- SPDX-License-Identifier: AGPL-3.0-or-later
-->
<template>
- <fieldset id="ldapSettings-2">
- <p>
- <strong>{{ t('user_ldap', 'Internal Username') }}</strong>
- </p>
- <p class="ldapIndent">
- {{ t('user_ldap', 'By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all DAV services. With this setting, the default behavior can be overridden. Changes will have effect only on newly mapped (added) LDAP users. Leave it empty for default behavior.') }}
- </p>
- <p class="ldapIndent">
- <label for="ldap_expert_username_attr">{{ t('user_ldap', 'Internal Username Attribute:') }}</label>
- <input id="ldap_expert_username_attr"
- type="text"
- name="ldap_expert_username_attr"
- :data-default="ldap_expert_username_attr_default">
- </p>
- <p><strong>{{ t('user_ldap', 'Override UUID detection') }}</strong></p>
- <p class="ldapIndent">
- {{ t('user_ldap', 'By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.') }}
- </p>
- <p class="ldapIndent">
- <label for="ldap_expert_uuid_user_attr">{{ t('user_ldap', 'UUID Attribute for Users:') }}</label>
- <input id="ldap_expert_uuid_user_attr"
- type="text"
- name="ldap_expert_uuid_user_attr"
- :data-default="ldap_expert_uuid_user_attr_default">
- </p>
- <p class="ldapIndent">
- <label for="ldap_expert_uuid_group_attr">{{ t('user_ldap', 'UUID Attribute for Groups:') }}</label>
- <input id="ldap_expert_uuid_group_attr"
- type="text"
- name="ldap_expert_uuid_group_attr"
- :data-default="ldap_expert_uuid_group_attr_default">
- </p>
- <p><strong>{{ t('user_ldap', 'Username-LDAP User Mapping') }}</strong></p>
- <p class="ldapIndent">
- {{ t('user_ldap', 'Usernames are used to store and assign metadata. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.') }}
- </p>
- <p class="ldapIndent">
- <button id="ldap_action_clear_user_mappings" type="button" name="ldap_action_clear_user_mappings">
- {{ t('user_ldap', 'Clear Username-LDAP User Mapping') }}
- </button><br><button id="ldap_action_clear_group_mappings" type="button" name="ldap_action_clear_group_mappings">
- {{ t('user_ldap', 'Clear Groupname-LDAP Group Mapping') }}
- </button>
- </p>
-
- <!-- TODO: What is this -->
- {{ settingControls }}
+ <fieldset class="ldap-wizard__advanced">
+ <summary class="ldap-wizard__advanced__section">
+ <h3>{{ t('user_ldap', 'Connection Settings') }}</h3>
+
+ <NcCheckboxRadioSwitch :checked.sync="ldapConfig.ldapConfigurationActive"
+ value="1"
+ :aria-label="t('user_ldap', 'When unchecked, this configuration will be skipped.')">
+ {{ t('user_ldap', 'Configuration Active') }}
+ </NcCheckboxRadioSwitch>
+
+ <NcTextField autocomplete="off"
+ :label=" t('user_ldap', 'Backup (Replica) Host')"
+ :value.sync="ldapConfig.ldapBackupHost"
+ :helper-text="t('user_ldap', 'Give an optional backup host. It must be a replica of the main LDAP/AD server.')" />
+
+ <NcTextField type="number"
+ :value="ldapConfig.ldapBackupPort"
+ :label="t('user_ldap', 'Backup (Replica) Port') " />
+
+ <NcCheckboxRadioSwitch :checked.sync="ldapConfig.ldapOverrideMainServer"
+ value="1"
+ :aria-label="t('user_ldap', 'Only connect to the replica server.')"
