Merge branch 'main' into 5165-password-strength-indicator
* main: (23 commits) web: bump API Client version (#5935) sources/ldap: add support for cert based auth (#5850) ci: replace status with state for auto-deployment ci: don't write CI status to file ci: add workflow to automatically update next branch (#5921) providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933) root: revert to use secret_key for JWT signing (#5934) sources/ldap: fix duplicate bind when authenticating user directly to… (#5927) web: bump core-js from 3.30.2 to 3.31.0 in /web (#5928) core: bump pytest from 7.3.1 to 7.3.2 (#5929) web: bump @rollup/plugin-commonjs from 25.0.0 to 25.0.1 in /web (#5931) web: bump @formatjs/intl-listformat from 7.3.0 to 7.4.0 in /web (#5932) core: bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 (#5930) website/integrations: Fix header in dokuwiki instructions (#5926) providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918) web: bump @babel/core from 7.22.1 to 7.22.5 in /web (#5909) web: bump @babel/plugin-proposal-decorators from 7.22.3 to 7.22.5 in /web (#5910) web: bump @babel/preset-typescript from 7.21.5 to 7.22.5 in /web (#5912) web: bump @babel/preset-env from 7.22.4 to 7.22.5 in /web (#5915) core: bump requests-mock from 1.10.0 to 1.11.0 (#5911) ...
This commit is contained in:
commit
a75c9434d9
|
@ -0,0 +1,25 @@
|
|||
name: authentik-on-release-next-branch
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 12 * * *" # every day at noon
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
update-next:
|
||||
runs-on: ubuntu-latest
|
||||
environment: internal-production
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
ref: main
|
||||
- id: main-state
|
||||
run: |
|
||||
state=$(curl -fsSL -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ github.token }}" "https://api.github.com/repos/${{ github.repository }}/commits/HEAD/state" | jq -r '.state')
|
||||
echo "state=${state}" >> $GITHUB_OUTPUT
|
||||
- if: ${{ steps.main-state.outputs.state == 'success' }}
|
||||
run: |
|
||||
git push origin next --force
|
2
Makefile
2
Makefile
|
@ -151,7 +151,7 @@ web-check-compile:
|
|||
cd web && npm run tsc
|
||||
|
||||
web-i18n-extract:
|
||||
cd web && npm run extract
|
||||
cd web && npm run extract-locales
|
||||
|
||||
#########################
|
||||
## Website
|
||||
|
|
|
@ -376,10 +376,10 @@ class Application(SerializerModel, PolicyBindingModel):
|
|||
def get_launch_url(self, user: Optional["User"] = None) -> Optional[str]:
|
||||
"""Get launch URL if set, otherwise attempt to get launch URL based on provider."""
|
||||
url = None
|
||||
if provider := self.get_provider():
|
||||
url = provider.launch_url
|
||||
if self.meta_launch_url:
|
||||
url = self.meta_launch_url
|
||||
elif provider := self.get_provider():
|
||||
url = provider.launch_url
|
||||
if user and url:
|
||||
if isinstance(user, SimpleLazyObject):
|
||||
user._setup()
|
||||
|
|
|
@ -105,7 +105,9 @@ class LDAPOutpostConfigSerializer(ModelSerializer):
|
|||
class LDAPOutpostConfigViewSet(ReadOnlyModelViewSet):
|
||||
"""LDAPProvider Viewset"""
|
||||
|
||||
queryset = LDAPProvider.objects.filter(application__isnull=False)
|
||||
queryset = LDAPProvider.objects.filter(
|
||||
Q(application__isnull=False) | Q(backchannel_application__isnull=False)
|
||||
)
|
||||
serializer_class = LDAPOutpostConfigSerializer
|
||||
ordering = ["name"]
|
||||
search_fields = ["name"]
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
"""LDAP Provider API tests"""
|
||||
from json import loads
|
||||
|
||||
from django.urls import reverse
|
||||
from rest_framework.test import APITestCase
|
||||
|
||||
from authentik.core.models import Application
|
||||
from authentik.core.tests.utils import create_test_admin_user, create_test_flow
|
||||
from authentik.lib.generators import generate_id
|
||||
from authentik.providers.ldap.models import LDAPProvider
|
||||
|
||||
|
||||
class TestLDAPProviderAPI(APITestCase):
|
||||
"""LDAP Provider API tests"""
|
||||
|
||||
def test_outpost_application(self):
|
||||
"""Test outpost-like provider retrieval (direct connection)"""
|
||||
provider = LDAPProvider.objects.create(
|
||||
name=generate_id(),
|
||||
authorization_flow=create_test_flow(),
|
||||
)
|
||||
Application.objects.create(
|
||||
name=generate_id(),
|
||||
slug=generate_id(),
|
||||
provider=provider,
|
||||
)
|
||||
user = create_test_admin_user()
|
||||
self.client.force_login(user)
|
||||
res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list"))
|
||||
self.assertEqual(res.status_code, 200)
|
||||
data = loads(res.content.decode())
|
||||
self.assertEqual(data["pagination"]["count"], 1)
|
||||
self.assertEqual(len(data["results"]), 1)
|
||||
|
||||
def test_outpost_application_backchannel(self):
|
||||
"""Test outpost-like provider retrieval (backchannel connection)"""
|
||||
provider = LDAPProvider.objects.create(
|
||||
name=generate_id(),
|
||||
authorization_flow=create_test_flow(),
|
||||
)
|
||||
app: Application = Application.objects.create(
|
||||
name=generate_id(),
|
||||
slug=generate_id(),
|
||||
)
|
||||
app.backchannel_providers.add(provider)
|
||||
user = create_test_admin_user()
|
||||
self.client.force_login(user)
|
||||
res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list"))
