6c4c535d57
* remove @goauthentik/authentik as TS path Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oh yeah Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format earlier changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * support plain alert Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial attempt at dedupe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it a base class Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate all wizards Signed-off-by: Jens Langhammer <jens@goauthentik.io> * create type create mixin to dedupe more, add icon to source create Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ldap icon Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Optimised images with calibre/image-actions * match inverting we should probably replace all icons with coloured ones so we don't need to invert them...I guess Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make everything more explicit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add icons to provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add remaining provider icons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework to not use inheritance Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unrelated typo Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make app wizard use grid layout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep wizard height consistent Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
116 lines
3.6 KiB
Python
116 lines
3.6 KiB
Python
"""LDAP Provider"""
|
|
|
|
from collections.abc import Iterable
|
|
|
|
from django.db import models
|
|
from django.templatetags.static import static
|
|
from django.utils.translation import gettext_lazy as _
|
|
from rest_framework.serializers import Serializer
|
|
|
|
from authentik.core.models import BackchannelProvider, Group
|
|
from authentik.crypto.models import CertificateKeyPair
|
|
from authentik.outposts.models import OutpostModel
|
|
|
|
|
|
class APIAccessMode(models.TextChoices):
|
|
"""API Access modes"""
|
|
|
|
DIRECT = "direct"
|
|
CACHED = "cached"
|
|
|
|
|
|
class LDAPProvider(OutpostModel, BackchannelProvider):
|
|
"""Allow applications to authenticate against authentik's users using LDAP."""
|
|
|
|
base_dn = models.TextField(
|
|
default="DC=ldap,DC=goauthentik,DC=io",
|
|
help_text=_("DN under which objects are accessible."),
|
|
)
|
|
|
|
search_group = models.ForeignKey(
|
|
Group,
|
|
null=True,
|
|
default=None,
|
|
on_delete=models.SET_DEFAULT,
|
|
help_text=_(
|
|
"Users in this group can do search queries. "
|
|
"If not set, every user can execute search queries."
|
|
),
|
|
)
|
|
|
|
tls_server_name = models.TextField(
|
|
default="",
|
|
blank=True,
|
|
)
|
|
certificate = models.ForeignKey(
|
|
CertificateKeyPair,
|
|
on_delete=models.SET_NULL,
|
|
null=True,
|
|
blank=True,
|
|
)
|
|
|
|
uid_start_number = models.IntegerField(
|
|
default=2000,
|
|
help_text=_(
|
|
"The start for uidNumbers, this number is added to the user.pk to make sure that the "
|
|
"numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't "
|
|
"collide with local users uidNumber"
|
|
),
|
|
)
|
|
|
|
gid_start_number = models.IntegerField(
|
|
default=4000,
|
|
help_text=_(
|
|
"The start for gidNumbers, this number is added to a number generated from the "
|
|
"group.pk to make sure that the numbers aren't too low for POSIX groups. Default "
|
|
"is 4000 to ensure that we don't collide with local groups or users "
|
|
"primary groups gidNumber"
|
|
),
|
|
)
|
|
|
|
bind_mode = models.TextField(default=APIAccessMode.DIRECT, choices=APIAccessMode.choices)
|
|
search_mode = models.TextField(default=APIAccessMode.DIRECT, choices=APIAccessMode.choices)
|
|
|
|
mfa_support = models.BooleanField(
|
|
default=True,
|
|
verbose_name="MFA Support",
|
|
help_text=_(
|
|
"When enabled, code-based multi-factor authentication can be used by appending a "
|
|
"semicolon and the TOTP code to the password. This should only be enabled if all "
|
|
"users that will bind to this provider have a TOTP device configured, as otherwise "
|
|
"a password may incorrectly be rejected if it contains a semicolon."
|
|
),
|
|
)
|
|
|
|
@property
|
|
def launch_url(self) -> str | None:
|
|
"""LDAP never has a launch URL"""
|
|
return None
|
|
|
|
@property
|
|
def component(self) -> str:
|
|
return "ak-provider-ldap-form"
|
|
|
|
@property
|
|
def icon_url(self) -> str | None:
|
|
return static("authentik/sources/ldap.png")
|
|
|
|
@property
|
|
def serializer(self) -> type[Serializer]:
|
|
from authentik.providers.ldap.api import LDAPProviderSerializer
|
|
|
|
return LDAPProviderSerializer
|
|
|
|
def __str__(self):
|
|
return f"LDAP Provider {self.name}"
|
|
|
|
def get_required_objects(self) -> Iterable[models.Model | str]:
|
|
required_models = [self, "authentik_core.view_user", "authentik_core.view_group"]
|
|
if self.certificate is not None:
|
|
required_models.append(self.certificate)
|
|
return required_models
|
|
|
|
class Meta:
|
|
verbose_name = _("LDAP Provider")
|
|
verbose_name_plural = _("LDAP Providers")
|