+ ">
+ {{ t('user_ldap', 'Disable Main Server') }}
+ </NcCheckboxRadioSwitch>
+
+ <NcCheckboxRadioSwitch :checked.sync=" ldapConfig.turnOffCertCheck"
+ :aria-label="t('user_ldap', 'Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your {instanceName} server.', { instanceName })"
+ value="1">
+ {{ t('user_ldap', 'Turn off SSL certificate validation.') }}
+ </NcCheckboxRadioSwitch>
+
+ <NcTextField type="number"
+ :label="t('user_ldap', 'Cache Time-To-Live')"
+ :value="ldapConfig.ldapCacheTTL"
+ :helper-text="t('user_ldap', 'in seconds. A change empties the cache.')" />
+ </summary>
+
+ <summary class="ldap-wizard__advanced__section">
+ <h3>{{ t('user_ldap', 'Directory Settings') }}</h3>
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapUserDisplayName"
+ :label="t('user_ldap', 'User Display Name Field')"
+ :helper-text="t('user_ldap', 'The LDAP attribute to use to generate the user\'s display name.')" />
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapUserDisplayName2"
+ :label="t('user_ldap', '2nd User Display Name Field')"
+ :helper-text="t('user_ldap', 'Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.')" />
+
+ <NcTextArea :value.sync="ldapConfig.ldapBaseUsers"
+ :placeholder="t('user_ldap', 'One User Base DN per line')"
+ :label="t('user_ldap', 'Base User Tree')" />
+
+ <NcTextArea :value.sync="ldapConfig.ldapAttributesForUserSearch"
+ :placeholder="t('user_ldap', 'Optional; one attribute per line')"
+ :label="t('user_ldap', 'Base User Tree')"
+ :helper-text="t('user_ldap', 'User Search Attributes')" />
+
+ <NcCheckboxRadioSwitch :checked.sync="ldapConfig.markRemnantsAsDisabled"
+ value="1"
+ :aria-label="t('user_ldap', 'When switched on, users imported from LDAP which are then missing will be disabled')">
+ {{ t('user_ldap', 'Disable users missing from LDAP') }}
+ </NcCheckboxRadioSwitch>
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapGroupDisplayName"
+ :label="t('user_ldap', 'Group Display Name Field')"
+ :title="t('user_ldap', 'The LDAP attribute to use to generate the groups\'s display name.')" />
+
+ <NcTextArea :value.sync="ldapConfig.ldapBaseGroups"
+ :placeholder="t('user_ldap', 'One Group Base DN per line')"
+ :label="t('user_ldap', 'Base Group Tree')" />
+
+ <NcTextArea :value.sync="ldapConfig.ldapAttributesForGroupSearch"
+ :placeholder="t('user_ldap', 'Optional; one attribute per line')"
+ :label="t('user_ldap', 'Group Search Attributes')" />
+
+ <!-- TODO -->
+ <!-- <label for="ldap_group_member_assoc_attribute">{{ t('user_ldap', 'Group-Member association') }}</label>
+ <select id="ldap_group_member_assoc_attribute" :value="ldapConfig.ldapGroupMemberAssocAttribute">
+ <option value="uniqueMember" :selected="ldap_group_member_assoc_attribute === 'uniqueMember'">
+ {{ t('user_ldap', 'uniqueMember') }}
+ </option>
+ <option value="memberUid" :selected="ldap_group_member_assoc_attribute === 'memberUid'">
+ {{ t('user_ldap', 'memberUid') }}
+ </option>
+ <option value="member" :selected="ldap_group_member_assoc_attribute === 'member'">
+ {{ t('user_ldap', 'member (AD)') }}
+ </option>
+ <option value="gidNumber" :selected="ldap_group_member_assoc_attribute === 'gidNumber'">
+ {{ t('user_ldap', 'gidNumber') }}
+ </option>
+ <option value="zimbraMailForwardingAddress"
+ :selected="ldap_group_member_assoc_attribute === 'zimbraMailForwardingAddress'">
+ {{ t('user_ldap', 'zimbraMailForwardingAddress') }}
+ </option>
+ </select> -->
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Dynamic Group Member URL')"
+ :value.sync="ldapConfig.ldapDynamicGroupMemberURL"
+ :helper-text="t('user_ldap', 'The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)')" />
+
+ <NcCheckboxRadioSwitch :checked.sync="ldapConfig.ldapNestedGroups"
+ value="1"
+ :aria-label="t('user_ldap', 'When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)')">
+ {{ t('user_ldap', 'Nested Groups') }}
+ </NcCheckboxRadioSwitch>
+
+ <NcTextField type="number"
+ :label="t('user_ldap', 'Paging chunksize')"
+ :value.sync="ldapConfig.ldapPagingSize"
+ :helper-text="t('user_ldap', 'Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)')" />
+
+ <NcCheckboxRadioSwitch :checked.sync="ldapConfig.turnOnPasswordChange"
+ value="1"
+ :aria-label="t('user_ldap', 'Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.')">
+ {{ t('user_ldap', 'Enable LDAP password changes per user') }}
+ </NcCheckboxRadioSwitch>
+ <span class="tablecell">
+ {{ t('user_ldap', '(New password is sent as plain text to LDAP)') }}
+ </span>