|
||||
self.assertEqual(res.status_code, 200)
|
||||
data = loads(res.content.decode())
|
||||
self.assertEqual(data["pagination"]["count"], 1)
|
||||
self.assertEqual(len(data["results"]), 1)
|
|
@ -2,6 +2,6 @@
|
|||
from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet
|
||||
|
||||
api_urlpatterns = [
|
||||
("outposts/ldap", LDAPOutpostConfigViewSet),
|
||||
("outposts/ldap", LDAPOutpostConfigViewSet, "ldapprovideroutpost"),
|
||||
("providers/ldap", LDAPProviderViewSet),
|
||||
]
|
||||
|
|
|
@ -17,6 +17,7 @@ from django.urls import reverse
|
|||
from django.utils.translation import gettext_lazy as _
|
||||
from jwt import encode
|
||||
from rest_framework.serializers import Serializer
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.models import ExpiringModel, PropertyMapping, Provider, User
|
||||
from authentik.crypto.models import CertificateKeyPair
|
||||
|
@ -26,6 +27,8 @@ from authentik.lib.utils.time import timedelta_string_validator
|
|||
from authentik.providers.oauth2.id_token import IDToken, SubModes
|
||||
from authentik.sources.oauth.models import OAuthSource
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
|
||||
def generate_client_secret() -> str:
|
||||
"""Generate client secret with adequate length"""
|
||||
|
@ -251,8 +254,12 @@ class OAuth2Provider(Provider):
|
|||
if self.redirect_uris == "":
|
||||
return None
|
||||
main_url = self.redirect_uris.split("\n", maxsplit=1)[0]
|
||||
try:
|
||||
launch_url = urlparse(main_url)._replace(path="")
|
||||
return urlunparse(launch_url)
|
||||
except ValueError as exc:
|
||||
LOGGER.warning("Failed to format launch url", exc=exc)
|
||||
return None
|
||||
|
||||
@property
|
||||
def component(self) -> str:
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
"""Test OAuth2 API"""
|
||||
from json import loads
|
||||
from sys import version_info
|
||||
from unittest import skipUnless
|
||||
|
||||
from django.urls import reverse
|
||||
from rest_framework.test import APITestCase
|
||||
|
@ -42,3 +44,14 @@ class TestAPI(APITestCase):
|
|||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["issuer"], "http://testserver/application/o/test/")
|
||||
|
||||
# https://github.com/goauthentik/authentik/pull/5918
|
||||
@skipUnless(version_info >= (3, 11, 4), "This behaviour is only Python 3.11.4 and up")
|
||||
def test_launch_url(self):
|
||||
"""Test launch_url"""
|
||||
self.provider.redirect_uris = (
|
||||
"https://[\\d\\w]+.pr.test.goauthentik.io/source/oauth/callback/authentik/\n"
|
||||
)
|
||||
self.provider.save()
|
||||
self.provider.refresh_from_db()
|
||||
self.assertIsNone(self.provider.launch_url)
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
from authentik.providers.proxy.api import ProxyOutpostConfigViewSet, ProxyProviderViewSet
|
||||
|
||||
api_urlpatterns = [
|
||||
("outposts/proxy", ProxyOutpostConfigViewSet),
|
||||
("outposts/proxy", ProxyOutpostConfigViewSet, "proxyprovideroutpost"),
|
||||
("providers/proxy", ProxyProviderViewSet),
|
||||
]
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
from authentik.providers.radius.api import RadiusOutpostConfigViewSet, RadiusProviderViewSet
|
||||
|
||||
api_urlpatterns = [
|
||||
("outposts/radius", RadiusOutpostConfigViewSet),
|
||||
("outposts/radius", RadiusOutpostConfigViewSet, "radiusprovideroutpost"),
|
||||
("providers/radius", RadiusProviderViewSet),
|
||||
]
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
"""Dynamically set SameSite depending if the upstream connection is TLS or not"""
|
||||
from functools import lru_cache
|
||||
from hashlib import sha512
|
||||
from time import time
|
||||
from timeit import default_timer
|
||||
|
@ -17,16 +16,10 @@ from jwt import PyJWTError, decode, encode
|
|||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.lib.utils.http import get_client_ip
|
||||
from authentik.root.install_id import get_install_id
|
||||
|
||||
LOGGER = get_logger("authentik.asgi")
|
||||
ACR_AUTHENTIK_SESSION = "goauthentik.io/core/default"
|
||||
|
||||
|
||||
@lru_cache
|
||||
def get_signing_hash():
|
||||
"""Get cookie JWT signing hash"""
|
||||
return sha512(get_install_id().encode()).hexdigest()
|
||||
SIGNING_HASH = sha512(settings.SECRET_KEY.encode()).hexdigest()
|
||||
|
||||
|
||||
class SessionMiddleware(UpstreamSessionMiddleware):
|
||||
|
@ -54,7 +47,7 @@ class SessionMiddleware(UpstreamSessionMiddleware):
|
|||
# for testing setups, where the session is directly set
|
||||
session_key = key if settings.TEST else None
|
||||
try:
|
||||
session_payload = decode(key, get_signing_hash(), algorithms=["HS256"])
|
||||
session_payload = decode(key, SIGNING_HASH, algorithms=["HS256"])
|
||||
session_key = session_payload["sid"]
|
||||
except (KeyError, PyJWTError):
|
||||
pass
|
||||
|
@ -121,7 +114,7 @@ class SessionMiddleware(UpstreamSessionMiddleware):
|
|||
}
|
||||
if request.user.is_authenticated:
|
||||
payload["sub"] = request.user.uid
|
||||
value = encode(payload=payload, key=get_signing_hash())
|
||||
value = encode(payload=payload, key=SIGNING_HASH)
|
||||
if settings.TEST:
|
||||
value = request.session.session_key
|
||||
response.set_cookie(
|
||||
|
|
|
@ -8,6 +8,7 @@ from drf_spectacular.utils import extend_schema, extend_schema_field, inline_ser
|
|||
