Adding missing lookup fields for LDAP configuration in UI (#1698)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Author: Alevsk

models/idp_configuration.go

@@ -151,9 +151,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.Idp.ActiveDirectory != nil {
 			tenantExternalIDPConfigured = true
 			serverAddress := *tenantReq.Idp.ActiveDirectory.URL
-			userNameFormat := tenantReq.Idp.ActiveDirectory.UsernameFormat
-			userNameSearchFilter := tenantReq.Idp.ActiveDirectory.UsernameSearchFilter
-			groupNameAttribute := tenantReq.Idp.ActiveDirectory.GroupNameAttribute
 			tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification
 			serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
 			lookupBindDN := tenantReq.Idp.ActiveDirectory.LookupBindDn
@@ -176,10 +173,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 				tenantConfigurationENV["MINIO_IDENTITY_LDAP_SERVER_STARTTLS"] = "on"
 			}
 
-			// LDAP Username
-			tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_FORMAT"] = userNameFormat
-			tenantConfigurationENV["MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER"] = userNameSearchFilter
-
 			// LDAP Lookup
 			tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN"] = lookupBindDN
 			tenantConfigurationENV["MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD"] = lookupBindPassword
@@ -189,7 +182,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 			tenantConfigurationENV["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER"] = userDNSearchFilter
 
 			// LDAP Group
-			tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE"] = groupNameAttribute
 			tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"] = groupSearchBaseDN
 			tenantConfigurationENV["MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"] = groupSearchFilter
 

operatorapi/embedded_spec.go

@@ -404,75 +404,80 @@ export const fieldsConfigurations: any = {
       label: "Server Addr",
       tooltip: 'AD/LDAP server address e.g. "myldapserver.com:636"',
       type: "string",
-      placeholder: "Enter Server Address",
+      placeholder: "myldapserver.com:636",
     },
     {
-      name: "username_format",
-      required: true,
-      label: "Username Format",
+      name: "tls_skip_verify",
+      required: false,
+      label: "TLS Skip Verify",
       tooltip:
-        'List of username bind DNs e.g. "uid=%s","cn=accounts","dc=myldapserver" or "dc=com", you can write one per field',
-      type: "csv",
-      placeholder: "Enter Username Format",
+        'Trust server TLS without verification, defaults to "off" (verify)',
+      type: "on|off",
     },
     {
-      name: "username_search_filter",
-      required: true,
-      label: "Username Search Filter",
+      name: "server_insecure",
+      required: false,
+      label: "Server Insecure",
       tooltip:
-        'User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"',
-      type: "string",
-      placeholder: "Enter Username Search Filter",
+        'Allow plain text connection to AD/LDAP server, defaults to "off"',
+      type: "on|off",
     },
     {
-      name: "group_search_filter",
+      name: "server_starttls",
+      required: false,
+      label: "Start TLS connection to AD/LDAP server",
+      tooltip: "Use StartTLS connection to AD/LDAP server",
+      type: "on|off",
+    },
+    {
+      name: "lookup_bind_dn",
       required: true,
-      label: "Group Search Filter",
+      label: "Lookup Bind DN",
       tooltip:
-        'Search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"',
+        "DN for LDAP read-only service account used to perform DN and group lookups",
       type: "string",
-      placeholder: "Enter Group Search Filter",
+      placeholder: "cn=admin,dc=min,dc=io",
     },
     {
-      name: "username_search_base_dn",
+      name: "lookup_bind_password",
       required: false,
-      label: "Username Search Base DN",
-      tooltip: "List of username search DNs, you can write one per field",
-      type: "csv",
-      placeholder: "Enter Username Search Base DN",
+      label: "Lookup Bind Password",
+      tooltip:
+        "Password for LDAP read-only service account used to perform DN and group lookups",
+      type: "string",
+      placeholder: "admin",
     },
     {
-      name: "group_name_attribute",
+      name: "user_dn_search_base_dn",
       required: false,
-      label: "Group Name Attribute",
-      tooltip: 'Search attribute for group name e.g. "cn"',
-      type: "string",
-      placeholder: "Enter Group Name Attribute",
+      label: "User DN Search Base DN",
+      tooltip: "Base LDAP DN to search for user DN",
+      type: "csv",
+      placeholder: "dc=myldapserver",
     },
     {
-      name: "sts_expiry",
+      name: "user_dn_search_filter",
       required: false,
-      label: "STS Expiry",
-      tooltip:
-        'temporary credentials validity duration in s,m,h,d. Default is "1h"',
+      label: "User DN Search Filter",
+      tooltip: "Search filter to lookup user DN",
       type: "string",
-      placeholder: "Enter STS Expiry",
+      placeholder: "(sAMAcountName=%s)",
     },
     {
-      name: "tls_skip_verify",
+      name: "group_search_filter",
       required: false,
-      label: "TLS Skip Verify",
-      tooltip:
-        'Trust server TLS without verification, defaults to "off" (verify)',
-      type: "on|off",
+      label: "Group Search Filter",
+      tooltip: "Search filter for groups",
+      type: "string",
+      placeholder: "(&(objectclass=groupOfNames)(member=%d))",
     },
     {
-      name: "server_insecure",
+      name: "group_search_base_dn",
       required: false,
-      label: "Server Insecure",
-      tooltip:
-        'Allow plain text connection to AD/LDAP server, defaults to "off"',
-      type: "on|off",
+      label: "Group Search Base DN",
+      tooltip: "list of group search base DNs",
+      type: "csv",
+      placeholder: "dc=minioad,dc=local",
     },
     {
       name: "comment",

operatorapi/operator_tenant_add.go

@@ -118,13 +118,9 @@ const AddTenant = ({
     const ADURL = fields.identityProvider.ADURL;
     const ADSkipTLS = fields.identityProvider.ADSkipTLS;
     const ADServerInsecure = fields.identityProvider.ADServerInsecure;
-    const ADUserNameSearchFilter =
-      fields.identityProvider.ADUserNameSearchFilter;
     const ADGroupSearchBaseDN = fields.identityProvider.ADGroupSearchBaseDN;
     const ADGroupSearchFilter = fields.identityProvider.ADGroupSearchFilter;
-    const ADGroupNameAttribute = fields.identityProvider.ADGroupNameAttribute;
     const ADUserDNs = fields.identityProvider.ADUserDNs;
-    const ADUserNameFormat = fields.identityProvider.ADUserNameFormat;
     const ADLookupBindDN = fields.identityProvider.ADLookupBindDN;
     const ADLookupBindPassword = fields.identityProvider.ADLookupBindPassword;
     const ADUserDNSearchBaseDN = fields.identityProvider.ADUserDNSearchBaseDN;
@@ -600,11 +596,8 @@ const AddTenant = ({
               url: ADURL,
               skip_tls_verification: ADSkipTLS,
               server_insecure: ADServerInsecure,
-              username_format: ADUserNameFormat,
-              username_search_filter: ADUserNameSearchFilter,
               group_search_base_dn: ADGroupSearchBaseDN,
               group_search_filter: ADGroupSearchFilter,
-              group_name_attribute: ADGroupNameAttribute,
               user_dns: ADUserDNs,
               lookup_bind_dn: ADLookupBindDN,
               lookup_bind_password: ADLookupBindPassword,