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Default password policy DN')"
+ :value.sync="ldapConfig.ldapDefaultPPolicyDN"
+ :helper-text="t('user_ldap', 'The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.')" />
+ </summary>
+
+ <summary class="ldap-wizard__advanced__section">
+ <h3>{{ t('user_ldap', 'Special Attributes') }}</h3>
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapQuotaAttribute"
+ :label="t('user_ldap', 'Quota Field')"
+ :helper-text="t('user_ldap', 'Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.')" />
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapQuotaDefault"
+ :label="t('user_ldap', 'Quota Default')"
+ :helper-text="t('user_ldap', 'Override default quota for LDAP users who do not have a quota set in the Quota Field.')" />
+
+ <NcTextField autocomplete="off"
+ :value.sync="ldapConfig.ldapEmailAttribute"
+ :label="t('user_ldap', 'Email Field')"
+ :helper-text="t('user_ldap', 'Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'User Home Folder Naming Rule')"
+ :value.sync="ldapConfig.homeFolderNamingRule"
+ :helper-text="t('user_ldap', 'Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', '`$home` Placeholder Field')"
+ :value.sync="ldapConfig.ldapExtStorageHomeAttribute"
+ :helper-text="t('user_ldap', '$home in an external storage configuration will be replaced with the value of the specified attribute')" />
+ </summary>
+
+ <summary class="ldap-wizard__advanced__section">
+ <h3>{{ t('user_ldap', 'User Profile Attributes') }}</h3>
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Phone Field')"
+ :value.sync="ldapConfig.ldapAttributePhone"
+ :helper-text="t('user_ldap', 'User profile Phone will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Website Field')"
+ :value.sync="ldapConfig.ldapAttributeWebsite"
+ :helper-text="t('user_ldap', 'User profile Website will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Address Field')"
+ :value.sync="ldapConfig.ldapAttributeAddress"
+ :helper-text="t('user_ldap', 'User profile Address will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Twitter Field')"
+ :value.sync="ldapConfig.ldapAttributeTwitter"
+ :helper-text="t('user_ldap', 'User profile Twitter will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Fediverse Field')"
+ :value.sync="ldapConfig.ldapAttributeFediverse"
+ :helper-text="t('user_ldap', 'User profile Fediverse will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Organisation Field')"
+ :value.sync="ldapConfig.ldapAttributeOrganisation"
+ :helper-text="t('user_ldap', 'User profile Organisation will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Role Field')"
+ :value.sync="ldapConfig.ldapAttributeRole"
+ :helper-text="t('user_ldap', 'User profile Role will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Headline Field')"
+ :value.sync="ldapConfig.ldapAttributeHeadline"
+ :helper-text="t('user_ldap', 'User profile Headline will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Biography Field')"
+ :value.sync="ldapConfig.ldapAttributeBiography"
+ :helper-text="t('user_ldap', 'User profile Biography will be set from the specified attribute')" />
+
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'Birthdate Field')"
+ :value.sync="ldapConfig.ldapAttributeBirthDate"
+ :helper-text="t('user_ldap', 'User profile Date of birth will be set from the specified attribute')" />
+ </summary>
</fieldset>
</template>
<script lang="ts" setup>
-import { defineProps, PropType } from 'vue'
+import { defineProps, computed } from 'vue'
import { t } from '@nextcloud/l10n'
+import { NcTextField, NcTextArea, NcCheckboxRadioSwitch } from '@nextcloud/vue'
+
+import { useLDAPConfigStore } from '../../store/config'
-import { LDAPConfig } from '../../services/ldapConfigService';
+const ldapConfigStore = useLDAPConfigStore()
-const { ldapConfig } = defineProps({
- ldapConfig: {
- type: Object as PropType<LDAPConfig>,
+const { ldapConfigId } = defineProps({
+ ldapConfigId: {
+ type: String,
required: true,
},
})
-const ldap_expert_username_attr_default = ''
-const ldap_expert_uuid_user_attr_default = ''
-const ldap_expert_uuid_group_attr_default = ''
-const settingControls = ''
+const ldapConfig = computed(() => ldapConfigStore.ldapConfigs[ldapConfigId])
+
+const instanceName = 'TODO'
</script>
+<style lang="scss" scoped>
+.ldap-wizard__advanced {
+ display: flex;
+ flex-direction: column;
+ gap: 16px;
+
+ &__section {
+ display: flex;
+ flex-direction: column;
+ gap: 8px;
+ }
+}
+</style>
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
<template>