from rest_framework.decorators import action
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.fields import DictField, ListField
|
||||
from rest_framework.relations import PrimaryKeyRelatedField
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
|
@ -16,6 +17,7 @@ from authentik.admin.api.tasks import TaskSerializer
|
|||
from authentik.core.api.propertymappings import PropertyMappingSerializer
|
||||
from authentik.core.api.sources import SourceSerializer
|
||||
from authentik.core.api.used_by import UsedByMixin
|
||||
from authentik.crypto.models import CertificateKeyPair
|
||||
from authentik.events.monitored_tasks import TaskInfo
|
||||
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
|
||||
from authentik.sources.ldap.tasks import SYNC_CLASSES
|
||||
|
@ -24,6 +26,15 @@ from authentik.sources.ldap.tasks import SYNC_CLASSES
|
|||
class LDAPSourceSerializer(SourceSerializer):
|
||||
"""LDAP Source Serializer"""
|
||||
|
||||
client_certificate = PrimaryKeyRelatedField(
|
||||
allow_null=True,
|
||||
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||
queryset=CertificateKeyPair.objects.exclude(
|
||||
key_data__exact="",
|
||||
),
|
||||
required=False,
|
||||
)
|
||||
|
||||
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||
"""Check that only a single source has password_sync on"""
|
||||
sync_users_password = attrs.get("sync_users_password", True)
|
||||
|
@ -42,9 +53,11 @@ class LDAPSourceSerializer(SourceSerializer):
|
|||
fields = SourceSerializer.Meta.fields + [
|
||||
"server_uri",
|
||||
"peer_certificate",
|
||||
"client_certificate",
|
||||
"bind_cn",
|
||||
"bind_password",
|
||||
"start_tls",
|
||||
"sni",
|
||||
"base_dn",
|
||||
"additional_user_dn",
|
||||
"additional_group_dn",
|
||||
|
@ -75,7 +88,9 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
|
|||
"server_uri",
|
||||
"bind_cn",
|
||||
"peer_certificate",
|
||||
"client_certificate",
|
||||
"start_tls",
|
||||
"sni",
|
||||
"base_dn",
|
||||
"additional_user_dn",
|
||||
"additional_group_dn",
|
||||
|
|
|
@ -57,13 +57,13 @@ class LDAPBackend(InbuiltBackend):
|
|||
# Try to bind as new user
|
||||
LOGGER.debug("Attempting to bind as user", user=user)
|
||||
try:
|
||||
temp_connection = source.connection(
|
||||
# source.connection also attempts to bind
|
||||
source.connection(
|
||||
connection_kwargs={
|
||||
"user": user.attributes.get(LDAP_DISTINGUISHED_NAME),
|
||||
"password": password,
|
||||
}
|
||||
)
|
||||
temp_connection.bind()
|
||||
return user
|
||||
except LDAPInvalidCredentialsResult as exc:
|
||||
LOGGER.debug("invalid LDAP credentials", user=user, exc=exc)
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
# Generated by Django 4.1.7 on 2023-06-06 18:33
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("authentik_crypto", "0004_alter_certificatekeypair_name"),
|
||||
("authentik_sources_ldap", "0002_auto_20211203_0900"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="ldapsource",
|
||||
name="client_certificate",
|
||||
field=models.ForeignKey(
|
||||
default=None,
|
||||
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||
related_name="ldap_client_certificates",
|
||||
to="authentik_crypto.certificatekeypair",
|
||||
),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="ldapsource",
|
||||
name="sni",
|
||||
field=models.BooleanField(
|
||||
default=False, verbose_name="Use Server URI for SNI verification"
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="ldapsource",
|
||||
name="peer_certificate",
|
||||
field=models.ForeignKey(
|
||||
default=None,
|
||||
help_text="Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.",
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||
related_name="ldap_peer_certificates",
|
||||
to="authentik_crypto.certificatekeypair",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,11 +1,13 @@
|
|||
"""authentik LDAP Models"""
|
||||
from os import chmod
|
||||
from ssl import CERT_REQUIRED
|
||||
from tempfile import NamedTemporaryFile, mkdtemp
|
||||
from typing import Optional
|
||||
|
||||
from django.db import models
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls
|
||||
from ldap3.core.exceptions import LDAPSchemaError
|
||||
from ldap3.core.exceptions import LDAPInsufficientAccessRightsResult, LDAPSchemaError
|
||||
from rest_framework.serializers import Serializer
|
||||
|
||||
from authentik.core.models import Group, PropertyMapping, Source
|
||||
|
@ -39,14 +41,24 @@ class LDAPSource(Source):
|
|||
on_delete=models.SET_DEFAULT,
|
||||
default=None,
|
||||
null=True,
|
||||
related_name="ldap_peer_certificates",
|
||||
help_text=_(
|
||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||
),
|
||||
)
|
||||
client_certificate = models.ForeignKey(
|
||||
CertificateKeyPair,
|
||||
on_delete=models.SET_DEFAULT,
|
||||
default=None,
|
||||
null=True,
|
||||
related_name="ldap_client_certificates",
|
||||
help_text=_("Client certificate to authenticate against the LDAP Server's Certificate."),
|
||||
)
|
||||
|
||||
bind_cn = models.TextField(verbose_name=_("Bind CN"), blank=True)
|
||||
bind_password = models.TextField(blank=True)
|
||||
start_tls = models.BooleanField(default=False, verbose_name=_("Enable Start TLS"))
|
||||
sni = models.BooleanField(default=False, verbose_name=_("Use Server URI for SNI verification"))
