executor przepływu powinien obsługiwać ni
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Skonfiguruj jak pole wystawcy tokena ID powinien być wypełniony."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Skonfiguruj sposób, w jaki placówka wysyła zapytania do użytkowników podstawowego serwera authentik."
@@ -1574,6 +1586,10 @@ msgstr "Algorytm skrótu"
 msgid "Digits"
 msgstr "Cyfry"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "Zapytania bezpośrednie zawsze zwracają najnowsze dane, ale są wolniejsze niż zapytania w pamięci podręcznej."

web/src/locales/pseudo-LOCALE.po

@@ -660,6 +660,10 @@ msgstr ""
 msgid "Bind flow"
 msgstr ""
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -707,6 +711,10 @@ msgstr ""
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr ""
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr ""
@@ -1038,6 +1046,10 @@ msgstr ""
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr ""
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr ""
@@ -1591,6 +1603,10 @@ msgstr ""
 msgid "Digits"
 msgstr ""
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr ""

web/src/locales/tr.po

@@ -662,6 +662,10 @@ msgstr "Parola Bağla"
 msgid "Bind flow"
 msgstr "Bağlama akışı"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -708,6 +712,10 @@ msgstr "Varsayılan olarak, kaynaklar için yalnızca simgeler gösterilir. Tam
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "Uç noktanın Sertifikası karşı doğrulanan CA. Doğrulama yapılmadan boş bırakılabilir."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "Önbelleğe alınmış akışlar"
@@ -1036,6 +1044,10 @@ msgstr "Akış yürütücüsünün bir meydan okuma için geçersiz bir yanıt n
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Kimlik Belirtecinin yayımcı alanının nasıl doldurulacağını yapılandırın."
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Üssün çekirdek authentik sunucusunun kullanıcılarını nasıl sorgulayacağını yapılandırın."
@@ -1577,6 +1589,10 @@ msgstr "Digest algoritması"
 msgid "Digits"
 msgstr "Rakamlar"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "Doğrudan sorgulama, her zaman en son verileri döndürür, ancak önbelleğe alınmış sorgulardan daha yavaş olur."

web/src/locales/zh-Hans.po

@@ -659,6 +659,10 @@ msgstr "Bind 密码"
 msgid "Bind flow"
 msgstr "Bind 流程"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -705,6 +709,10 @@ msgstr "默认情况下，只为源显示图标。启用此选项可显示它们
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "验证端点证书所依据的 CA。可以留空，表示不进行验证。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "缓存流程"
@@ -1033,6 +1041,10 @@ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "配置如何填写 ID 令牌的颁发者字段。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "配置前哨如何查询核心 authentik 服务器的用户。"
@@ -1574,6 +1586,10 @@ msgstr "摘要算法"
 msgid "Digits"
 msgstr "数字"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"

web/src/locales/zh-Hant.po

@@ -659,6 +659,10 @@ msgstr "Bind 密码"
 msgid "Bind flow"
 msgstr "Bind 流程"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -705,6 +709,10 @@ msgstr "默认情况下，只为源显示图标。启用此选项可显示他们
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "验证终端节点证书所依据的 CA。可以留空以表示不进行验证。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "缓存的流程"
@@ -1033,6 +1041,10 @@ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "配置如何填写 ID 令牌的颁发者字段。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "配置前哨如何查询核心 authentik 服务器的用户。"
@@ -1574,6 +1586,10 @@ msgstr "摘要算法"
 msgid "Digits"
 msgstr "数字"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"

web/src/locales/zh_TW.po

@@ -659,6 +659,10 @@ msgstr "Bind 密码"
 msgid "Bind flow"
 msgstr "Bind 流程"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Bind mode"
+msgstr ""
+
 #: src/pages/flows/BoundStagesList.ts
 #: src/pages/flows/BoundStagesList.ts
 msgid "Bind stage"
@@ -705,6 +709,10 @@ msgstr "默认情况下，只为源显示图标。启用此选项可显示他们
 msgid "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 msgstr "验证终端节点证书所依据的 CA。可以留空以表示不进行验证。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr ""
+
 #: src/pages/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
 msgstr "缓存的流程"
@@ -1033,6 +1041,10 @@ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "配置如何填写 ID 令牌的颁发者字段。"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Configure how the outpost authenticates requests."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "配置前哨如何查询核心 authentik 服务器的用户。"
@@ -1574,6 +1586,10 @@ msgstr "摘要算法"
 msgid "Digits"
 msgstr "数字"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Direct querying, always execute the configured bind flow to authenticate the user."
+msgstr ""
+
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying, always returns the latest data, but slower than cached querying."
 msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"

web/src/pages/providers/ldap/LDAPProviderForm.ts

@@ -6,6 +6,7 @@ import { ifDefined } from "lit/directives/if-defined.js";
 import { until } from "lit/directives/until.js";
 
 import {
+    BindModeEnum,
     CoreApi,
     CryptoApi,
     FlowsApi,
@@ -119,6 +120,25 @@ export class LDAPProviderFormPage extends ModelForm<LDAPProvider, number> {
                     ${t`Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed.`}
                 </p>
             </ak-form-element-horizontal>
+            <ak-form-element-horizontal label=${t`Bind mode`} name="bindMode">
+                <select class="pf-c-form-control">
+                    <option
+                        value="${BindModeEnum.Cached}"
+                        ?selected=${this.instance?.bindMode === BindModeEnum.Cached}
+                    >
+                        ${t`Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires.`}
+                    </option>
+                    <option
+                        value="${BindModeEnum.Direct}"
+                        ?selected=${this.instance?.searchMode === BindModeEnum.Direct}
+                    >
+                        ${t`Direct querying, always execute the configured bind flow to authenticate the user.`}
+                    </option>
+                </select>
+                <p class="pf-c-form__helper-text">
+                    ${t`Configure how the outpost authenticates requests.`}
+                </p>
+            </ak-form-element-horizontal>
             <ak-form-element-horizontal label=${t`Search mode`} name="searchMode">
                 <select class="pf-c-form-control">
                     <option