- <fieldset id="ldapSettings-1">
- <div id="ldapAdvancedAccordion">
- <h3>{{ t('user_ldap', 'Connection Settings') }}</h3>
- <div>
- <p>
- <label for="ldap_configuration_active">{{ t('user_ldap', 'Configuration Active') }}</label>
- <input id="ldap_configuration_active"
- type="checkbox"
- name="ldap_configuration_active"
- value="1"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapConfigurationActive"
- aria-describedby="ldap_configuration_active_instructions"
- :title="t('user_ldap', 'When unchecked, this configuration will be skipped.')">
- </p>
- <p id="ldap_configuration_active_instructions" class="hidden-visually">
- {{ t('user_ldap', 'When unchecked, this configuration will be skipped.') }}
- </p>
- <p>
- <label for="ldap_backup_host">{{ t('user_ldap', 'Backup (Replica) Host') }}</label>
- <input id="ldap_backup_host"
- type="text"
- name="ldap_backup_host"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapBackupHost"
- aria-describedby="ldap_backup_host_instructions"
- :title="t('user_ldap', 'Give an optional backup host. It must be a replica of the main LDAP/AD server.')">
- </p>
- <p id="ldap_backup_host_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Give an optional backup host. It must be a replica of the main LDAP/AD server.') }}
- </p>
- <p>
- <label for="ldap_backup_port">{{ t('user_ldap', 'Backup (Replica) Port') }}</label>
- <input id="ldap_backup_port"
- type="number"
- name="ldap_backup_port"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapBackupPort">
- </p>
- <p>
- <label for="ldap_override_main_server">{{ t('user_ldap', 'Disable Main Server') }}</label>
- <input id="ldap_override_main_server"
- type="checkbox"
- name="ldap_override_main_server"
- value="1"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapOverrideMainServer"
- aria-describedby="ldap_override_main_server_instructions"
- :title="t('user_ldap', 'Only connect to the replica server.')">
- </p>
- <p id="ldap_override_main_server_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Only connect to the replica server.') }}
- </p>
- <p>
- <label for="ldap_turn_off_cert_check">{{ t('user_ldap', 'Turn off SSL certificate validation.') }}</label>
- <input id="ldap_turn_off_cert_check"
- type="checkbox"
- name="ldap_turn_off_cert_check"
- aria-describedby="ldap_turn_off_cert_check_instructions"
- :title="t('user_ldap', 'Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your {serverName} server.', { serverName: theme.getName() })"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapTurnOffCertCheck"
- value="1">
- </p>
- <p id="ldap_turn_off_cert_check_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your {serverName} server.', { serverName: theme.getName() }) }}
- </p>
- <br>
- <p>
- <label for="ldap_cache_ttl">{{ t('user_ldap', 'Cache Time-To-Live') }}</label>
- <input id="ldap_cache_ttl"
- type="number"
- name="ldap_cache_ttl"
- aria-describedby="ldap_cache_ttl_instructions"
- :title="t('user_ldap', 'in seconds. A change empties the cache.')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapCacheTtl">
- </p>
- <p id="ldap_cache_ttl_instructions" class="hidden-visually">
- {{ t('user_ldap', 'in seconds. A change empties the cache.') }}
- </p>
- </div>
- <h3>{{ t('user_ldap', 'Directory Settings') }}</h3>
- <div>
- <p>
- <label for="ldap_display_name">{{ t('user_ldap', 'User Display Name Field') }}</label>
- <input id="ldap_display_name"
- type="text"
- name="ldap_display_name"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapDisplayName"
- aria-describedby="ldap_display_name_instructions"
- :title="t('user_ldap', 'The LDAP attribute to use to generate the user\'s display name.')">
- </p>
- <p id="ldap_display_name_instructions" class="hidden-visually">
- {{ t('user_ldap', 'The LDAP attribute to use to generate the user\'s display name.') }}
- </p>
- <p>
- <label for="ldap_user_display_name_2">{{ t('user_ldap', '2nd User Display Name Field') }}</label>
- <input id="ldap_user_display_name_2"
- type="text"
- name="ldap_user_display_name_2"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapUserDisplayName2"
- aria-describedby="ldap_user_display_name_2_instructions"
- :title="t('user_ldap', 'Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.')">
- </p>
- <p id="ldap_user_display_name_2_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.') }}
- </p>
- <p>
- <label for="ldap_base_users">{{ t('user_ldap', 'Base User Tree') }}</label><textarea id="ldap_base_users"
- name="ldap_base_users"