|
||||
|
||||
base_dn = models.TextField(verbose_name=_("Base DN"))
|
||||
additional_user_dn = models.TextField(
|
||||
|
@ -112,8 +124,22 @@ class LDAPSource(Source):
|
|||
if self.peer_certificate:
|
||||
tls_kwargs["ca_certs_data"] = self.peer_certificate.certificate_data
|
||||
tls_kwargs["validate"] = CERT_REQUIRED
|
||||
if self.client_certificate:
|
||||
temp_dir = mkdtemp()
|
||||
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_cert:
|
||||
temp_cert.write(self.client_certificate.certificate_data)
|
||||
certificate_file = temp_cert.name
|
||||
chmod(certificate_file, 0o600)
|
||||
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_key:
|
||||
temp_key.write(self.client_certificate.key_data)
|
||||
private_key_file = temp_key.name
|
||||
chmod(private_key_file, 0o600)
|
||||
tls_kwargs["local_private_key_file"] = private_key_file
|
||||
tls_kwargs["local_certificate_file"] = certificate_file
|
||||
if ciphers := CONFIG.y("ldap.tls.ciphers", None):
|
||||
tls_kwargs["ciphers"] = ciphers.strip()
|
||||
if self.sni:
|
||||
tls_kwargs["sni"] = self.server_uri.split(",", maxsplit=1)[0].strip()
|
||||
server_kwargs = {
|
||||
"get_info": ALL,
|
||||
"connect_timeout": LDAP_TIMEOUT,
|
||||
|
@ -133,7 +159,9 @@ class LDAPSource(Source):
|
|||
"""Get a fully connected and bound LDAP Connection"""
|
||||
server_kwargs = server_kwargs or {}
|
||||
connection_kwargs = connection_kwargs or {}
|
||||
if self.bind_cn is not None:
|
||||
connection_kwargs.setdefault("user", self.bind_cn)
|
||||
if self.bind_password is not None:
|
||||
connection_kwargs.setdefault("password", self.bind_password)
|
||||
connection = Connection(
|
||||
self.server(**server_kwargs),
|
||||
|
@ -145,15 +173,18 @@ class LDAPSource(Source):
|
|||
if self.start_tls:
|
||||
connection.start_tls(read_server_info=False)
|
||||
try:
|
||||
connection.bind()
|
||||
except LDAPSchemaError as exc:
|
||||
successful = connection.bind()
|
||||
if successful:
|
||||
return connection
|
||||
except (LDAPSchemaError, LDAPInsufficientAccessRightsResult) as exc:
|
||||
# Schema error, so try connecting without schema info
|
||||
# See https://github.com/goauthentik/authentik/issues/4590
|
||||
# See also https://github.com/goauthentik/authentik/issues/3399
|
||||
if server_kwargs.get("get_info", ALL) == NONE:
|
||||
raise exc
|
||||
server_kwargs["get_info"] = NONE
|
||||
return self.connection(server_kwargs, connection_kwargs)
|
||||
return connection
|
||||
return RuntimeError("Failed to bind")
|
||||
|
||||
class Meta:
|
||||
verbose_name = _("LDAP Source")
|
||||
|
|
|
@ -29,6 +29,37 @@ class LDAPSyncTests(TestCase):
|
|||
additional_group_dn="ou=groups",
|
||||
)
|
||||
|
||||
def test_auth_direct_user_ad(self):
|
||||
"""Test direct auth"""
|
||||
self.source.property_mappings.set(
|
||||
LDAPPropertyMapping.objects.filter(
|
||||
Q(managed__startswith="goauthentik.io/sources/ldap/default-")
|
||||
| Q(managed__startswith="goauthentik.io/sources/ldap/ms-")
|
||||
)
|
||||
)
|
||||
raw_conn = mock_ad_connection(LDAP_PASSWORD)
|
||||
bind_mock = Mock(wraps=raw_conn.bind)
|
||||
raw_conn.bind = bind_mock
|
||||
connection = MagicMock(return_value=raw_conn)
|
||||
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
|
||||
user_sync = UserLDAPSynchronizer(self.source)
|
||||
user_sync.sync()
|
||||
|
||||
user = User.objects.get(username="user0_sn")
|
||||
# auth_user_by_bind = Mock(return_value=user)
|
||||
backend = LDAPBackend()
|
||||
self.assertEqual(
|
||||
backend.authenticate(None, username="user0_sn", password=LDAP_PASSWORD),
|
||||
user,
|
||||
)
|
||||
connection.assert_called_with(
|
||||
connection_kwargs={
|
||||
"user": "cn=user0,ou=users,dc=goauthentik,dc=io",
|
||||
"password": LDAP_PASSWORD,
|
||||
}
|
||||
)
|
||||
bind_mock.assert_not_called()
|
||||
|
||||
def test_auth_synced_user_ad(self):
|
||||
"""Test Cached auth"""
|
||||
self.source.property_mappings.set(
|
||||
|
|
|
@ -0,0 +1,222 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "false"
|
||||
name: Example - Google Secure LDAP mappings
|
||||
entries:
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-uid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: uid"
|
||||
object_field: "username"
|
||||
expression: |
|
||||
return ldap.get('uid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-googleuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: googleUid"
|
||||
object_field: "attributes.googleUid"
|
||||
expression: |
|
||||
return ldap.get('googleUid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-posixuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: posixUid"
|
||||
object_field: "attributes.posixUid"
|
||||
expression: |
|
||||
return ldap.get('posixUid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-cn
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: cn"
|
||||
object_field: "name"
|
||||
expression: |
|
||||
return ldap.get('cn')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-sn
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: sn"
|
||||
object_field: "attributes.sn"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('sn'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-givenname
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: givenName"
