import "@goauthentik/admin/common/ak-crypto-certificate-search"; import { placeholderHelperText } from "@goauthentik/admin/helperText"; import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { first } from "@goauthentik/common/utils"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import "@goauthentik/elements/forms/SearchSelect"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { CoreApi, CoreGroupsListRequest, Group, LDAPSource, LDAPSourceRequest, PaginatedLDAPPropertyMappingList, PropertymappingsApi, SourcesApi, } from "@goauthentik/api"; @customElement("ak-source-ldap-form") export class LDAPSourceForm extends BaseSourceForm { loadInstance(pk: string): Promise { return new SourcesApi(DEFAULT_CONFIG).sourcesLdapRetrieve({ slug: pk, }); } async load(): Promise { this.propertyMappings = await new PropertymappingsApi( DEFAULT_CONFIG, ).propertymappingsLdapList({ ordering: "managed,object_field", }); } propertyMappings?: PaginatedLDAPPropertyMappingList; async send(data: LDAPSource): Promise { if (this.instance) { return new SourcesApi(DEFAULT_CONFIG).sourcesLdapPartialUpdate({ slug: this.instance.slug, patchedLDAPSourceRequest: data, }); } else { return new SourcesApi(DEFAULT_CONFIG).sourcesLdapCreate({ lDAPSourceRequest: data as unknown as LDAPSourceRequest, }); } } renderForm(): TemplateResult { return html`

${msg( "When the user logs in to authentik using this source password backend, update their credentials in authentik.", )}

${msg( "Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP.", )}

${msg("Connection settings")}

${msg("Specify multiple server URIs by separating them with a comma.")}

${msg("To use SSL instead, use 'ldaps://' and disable this option.")}

${msg("Required for servers using TLS 1.3+")}

${msg( "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate.", )}

${msg( "Client certificate keypair to authenticate against the LDAP Server's Certificate.", )}

${msg("LDAP Attribute mapping")}

${msg("Property mappings used to user creation.")}

${msg("Hold control/command to select multiple items.")}

${msg("Property mappings used to group creation.")}

${msg("Hold control/command to select multiple items.")}

${msg("Additional settings")}
=> { const args: CoreGroupsListRequest = { ordering: "name", }; if (query !== undefined) { args.search = query; } const groups = await new CoreApi(DEFAULT_CONFIG).coreGroupsList( args, ); return groups.results; }} .renderElement=${(group: Group): string => { return group.name; }} .value=${(group: Group | undefined): string | undefined => { return group ? group.pk : undefined; }} .selected=${(group: Group): boolean => { return group.pk === this.instance?.syncParentGroup; }} ?blankable=${true} >

${msg("Parent group for all the groups imported from LDAP.")}

${placeholderHelperText}

${msg("Additional user DN, prepended to the Base DN.")}

${msg("Additional group DN, prepended to the Base DN.")}

${msg("Consider Objects matching this filter to be Users.")}

${msg("Consider Objects matching this filter to be Groups.")}

${msg( "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'", )}

${msg("Field which contains a unique Identifier.")}

`; } }