- :placeholder="t('user_ldap', 'One User Base DN per line')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapBaseUsers"
- aria-describedby="ldap_base_users_instructions"
- :title="t('user_ldap', 'Base User Tree')" />
- </p>
- <p id="ldap_base_users_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Base User Tree') }}
- </p>
- <p>
- <label for="ldap_attributes_for_user_search">{{ t('user_ldap', 'User Search Attributes') }}</label><textarea id="ldap_attributes_for_user_search"
- name="ldap_attributes_for_user_search"
- :placeholder="t('user_ldap', 'Optional; one attribute per line')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttributesForUserSearch"
- aria-describedby="ldap_attributes_for_user_search_instructions"
- :title="t('user_ldap', 'User Search Attributes')" />
- </p>
- <p id="ldap_attributes_for_user_search_instructions" class="hidden-visually">
- {{ t('user_ldap', 'User Search Attributes') }}
- </p>
- <p>
- <label for="ldap_mark_remnants_as_disabled">{{ t('user_ldap', 'Disable users missing from LDAP') }}</label>
- <input id="ldap_mark_remnants_as_disabled"
- type="checkbox"
- name="ldap_mark_remnants_as_disabled"
- value="1"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapMarkRemnantsAsDisabled"
- aria-describedby="ldap_mark_remnants_as_disabled_instructions"
- :title="t('user_ldap', 'When switched on, users imported from LDAP which are then missing will be disabled')">
- </p>
- <p id="ldap_mark_remnants_as_disabled_instructions" class="hidden-visually">
- {{ t('user_ldap', 'When switched on, users imported from LDAP which are then missing will be disabled') }}
- </p>
- <p>
- <label for="ldap_group_display_name">{{ t('user_ldap', 'Group Display Name Field') }}</label>
- <input id="ldap_group_display_name"
- type="text"
- name="ldap_group_display_name"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapGroupDisplayName"
- aria-describedby="ldap_group_display_name_instructions"
- :title="t('user_ldap', 'The LDAP attribute to use to generate the groups\'s display name.')">
- </p>
- <p id="ldap_group_display_name_instructions" class="hidden-visually">
- {{ t('user_ldap', 'The LDAP attribute to use to generate the groups\'s display name.') }}
- </p>
- <p>
- <label for="ldap_base_groups">{{ t('user_ldap', 'Base Group Tree') }}</label><textarea id="ldap_base_groups"
- name="ldap_base_groups"
- :placeholder="t('user_ldap', 'One Group Base DN per line')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapBaseGroups"
- aria-describedby="ldap_base_groups_instructions"
- :title="t('user_ldap', 'Base Group Tree')" />
- </p>
- <p id="ldap_base_groups_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Base Group Tree') }}
- </p>
- <p>
- <label for="ldap_attributes_for_group_search">{{ t('user_ldap', 'Group Search Attributes') }}</label><textarea id="ldap_attributes_for_group_search"
- name="ldap_attributes_for_group_search"
- :placeholder="t('user_ldap', 'Optional; one attribute per line')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttributesForGroupSearch"
- aria-describedby="ldap_attributes_for_group_search_instructions"
- :title="t('user_ldap', 'Group Search Attributes')" />
- </p>
- <p id="ldap_attributes_for_group_search_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Group Search Attributes') }}
- </p>
- <p>
- <label for="ldap_group_member_assoc_attribute">{{ t('user_ldap', 'Group-Member association') }}</label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" :data-default="ldapConfigStore.defaultLdapConfig.ldapGroupMemberAssocAttribute">
- <option value="uniqueMember" :selected="ldap_group_member_assoc_attribute === 'uniqueMember'">
- {{ t('user_ldap', 'uniqueMember') }}
- </option>
- <option value="memberUid" :selected="ldap_group_member_assoc_attribute === 'memberUid'">
- {{ t('user_ldap', 'memberUid') }}
- </option>
- <option value="member" :selected="ldap_group_member_assoc_attribute === 'member'">
- {{ t('user_ldap', 'member (AD)') }}
- </option>
- <option value="gidNumber" :selected="ldap_group_member_assoc_attribute === 'gidNumber'">
- {{ t('user_ldap', 'gidNumber') }}
- </option>
- <option value="zimbraMailForwardingAddress" :selected="ldap_group_member_assoc_attribute === 'zimbraMailForwardingAddress'">
- {{ t('user_ldap', 'zimbraMailForwardingAddress') }}
- </option>
- </select>
- </p>
- <p>
- <label for="ldap_dynamic_group_member_url">{{ t('user_ldap', 'Dynamic Group Member URL') }}</label>
- <input id="ldap_dynamic_group_member_url"
- type="text"
- name="ldap_dynamic_group_member_url"