|
||||
object_field: "attributes.givenName"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('givenName'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-displayname
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: displayName"
|
||||
object_field: "attributes.displayName"
|
||||
expression: |
|
||||
return ldap.get('displayName')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-mail
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: mail"
|
||||
object_field: "email"
|
||||
expression: |
|
||||
return ldap.get('mail')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-memberof
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: memberOf"
|
||||
object_field: "attributes.memberOf"
|
||||
expression: |
|
||||
return ldap.get('memberOf')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-title
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: title"
|
||||
object_field: "attributes.title"
|
||||
expression: |
|
||||
return ldap.get('title')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-employeenumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: employeeNumber"
|
||||
object_field: "attributes.employeeNumber"
|
||||
expression: |
|
||||
return ldap.get('employeeNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-employeetype
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: employeeType"
|
||||
object_field: "attributes.employeeType"
|
||||
expression: |
|
||||
return ldap.get('employeeType')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-departmentnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: departmentNumber"
|
||||
object_field: "attributes.departmentNumber"
|
||||
expression: |
|
||||
return ldap.get('departmentNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-physicaldeliveryofficename
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: physicalDeliveryOfficeName"
|
||||
object_field: "attributes.physicalDeliveryOfficeName"
|
||||
expression: |
|
||||
return ldap.get('physicalDeliveryOfficeName')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-jpegphoto
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: jpegPhoto"
|
||||
object_field: "attributes.jpegPhoto"
|
||||
expression: |
|
||||
return ldap.get('jpegPhoto')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-entryuuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: entryUuid"
|
||||
object_field: "attributes.entryUuid"
|
||||
expression: |
|
||||
return ldap.get('entryUuid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-objectsid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: objectSid"
|
||||
object_field: "attributes.objectSid"
|
||||
expression: |
|
||||
return ldap.get('objectSid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-uidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: uidNumber"
|
||||
object_field: "attributes.uidNumber"
|
||||
expression: |
|
||||
return ldap.get('uidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: gidNumber"
|
||||
object_field: "attributes.gidNumber"
|
||||
expression: |
|
||||
return ldap.get('gidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-homedirectory
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: homeDirectory"
|
||||
object_field: "attributes.homeDirectory"
|
||||
expression: |
|
||||
return ldap.get('homeDirectory')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-loginshell
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: loginShell"
|
||||
object_field: "attributes.loginShell"
|
||||
expression: |
|
||||
return ldap.get('loginShell')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: gidNumber"
|
||||
object_field: "attributes.gidNumber"
|
||||
expression: |
|
||||
return ldap.get('gidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-sshpublickey
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: sshPublicKey"
|
||||
object_field: "attributes.sshPublicKey"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('sshPublicKey'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-description
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: description"
|
||||
object_field: "attributes.description"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('description'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-member
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: member"
|
||||
object_field: "attributes.member"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('member'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-memberuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: memberUid"
|
||||
object_field: "attributes.memberUid"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('memberUid'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-googleadmincreated
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: googleAdminCreated"
|
||||
object_field: "attributes.googleAdminCreated"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('googleAdminCreated'))
|
|
@ -4732,6 +4732,11 @@
|
|||
"title": "Peer certificate",
|
||||
"description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||
},
|
||||
"client_certificate": {
|
||||
"type": "integer",
|
||||
"title": "Client certificate",
|
||||
"description": "Client certificate to authenticate against the LDAP Server's Certificate."
