import "@goauthentik/admin/common/ak-crypto-certificate-search"; import { placeholderHelperText } from "@goauthentik/admin/helperText"; import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import "@goauthentik/elements/forms/SearchSelect"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { CoreApi, CoreGroupsListRequest, Group, LDAPSource, LDAPSourceRequest, SourcesApi, } from "@goauthentik/api"; import { propertyMappingsProvider, propertyMappingsSelector } from "./LDAPSourceFormHelpers.js"; @customElement("ak-source-ldap-form") export class LDAPSourceForm extends BaseSourceForm { loadInstance(pk: string): Promise { return new SourcesApi(DEFAULT_CONFIG).sourcesLdapRetrieve({ slug: pk, }); } async send(data: LDAPSource): Promise { if (this.instance) { return new SourcesApi(DEFAULT_CONFIG).sourcesLdapPartialUpdate({ slug: this.instance.slug, patchedLDAPSourceRequest: data, }); } return new SourcesApi(DEFAULT_CONFIG).sourcesLdapCreate({ lDAPSourceRequest: data as unknown as LDAPSourceRequest, }); } renderForm(): TemplateResult { return html`

${msg( "When the user logs in to authentik using this source password backend, update their credentials in authentik.", )}

${msg( "Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP.", )}

${msg("Connection settings")}

${msg("Specify multiple server URIs by separating them with a comma.")}

${msg("To use SSL instead, use 'ldaps://' and disable this option.")}

${msg("Required for servers using TLS 1.3+")}

${msg( "When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate.", )}

${msg( "Client certificate keypair to authenticate against the LDAP Server's Certificate.", )}

${msg("LDAP Attribute mapping")}

${msg("Property mappings for user creation.")}

${msg("Property mappings for group creation.")}

${msg("Additional settings")}
=> { const args: CoreGroupsListRequest = { ordering: "name", includeUsers: false, }; if (query !== undefined) { args.search = query; } const groups = await new CoreApi(DEFAULT_CONFIG).coreGroupsList( args, ); return groups.results; }} .renderElement=${(group: Group): string => { return group.name; }} .value=${(group: Group | undefined): string | undefined => { return group ? group.pk : undefined; }} .selected=${(group: Group): boolean => { return group.pk === this.instance?.syncParentGroup; }} ?blankable=${true} >

${msg("Parent group for all the groups imported from LDAP.")}

${placeholderHelperText}

${msg("Additional user DN, prepended to the Base DN.")}

${msg("Additional group DN, prepended to the Base DN.")}

${msg("Consider Objects matching this filter to be Users.")}

${msg("Consider Objects matching this filter to be Groups.")}

${msg( "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute.", )}

${msg( "Field which contains DNs of groups the user is a member of. This field is used to lookup groups from users, e.g. 'memberOf'. To lookup nested groups in an Active Directory environment use 'memberOf:1.2.840.113556.1.4.1941:'.", )}

${msg("Field which contains a unique Identifier.")}

`; } } declare global { interface HTMLElementTagNameMap { "ak-source-ldap-form": LDAPSourceForm; } }