- aria-describedby="ldap_dynamic_group_member_url_instructions"
- :title="t('user_ldap', 'The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapDynamicGroupMemberUrl">
- </p>
- <p id="ldap_dynamic_group_member_url_instructions" class="hidden-visually">
- {{ t('user_ldap', 'The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)') }}
- </p>
- <p>
- <label for="ldap_nested_groups">{{ t('user_ldap', 'Nested Groups') }}</label>
- <input id="ldap_nested_groups"
- type="checkbox"
- name="ldap_nested_groups"
- value="1"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapNestedGroups"
- aria-describedby="ldap_nested_groups_instructions"
- :title="t('user_ldap', 'When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)')">
- </p>
- <p id="ldap_nested_groups_instructions" class="hidden-visually">
- {{ t('user_ldap', 'When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)') }}
- </p>
- <p>
- <label for="ldap_paging_size">{{ t('user_ldap', 'Paging chunksize') }}</label>
- <input id="ldap_paging_size"
- type="number"
- name="ldap_paging_size"
- aria-describedby="ldap_paging_size_instructions"
- :title="t('user_ldap', 'Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapPagingSize">
- </p>
- <p id="ldap_paging_size_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)') }}
- </p>
- <p>
- <label for="ldap_turn_on_pwd_change">{{ t('user_ldap', 'Enable LDAP password changes per user') }}</label><span class="inlinetable"><span class="tablerow left"><input id="ldap_turn_on_pwd_change"
- type="checkbox"
- name="ldap_turn_on_pwd_change"
- value="1"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapTurnOnPwdChange"
- aria-describedby="ldap_turn_on_pwd_change_instructions"
- :title="t('user_ldap', 'Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.')"><p id="ldap_turn_on_pwd_change_instructions" class="hidden-visually">{{ t('user_ldap', 'Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.') }}</p><span class="tablecell">{{ t('user_ldap', '(New password is sent as plain text to LDAP)') }}</span></span>
- </span><br>
- </p>
- <p>
- <label for="ldapConfigStore.defaultLdapConfig.ldapPpolicyDn">{{ t('user_ldap', 'Default password policy DN') }}</label>
- <input id="ldapConfigStore.defaultLdapConfig.ldapPpolicyDn"
- type="text"
- name="ldapConfigStore.defaultLdapConfig.ldapPpolicyDn"
- aria-describedby="ldapConfigStore.defaultLdapConfig.ldapPpolicyDnInstructions"
- :title="t('user_ldap', 'The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapPpolicyDn">
- </p>
- <p id="ldapConfigStore.defaultLdapConfig.ldapPpolicyDnInstructions" class="hidden-visually">
- {{ t('user_ldap', 'The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.') }}
- </p>
- </div>
- <h3>{{ t('user_ldap', 'Special Attributes') }}</h3>
- <div>
- <p>
- <label for="ldap_quota_attr">{{ t('user_ldap', 'Quota Field') }}</label>
- <input id="ldap_quota_attr"
- type="text"
- name="ldap_quota_attr"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapQuotaAttr"
- aria-describedby="ldap_quota_attr_instructions"
- :title="t('user_ldap', 'Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.')">
- </p>
- <p id="ldap_quota_attr_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.') }}
- </p>
- <p>
- <label for="ldap_quota_def">{{ t('user_ldap', 'Quota Default') }}</label>
- <input id="ldap_quota_def"
- type="text"
- name="ldap_quota_def"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapQuotaDef"
- aria-describedby="ldap_quota_def_instructions"
- :title="t('user_ldap', 'Override default quota for LDAP users who do not have a quota set in the Quota Field.')">
- </p>
- <p id="ldap_quota_def_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Override default quota for LDAP users who do not have a quota set in the Quota Field.') }}
- </p>
- <p>
- <label for="ldap_email_attr">{{ t('user_ldap', 'Email Field') }}</label>
- <input id="ldap_email_attr"
- type="text"
- name="ldap_email_attr"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapEmailAttr"
- aria-describedby="ldap_email_attr_instructions"
- :title="t('user_ldap', 'Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.')">
- </p>
- <p id="ldap_email_attr_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.') }}
- </p>
- <p>
- <label for="home_folder_naming_rule">{{ t('user_ldap', 'User Home Folder Naming Rule') }}</label>
- <input id="home_folder_naming_rule"
- type="text"
- name="home_folder_naming_rule"
- aria-describedby="home_folder_naming_rule_instructions"
- :title="t('user_ldap', 'Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.')"