|
||||
},
|
||||
"bind_cn": {
|
||||
"type": "string",
|
||||
"title": "Bind CN"
|
||||
|
@ -4744,6 +4749,10 @@
|
|||
"type": "boolean",
|
||||
"title": "Enable Start TLS"
|
||||
},
|
||||
"sni": {
|
||||
"type": "boolean",
|
||||
"title": "Use Server URI for SNI verification"
|
||||
},
|
||||
"base_dn": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
|
|
4
go.mod
4
go.mod
|
@ -9,7 +9,7 @@ require (
|
|||
github.com/garyburd/redigo v1.6.4
|
||||
github.com/getsentry/sentry-go v0.21.0
|
||||
github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1
|
||||
github.com/go-ldap/ldap/v3 v3.4.4
|
||||
github.com/go-ldap/ldap/v3 v3.4.5
|
||||
github.com/go-openapi/runtime v0.26.0
|
||||
github.com/go-openapi/strfmt v0.21.7
|
||||
github.com/golang-jwt/jwt v3.2.2+incompatible
|
||||
|
@ -36,7 +36,7 @@ require (
|
|||
)
|
||||
|
||||
require (
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||
|
|
15
go.sum
15
go.sum
|
@ -1,13 +1,15 @@
|
|||
beryju.io/ldap v0.1.0 h1:rPjGE3qR1Klbvn9N+iECWdzt/tK87XHgz8W5wZJg9B8=
|
||||
beryju.io/ldap v0.1.0/go.mod h1:sOrYV+ZlDTDu/IvIiEiuAaXzjcpMBE+XXr4V+NJ0pWI=
|
||||
cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb h1:w9IDEB7P1VzNcBpOG7kMpFkZp2DkyJIUt0gDx5MBhRU=
|
||||
github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb/go.mod h1:9XMFaCeRyW7fC9XJOWQ+NdAv8VLG7ys7l3x4ozEGLUQ=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
|
||||
github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
|
||||
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
|
@ -37,8 +39,8 @@ github.com/go-http-utils/fresh v0.0.0-20161124030543-7231e26a4b27 h1:O6yi4xa9b2D
|
|||
github.com/go-http-utils/fresh v0.0.0-20161124030543-7231e26a4b27/go.mod h1:AYvN8omj7nKLmbcXS2dyABYU6JB1Lz1bHmkkq1kf4I4=
|
||||
github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a h1:v6zMvHuY9yue4+QkG/HQ/W67wvtQmWJ4SDo9aK/GIno=
|
||||
github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a/go.mod h1:I79BieaU4fxrw4LMXby6q5OS9XnoR9UIKLOzDFjUmuw=
|
||||
github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs=
|
||||
github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI=
|
||||
github.com/go-ldap/ldap/v3 v3.4.5 h1:ekEKmaDrpvR2yf5Nc/DClsGG9lAmdDixe44mLzlW5r8=
|
||||
github.com/go-ldap/ldap/v3 v3.4.5/go.mod h1:bMGIq3AGbytbaMwf8wdv5Phdxz0FWHTIYMSzyrYgnQs=
|
||||
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
|
||||
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
|
@ -216,7 +218,6 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
|
|||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
|
@ -265,6 +266,7 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
|
|||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
|
||||
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
|
||||
|
@ -294,11 +296,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
|
@ -307,6 +311,7 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
|||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2023-05-21 21:59+0000\n"
|
||||
"POT-Creation-Date: 2023-06-12 12:11+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -31,16 +31,16 @@ msgstr ""
|
|||
msgid "Validation Error"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:43
|
||||
#: authentik/blueprints/api.py:44
|
||||
msgid "Blueprint file does not exist"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:54
|
||||
#: authentik/blueprints/api.py:55
|
||||
#, python-format
|
||||
msgid "Failed to validate blueprint: %(logs)s"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:59
|
||||
#: authentik/blueprints/api.py:60
|
||||
msgid "Either path or content must be set."
|
||||
msgstr ""
|
||||
|
||||
|
@ -69,24 +69,24 @@ msgstr ""
|
|||
msgid "authentik Export - %(date)s"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/v1/tasks.py:149 authentik/crypto/tasks.py:93
|
||||
#: authentik/blueprints/v1/tasks.py:150 authentik/crypto/tasks.py:93
|
||||
#, python-format
|
||||
msgid "Successfully imported %(count)d files."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/providers.py:113
|
||||
#: authentik/core/api/providers.py:120
|
||||
msgid "SAML Provider from Metadata"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/providers.py:114
|
||||
#: authentik/core/api/providers.py:121
|
||||
msgid "Create a SAML Provider by importing its Metadata."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/users.py:118
|
||||
#: authentik/core/api/users.py:143
|
||||
msgid "No leading or trailing slashes allowed."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/users.py:121
|
||||
#: authentik/core/api/users.py:146
|
||||
msgid "No empty segments in user path allowed."
|
||||
msgstr ""
|
||||
|
||||
|
@ -1365,7 +1365,7 @@ msgstr ""
|
|||
msgid "Authentication token"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:82
|
||||
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:94
|
||||
msgid "Property mappings used for group creation/updating."
|
||||
msgstr ""
|
||||
|
||||
|
@ -1426,79 +1426,88 @@ msgstr ""
|
|||
msgid "Used recovery-link to authenticate."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:35
|
||||
#: authentik/sources/ldap/models.py:37
|
||||
msgid "Server URI"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:43
|
||||
#: authentik/sources/ldap/models.py:46
|
||||
msgid ""
|
||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this "
|
||||
"keypair."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:47
|
||||
msgid "Bind CN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:49
|
||||
msgid "Enable Start TLS"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:51
|
||||
msgid "Base DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:53
|
||||
msgid "Prepended to Base DN for User-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:54
|
||||
msgid "Addition User DN"
|
||||
#: authentik/sources/ldap/models.py:55
|
||||
msgid ""
|
||||
"Client certificate to authenticate against the LDAP Server's Certificate."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:58
|
||||
msgid "Prepended to Base DN for Group-queries."
