mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 00:27:02 +02:00
Code Issues Projects Releases Wiki Activity
ade75bcf00
vault/ui/app/models/ldap/config.js

130 lines
3.9 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import Model, { attr } from '@ember-data/model';
import { withFormFields } from 'vault/decorators/model-form-fields';
import { withModelValidations } from 'vault/decorators/model-validations';
const validations = {
binddn: [{ type: 'presence', message: 'Administrator distinguished name is required.' }],
bindpass: [{ type: 'presence', message: 'Administrator password is required.' }],
};
const formGroups = [
{ default: ['binddn', 'bindpass', 'url', 'password_policy'] },
{ 'TLS options': ['starttls', 'insecure_tls', 'certificate', 'client_tls_cert', 'client_tls_key'] },
{ 'More options': ['userdn', 'userattr', 'upndomain', 'connection_timeout', 'request_timeout'] },
];
@withModelValidations(validations)
@withFormFields(null, formGroups)
export default class LdapConfigModel extends Model {
@attr('string') backend; // dynamic path of secret -- set on response from value passed to queryRecord
@attr('string', {
label: 'Administrator Distinguished Name',
subText:
'Distinguished name of the administrator to bind (Bind DN) when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com.',
})
binddn;
@attr('string', {
label: 'Administrator Password',
subText: 'Password to use along with Bind DN when performing user search.',
})
bindpass;
@attr('string', {
label: 'URL',
subText: 'The directory server to connect to.',
})
url;
@attr('string', {
editType: 'optionalText',
label: 'Use custom password policy',
subText: 'Specify the name of an existing password policy.',
defaultSubText: 'Unless a custom policy is specified, Vault will use a default.',
defaultShown: 'Default',
docLink: '/vault/docs/concepts/password-policies',
})
password_policy;
@attr('string') schema;
@attr('boolean', {
label: 'Start TLS',
subText: 'If checked, or address contains “ldaps://”, creates an encrypted connection with LDAP.',
})
starttls;
@attr('boolean', {
label: 'Insecure TLS',
subText: 'If checked, skips LDAP server SSL certificate verification - insecure, use with caution!',
})
insecure_tls;
@attr('string', {
editType: 'file',
label: 'CA Certificate',
helpText: 'CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.',
})
certificate;
@attr('string', {
editType: 'file',
label: 'Client TLS Certificate',
helpText: 'Client certificate to provide to the LDAP server, must be x509 PEM encoded.',
})
client_tls_cert;
@attr('string', {
editType: 'file',
label: 'Client TLS Key',
helpText: 'Client key to provide to the LDAP server, must be x509 PEM encoded.',
})
client_tls_key;
@attr('string', {
label: 'Userdn',
helpText: 'The base DN under which to perform user search in library management and static roles.',
})
userdn;
@attr('string', {
label: 'Userattr',
subText: 'The attribute field name used to perform user search in library management and static roles.',
})
userattr;
@attr('string', {
label: 'Upndomain',
subText: 'The domain (userPrincipalDomain) used to construct a UPN string for authentication.',
})
upndomain;
@attr('number', {
editType: 'optionalText',
label: 'Connection Timeout',
subText: 'Specify the connection timeout length in seconds.',
defaultSubText: 'Vault will use the default of 30 seconds.',
defaultShown: 'Default 30 seconds.',
})
connection_timeout;
@attr('number', {
editType: 'optionalText',
label: 'Request Timeout',
subText: 'Specify the connection timeout length in seconds.',
defaultSubText: 'Vault will use the default of 90 seconds.',
defaultShown: 'Default 90 seconds.',
})
request_timeout;
async rotateRoot() {
const adapter = this.store.adapterFor('ldap/config');
return adapter.rotateRoot(this.backend);
}
}
Reference in New Issue View Git Blame Copy Permalink