- :data-default="ldapConfigStore.defaultLdapConfig.homeFolderNamingRule">
- </p>
- <p id="home_folder_naming_rule_instructions" class="hidden-visually">
- {{ t('user_ldap', 'Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.') }}
- </p>
- <p>
- <label for="ldap_ext_storage_home_attribute"> {{ t('user_ldap', '"$home" Placeholder Field') }}</label>
- <input id="ldap_ext_storage_home_attribute"
- type="text"
- name="ldap_ext_storage_home_attribute"
- aria-describedby="ldap_ext_storage_home_attribute_instructions"
- :title="t('user_ldap', '$home in an external storage configuration will be replaced with the value of the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapExtStorageHomeAttribute">
- </p>
- <p id="ldap_ext_storage_home_attribute_instructions" class="hidden-visually">
- {{ t('user_ldap', '$home in an external storage configuration will be replaced with the value of the specified attribute') }}
- </p>
- </div>
- <h3>
- {{ t('user_ldap', 'User Profile Attributes') }}
- </h3>
- <div>
- <p>
- <label for="ldap_attr_phone"> {{ t('user_ldap', 'Phone Field') }}</label>
- <input id="ldap_attr_phone"
- type="text"
- name="ldap_attr_phone"
- :title="t('user_ldap', 'User profile Phone will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrPhone">
- </p>
- <p>
- <label for="ldap_attr_website"> {{ t('user_ldap', 'Website Field') }}</label>
- <input id="ldap_attr_website"
- type="text"
- name="ldap_attr_website"
- :title="t('user_ldap', 'User profile Website will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrWebsite">
- </p>
- <p>
- <label for="ldap_attr_address"> {{ t('user_ldap', 'Address Field') }}</label>
- <input id="ldap_attr_address"
- type="text"
- name="ldap_attr_address"
- :title="t('user_ldap', 'User profile Address will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrAddress">
- </p>
- <p>
- <label for="ldap_attr_twitter"> {{ t('user_ldap', 'Twitter Field') }}</label>
- <input id="ldap_attr_twitter"
- type="text"
- name="ldap_attr_twitter"
- :title="t('user_ldap', 'User profile Twitter will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrTwitter">
- </p>
- <p>
- <label for="ldap_attr_fediverse"> {{ t('user_ldap', 'Fediverse Field') }}</label>
- <input id="ldap_attr_fediverse"
- type="text"
- name="ldap_attr_fediverse"
- :title="t('user_ldap', 'User profile Fediverse will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrFediverse">
- </p>
- <p>
- <label for="ldap_attr_organisation"> {{ t('user_ldap', 'Organisation Field') }}</label>
- <input id="ldap_attr_organisation"
- type="text"
- name="ldap_attr_organisation"
- :title="t('user_ldap', 'User profile Organisation will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrOrganisation">
- </p>
- <p>
- <label for="ldap_attr_role"> {{ t('user_ldap', 'Role Field') }}</label>
- <input id="ldap_attr_role"
- type="text"
- name="ldap_attr_role"
- :title="t('user_ldap', 'User profile Role will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrRole">
- </p>
- <p>
- <label for="ldap_attr_headline"> {{ t('user_ldap', 'Headline Field') }}</label>
- <input id="ldap_attr_headline"
- type="text"
- name="ldap_attr_headline"
- :title="t('user_ldap', 'User profile Headline will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrHeadline">
- </p>
- <p>
- <label for="ldap_attr_biography"> {{ t('user_ldap', 'Biography Field') }}</label>
- <input id="ldap_attr_biography"
- type="text"
- name="ldap_attr_biography"