|
||||
msgid "Bind CN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:59
|
||||
msgid "Addition Group DN"
|
||||
#: authentik/sources/ldap/models.py:60
|
||||
msgid "Enable Start TLS"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:61
|
||||
msgid "Use Server URI for SNI verification"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:63
|
||||
msgid "Base DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:65
|
||||
msgid "Prepended to Base DN for User-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:66
|
||||
msgid "Addition User DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:70
|
||||
msgid "Prepended to Base DN for Group-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:71
|
||||
msgid "Addition Group DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:77
|
||||
msgid "Consider Objects matching this filter to be Users."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:68
|
||||
#: authentik/sources/ldap/models.py:80
|
||||
msgid "Field which contains members of a group."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:72
|
||||
#: authentik/sources/ldap/models.py:84
|
||||
msgid "Consider Objects matching this filter to be Groups."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:75
|
||||
#: authentik/sources/ldap/models.py:87
|
||||
msgid "Field which contains a unique Identifier."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:89
|
||||
#: authentik/sources/ldap/models.py:101
|
||||
msgid ""
|
||||
"When a user changes their password, sync it back to LDAP. This can only be "
|
||||
"enabled on a single LDAP source."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:159
|
||||
#: authentik/sources/ldap/models.py:188
|
||||
msgid "LDAP Source"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:160
|
||||
#: authentik/sources/ldap/models.py:189
|
||||
msgid "LDAP Sources"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:182
|
||||
#: authentik/sources/ldap/models.py:211
|
||||
msgid "LDAP Property Mapping"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:183
|
||||
#: authentik/sources/ldap/models.py:212
|
||||
msgid "LDAP Property Mappings"
|
||||
msgstr ""
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
36
schema.yml
36
schema.yml
|
@ -17096,6 +17096,11 @@ paths:
|
|||
name: bind_cn
|
||||
schema:
|
||||
type: string
|
||||
- in: query
|
||||
name: client_certificate
|
||||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
- in: query
|
||||
name: enabled
|
||||
schema:
|
||||
|
@ -17171,6 +17176,10 @@ paths:
|
|||
name: slug
|
||||
schema:
|
||||
type: string
|
||||
- in: query
|
||||
name: sni
|
||||
schema:
|
||||
type: boolean
|
||||
- in: query
|
||||
name: start_tls
|
||||
schema:
|
||||
|
@ -30950,11 +30959,20 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
additional_user_dn:
|
||||
|
@ -31064,6 +31082,12 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
bind_password:
|
||||
|
@ -31072,6 +31096,9 @@ components:
|
|||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
@ -36356,6 +36383,12 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
bind_password:
|
||||
|
@ -36364,6 +36397,9 @@ components:
|
|||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -32,9 +32,9 @@
|
|||
"@codemirror/lang-xml": "^6.0.2",
|
||||
"@codemirror/legacy-modes": "^6.3.2",
|
||||
"@codemirror/theme-one-dark": "^6.1.2",
|
||||
"@formatjs/intl-listformat": "^7.3.0",
|
||||
"@formatjs/intl-listformat": "^7.4.0",
|
||||
"@fortawesome/fontawesome-free": "^6.4.0",
|
||||
"@goauthentik/api": "^2023.5.3-1685646044",
|
||||
"@goauthentik/api": "^2023.5.3-1686577333",
|
||||
"@lit/localize": "^0.11.4",
|
||||
"@patternfly/patternfly": "^4.224.2",
|
||||
"@sentry/browser": "^7.54.0",
|
||||
|
@ -45,30 +45,30 @@
|
|||
"chartjs-adapter-moment": "^1.0.1",
|
||||
"codemirror": "^6.0.1",
|
||||
"construct-style-sheets-polyfill": "^3.1.0",
|
||||
"core-js": "^3.30.2",
|
||||
"core-js": "^3.31.0",
|
||||
"country-flag-icons": "^1.5.7",
|
||||
"fuse.js": "^6.6.2",
|
||||
"lit": "^2.7.5",
|
||||
"mermaid": "^10.2.2",
|
||||
"mermaid": "^10.2.3",
|
||||
"rapidoc": "^9.3.4",
|
||||
"webcomponent-qr-code": "^1.1.1",
|
||||
"yaml": "^2.3.1",
|
||||
"zxcvbn": "^4.4.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@babel/core": "^7.22.1",
|
||||
"@babel/core": "^7.22.5",
|
||||
"@babel/plugin-proposal-class-properties": "^7.18.6",
|
||||
"@babel/plugin-proposal-decorators": "^7.22.3",
|
||||
"@babel/plugin-proposal-decorators": "^7.22.5",
|
||||
"@babel/plugin-proposal-private-methods": "^7.18.6",
|
||||
"@babel/plugin-transform-runtime": "^7.22.4",
|
||||
"@babel/preset-env": "^7.22.4",
|
||||
"@babel/preset-typescript": "^7.21.5",
|
||||
"@babel/plugin-transform-runtime": "^7.22.5",
|
||||
"@babel/preset-env": "^7.22.5",
|
||||
"@babel/preset-typescript": "^7.22.5",
|
||||
"@hcaptcha/types": "^1.0.3",
|
||||
"@jackfranklin/rollup-plugin-markdown": "^0.4.0",
|
||||
"@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
|
||||
"@lit/localize-tools": "^0.6.9",
|
||||
"@rollup/plugin-babel": "^6.0.3",
|
||||
"@rollup/plugin-commonjs": "^25.0.0",
|
||||
"@rollup/plugin-commonjs": "^25.0.1",
|
||||
"@rollup/plugin-node-resolve": "^15.0.2",
|
||||
"@rollup/plugin-replace": "^5.0.2",
|
||||
"@rollup/plugin-typescript": "^11.1.1",
|
||||
|
|
|
@ -184,6 +184,26 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
|||
${msg("To use SSL instead, use 'ldaps://' and disable this option.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="sni">
|
||||
<label class="pf-c-switch">
|
||||
<input
|
||||
class="pf-c-switch__input"
|
||||
type="checkbox"
|
||||
?checked=${first(this.instance?.sni, false)}
|
||||
/>
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label"
|
||||
>${msg("Use Server URI for SNI verification")}</span
|
||||
>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Required for servers using TLS 1.3+")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("TLS Verification Certificate")}
|
||||
name="peerCertificate"
|
||||
|
