192 lines
5.2 KiB
YAML
192 lines
5.2 KiB
YAML
attributes:
|
|
domain:
|
|
value: ''
|
|
label: 'Domain name'
|
|
description: 'Name of the Keystone domain'
|
|
weight: 20
|
|
type: "text"
|
|
regex:
|
|
source: '^[a-zA-Z0-9._-]+$'
|
|
error: "Domain name contains unexpected value. Must only contain letters, numbers and characters . / _ / -"
|
|
url:
|
|
value: ''
|
|
label: 'LDAP URL'
|
|
description: 'URL for connecting to the LDAP server.'
|
|
weight: 25
|
|
type: "text"
|
|
regex:
|
|
source: '^ldap[si]?:\/\/([a-zA-Z0-9._-]+)(:[0-9]+)?$'
|
|
error: "LDAP URL is not valid. Should be e.g. 'ldap://example.com'."
|
|
ldap_proxy:
|
|
value: false
|
|
label: "LDAP proxy"
|
|
description: "Enable LDAP proxy."
|
|
weight: 26
|
|
type: "checkbox"
|
|
use_tls:
|
|
value: false
|
|
label: "Use TLS"
|
|
description: "Enable TLS for communicating with the LDAP server."
|
|
weight: 27
|
|
type: "checkbox"
|
|
ca_chain:
|
|
type: "textarea"
|
|
weight: 28
|
|
value: ''
|
|
label: "CA Chain"
|
|
description: "CA trust chain in PEM format."
|
|
restrictions:
|
|
- condition: 'settings:ldap.use_tls.value == false'
|
|
action: "disable"
|
|
regex:
|
|
source: '^(-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$|^$'
|
|
error: "Please provide certificate in PEM format or leave this field empty"
|
|
suffix:
|
|
value: 'cn=example,cn=com'
|
|
label: 'LDAP Suffix'
|
|
description: 'LDAP server suffix.'
|
|
weight: 29
|
|
type: "text"
|
|
user:
|
|
value: 'cn=admin,dc=local'
|
|
label: 'LDAP User'
|
|
description: 'User BindDN to query the LDAP server.'
|
|
weight: 30
|
|
type: "text"
|
|
password:
|
|
value: ''
|
|
label: 'LDAP User Password'
|
|
description: 'Password for the BindDN to query the LDAP server.'
|
|
weight: 35
|
|
type: "password"
|
|
regex:
|
|
source: '^\S+$'
|
|
error: "Password must not contain spaces."
|
|
query_scope:
|
|
value: 'one'
|
|
label: 'LDAP Query Scope'
|
|
description: 'The LDAP scope for queries.'
|
|
weight: 40
|
|
type: "radio"
|
|
values:
|
|
- data: 'one'
|
|
label: 'one'
|
|
description: 'onelevel/singleLevel scope for LDAP queries'
|
|
- data: 'sub'
|
|
label: 'sub'
|
|
description: 'subtree/wholeSubtree scope for LDAP queries'
|
|
user_tree_dn:
|
|
value: 'ou=Users,dc=example,dc=com'
|
|
label: 'Users Tree DN'
|
|
description: 'Search base for users.'
|
|
weight: 45
|
|
type: "text"
|
|
user_filter:
|
|
value: ''
|
|
label: 'User Filter'
|
|
description: 'LDAP search filter for users.'
|
|
weight: 46
|
|
type: "text"
|
|
user_objectclass:
|
|
value: 'inetOrgPerson'
|
|
label: 'User Object Class'
|
|
description: 'LDAP objectclass for users.'
|
|
weight: 50
|
|
type: "text"
|
|
user_id_attribute:
|
|
value: 'cn'
|
|
label: 'User ID Attribute'
|
|
description: 'LDAP attribute mapped to user id.'
|
|
weight: 55
|
|
type: "text"
|
|
user_name_attribute:
|
|
value: 'sn'
|
|
label: 'User Name Attribute'
|
|
description: 'LDAP attribute mapped to user name.'
|
|
weight: 60
|
|
type: "text"
|
|
user_pass_attribute:
|
|
value: 'userPassword'
|
|
label: 'User Password Attribute'
|
|
description: 'LDAP attribute mapped to password.'
|
|
weight: 65
|
|
type: "text"
|
|
user_enabled_attribute:
|
|
value: 'enabled'
|
|
label: 'User Enabled/Disabled Attribute'
|
|
description: 'LDAP attribute mapped to enabled/disabled.'
|
|
weight: 66
|
|
type: "text"
|
|
group_tree_dn:
|
|
value: 'ou=Groups,dc=example,dc=com'
|
|
label: 'Groups Tree DN'
|
|
description: 'Search base for groups.'
|
|
weight: 75
|
|
type: "text"
|
|
group_filter:
|
|
value: ''
|
|
label: 'Group Filter'
|
|
description: 'LDAP search filter for groups.'
|
|
weight: 80
|
|
type: "text"
|
|
group_objectclass:
|
|
value: 'groupOfNames'
|
|
label: 'Group Object Class'
|
|
description: 'LDAP objectclass for groups.'
|
|
weight: 85
|
|
type: "text"
|
|
group_id_attribute:
|
|
value: 'cn'
|
|
label: 'Group ID Attribute'
|
|
description: 'LDAP attribute mapped to group id.'
|
|
weight: 90
|
|
type: "text"
|
|
group_name_attribute:
|
|
value: 'ou'
|
|
label: 'Group Name Attribute'
|
|
description: 'LDAP attribute mapped to group name.'
|
|
weight: 95
|
|
type: "text"
|
|
group_member_attribute:
|
|
value: 'member'
|
|
label: 'Group Member Attribute'
|
|
description: 'LDAP attribute that maps user to group.'
|
|
weight: 100
|
|
type: "text"
|
|
group_desc_attribute:
|
|
value: 'description'
|
|
label: 'Group description Attribute'
|
|
description: 'LDAP attribute mapped to description.'
|
|
weight: 105
|
|
type: "text"
|
|
page_size:
|
|
value: '0'
|
|
label: 'Page Size Attribute'
|
|
description: 'Maximum results per page.'
|
|
weight: 110
|
|
type: "text"
|
|
regex:
|
|
source: '^[0-9]+$'
|
|
error: "Page size contains unexpected value. It must contain only numbers."
|
|
chase_referrals:
|
|
value: 'False'
|
|
label: 'Chase referrals Attribute'
|
|
description: 'Referral chasing behavior for queries.'
|
|
weight: 115
|
|
type: "text"
|
|
regex:
|
|
source: '^[Ff]alse$|^[Tt]rue$'
|
|
error: "Chase referrals must contains boolean values: False or True."
|
|
additional_domains:
|
|
type: "textarea"
|
|
weight: 120
|
|
value: ''
|
|
label: "List of additional Domains"
|
|
description: "Blocks of additional domains/parameters that should be created."
|
|
ldap_proxy_custom_conf:
|
|
type: "textarea"
|
|
weight: 125
|
|
value: ''
|
|
label: "List of custom LDAP proxy configs"
|
|
description: "List of custom LDAP proxy configs."
|