- :title="t('user_ldap', 'User profile Biography will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrBiography">
- </p>
- <p>
- <label for="ldap_attr_birthdate"> {{ t('user_ldap', 'Birthdate Field') }}</label>
- <input id="ldap_attr_birthdate"
- type="text"
- name="ldap_attr_birthdate"
- :title="t('user_ldap', 'User profile Date of birth will be set from the specified attribute')"
- :data-default="ldapConfigStore.defaultLdapConfig.ldapAttrBirthdate">
- </p>
- </div>
+ <fieldset class="ldap-wizard__expert">
+ <div class="ldap-wizard__expert__line">
+ <strong>{{ t('user_ldap', 'Internal Username') }}</strong>
+ <label for="ldap_expert_username_attr">{{ t('user_ldap', 'By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all DAV services. With this setting, the default behavior can be overridden. Changes will have effect only on newly mapped (added) LDAP users. Leave it empty for default behavior.') }}</label>
+ <NcTextField id="ldap_expert_username_attr"
+ autocomplete="off"
+ :label="t('user_ldap', 'Internal Username Attribute:')"
+ :value.sync="ldapConfig.ldapExpertUsernameAttr"
+ :label-outside="true" />
+ </div>
+
+ <div class="ldap-wizard__expert__line">
+ <strong>{{ t('user_ldap', 'Override UUID detection') }}</strong>
+ <label for="ldap_expert_uuid_user_attr">{{ t('user_ldap', 'By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.') }}</label>
+ <NcTextField id="ldap_expert_uuid_user_attr"
+ autocomplete="off"
+ :label="t('user_ldap', 'UUID Attribute for Users')"
+ :value.sync="ldapConfig.ldapExpertUUIDUserAttr" />
+ <NcTextField autocomplete="off"
+ :label="t('user_ldap', 'UUID Attribute for Groups')"
+ :value.sync="ldapConfig.ldapExpertUUIDGroupAttr" />
+ </div>
+
+ <div class="ldap-wizard__expert__line">
+ <strong>{{ t('user_ldap', 'Username-LDAP User Mapping') }}</strong>
+ {{ t('user_ldap', 'Usernames are used to store and assign metadata. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.') }}
+ <NcButton id="ldap_action_clear_user_mappings" type="button" name="ldap_action_clear_user_mappings">
+ {{ t('user_ldap', 'Clear Username-LDAP User Mapping') }}
+ </NcButton>
+ <NcButton id="ldap_action_clear_group_mappings" type="button" name="ldap_action_clear_group_mappings">
+ {{ t('user_ldap', 'Clear Groupname-LDAP Group Mapping') }}
+ </NcButton>
</div>
- <!-- TODO: What is this -->
- {{ settingControls }}
</fieldset>
</template>
<script lang="ts" setup>
-import { defineProps, PropType } from 'vue'
+import { computed, defineProps } from 'vue'
import { t } from '@nextcloud/l10n'
+import { NcTextField, NcButton } from '@nextcloud/vue'
-import { LDAPConfig } from '../../models'
import { useLDAPConfigStore } from '../../store/config'
-const { ldapConfig } = defineProps({
- ldapConfig: {
- type: Object as PropType<LDAPConfig>,
+const ldapConfigStore = useLDAPConfigStore()
+
+const { ldapConfigId } = defineProps({
+ ldapConfigId: {
+ type: String,
required: true,
},
})
-const ldapConfigStore = useLDAPConfigStore()
+const ldapConfig = computed(() => ldapConfigStore.ldapConfigs[ldapConfigId])
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__expert {
+ display: flex;
+ flex-direction: column;
+ gap: 16px;
-const settingControls = ''
-const theme = {
- getName() {
- return 'TODO'
- },
+ &__line {
+ display: flex;
+ flex-direction: column;
+ padding-left: 32px;
+ gap: 4px;
+ }
}
-</script>
+</style>
projects / nextcloud-server.git / commitdiff