@ -222,6 +242,45 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
|||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("TLS Client authentication certificate")}
|
||||
name="clientCertificate"
|
||||
>
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (
|
||||
query?: string,
|
||||
): Promise<CertificateKeyPair[]> => {
|
||||
const args: CryptoCertificatekeypairsListRequest = {
|
||||
ordering: "name",
|
||||
hasKey: true,
|
||||
includeDetails: false,
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const certificates = await new CryptoApi(
|
||||
DEFAULT_CONFIG,
|
||||
).cryptoCertificatekeypairsList(args);
|
||||
return certificates.results;
|
||||
}}
|
||||
.renderElement=${(item: CertificateKeyPair): string => {
|
||||
return item.name;
|
||||
}}
|
||||
.value=${(item: CertificateKeyPair | undefined): string | undefined => {
|
||||
return item?.pk;
|
||||
}}
|
||||
.selected=${(item: CertificateKeyPair): boolean => {
|
||||
return item.pk === this.instance?.clientCertificate;
|
||||
}}
|
||||
?blankable=${true}
|
||||
>
|
||||
</ak-search-select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Client certificate keypair to authenticate against the LDAP Server's Certificate.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${msg("Bind CN")} name="bindCn">
|
||||
<input
|
||||
type="text"
|
||||
|
|
|
@ -748,13 +748,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Zertifikat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Wenn sich mehrere Anbieter einen Außenposten teilen, wird ein selbstsigniertes Zertifikat verwendet.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID-Startnummer</target>
|
||||
|
@ -5722,6 +5715,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Aktivieren</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -777,14 +777,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificate</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
<target>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>If multiple providers share an outpost, a self-signed certificate is used.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID start number</target>
|
||||
|
@ -6039,6 +6031,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activate</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -733,13 +733,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificado</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Si varios proveedores comparten un puesto avanzado, se utiliza un certificado autofirmado.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Número inicial de UID</target>
|
||||
|
@ -5630,6 +5623,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activar</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -749,13 +749,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Si plusieurs fournisseurs partagent un avant-poste, un certificat auto-signé est utilisé.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Numéro de départ d'UID</target>
|
||||
|
@ -5737,6 +5730,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activer</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -752,13 +752,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certyfikat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Jeśli wielu dostawców współdzieli placówkę, używany jest certyfikat z podpisem własnym.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Numer początkowy UID</target>
|
||||
|
@ -5869,6 +5862,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Aktywuj</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -761,14 +761,6 @@
|
|||
<trans-unit id="sb157267c85fdff30">
|
||||
<source>Certificate</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
|
@ -5973,6 +5965,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s27976e94b05c6970">
|
||||
<source>Activate</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -733,13 +733,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Sertifika</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Birden çok sağlayıcı bir üssü paylaşıyorsa, otomatik olarak imzalanan bir sertifika kullanılır.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID başlangıç numarası</target>
|
||||
|
@ -5620,6 +5613,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Etkinleştir</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -965,16 +965,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
<target>由于协议限制,只在前哨有单个提供程序,或所有提供程序都使用相同证书时才使用此证书。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供程序共享同一个前哨,则使用自签名证书。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
|
@ -7547,6 +7537,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<target>激活</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -740,13 +740,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID 起始编号</target>
|
||||
|
@ -5675,6 +5668,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>启用</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -740,13 +740,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID 起始编号</target>
|
||||
|
@ -5674,6 +5667,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>启用</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -4,7 +4,7 @@ title: DokuWiki
|
|||
|
||||
<span class="badge badge--secondary">Support level: Community</span>
|
||||
|
||||
## What is Service Name
|
||||
## What is DokuWiki
|
||||
|
||||
From https://en.wikipedia.org/wiki/DokuWiki
|
||||
|
||||
|
|
|
@ -65,12 +65,12 @@ Review each setting and choose the ones that you require for your installation.
|
|||
|
||||
### Step 3 - authentik
|
||||
|
||||
In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
||||
In authentik, create an application which uses this provider and directly launches Wordpress' backend login-screen. Optionally apply access restrictions to the application using policy bindings.
|
||||
|
||||
- Name: Wordpress
|
||||
- Slug: wordpress
|
||||
- Provider: wordpress
|
||||
- Launch URL: https://wp.company
|
||||
- Launch URL: https://wp.company/wp-login.php
|
||||
|
||||
## Notes
|
||||
|
||||
|
|
Reference in New Issue