Update users navigation section
- Changed the section name to be access-control
- Moved LDAP Settings and Certificate Management to access-control navigation
- Changed Manage User Account subsection name to Local User Management
Resolves: openbmc/phosphor-webui#619
Signed-off-by: Mira Murali <miramurali23@gmail.com>
Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I0d94c80c295b997d94c04330fd87f4fc4d229bf8
diff --git a/app/access-control/controllers/ldap-controller.js b/app/access-control/controllers/ldap-controller.js
new file mode 100644
index 0000000..cfdab50
--- /dev/null
+++ b/app/access-control/controllers/ldap-controller.js
@@ -0,0 +1,224 @@
+/**
+ * Controller for LDAP
+ *
+ * @module app/access-control
+ * @exports ldapController
+ * @name ldapController
+ */
+
+window.angular && (function(angular) {
+ 'use strict';
+
+ angular.module('app.accessControl').controller('ldapController', [
+ '$scope', 'APIUtils', '$q', 'toastService',
+ function($scope, APIUtils, $q, toastService) {
+ $scope.loading = false;
+ $scope.isSecure = false;
+ $scope.ldapProperties = {};
+ $scope.originalProperties = {};
+ $scope.submitted = false;
+ $scope.roleGroups = [];
+ $scope.roleGroupType = '';
+ $scope.clientCertificateExpires = '';
+
+ $scope.$on('$viewContentLoaded', function() {
+ $scope.loadLdap();
+ });
+
+ $scope.loadLdap = function() {
+ $scope.loading = true;
+ $scope.submitted = false;
+ var getLdapProperties =
+ APIUtils.getAllUserAccountProperties()
+ .then(function(data) {
+ $scope.ldapProperties = {
+ 'ServiceEnabled': data.LDAP.ServiceEnabled ?
+ data.LDAP.ServiceEnabled :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.ServiceEnabled :
+ false,
+ 'LDAPServiceEnabled': data.LDAP.ServiceEnabled,
+ 'ADServiceEnabled': data.ActiveDirectory.ServiceEnabled,
+ 'EnabledServiceType': data.LDAP.ServiceEnabled ?
+ 'ldap' :
+ data.ActiveDirectory.ServiceEnabled ? 'ad' : '',
+ 'ServiceAddresses': data.LDAP.ServiceEnabled ?
+ data.LDAP.ServiceAddresses :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.ServiceAddresses :
+ [],
+ 'useSSL': $scope.isSSL(
+ data.LDAP.ServiceEnabled ?
+ data.LDAP.ServiceAddresses[0] :
+ data.ActiveDirectory.ServiceAddresses[0]),
+ 'Username': data.LDAP.ServiceEnabled ?
+ data.LDAP.Authentication.Username :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.Authentication.Username :
+ '',
+ 'BaseDistinguishedNames': data.LDAP.ServiceEnabled ?
+ data.LDAP.LDAPService.SearchSettings
+ .BaseDistinguishedNames :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.LDAPService.SearchSettings
+ .BaseDistinguishedNames :
+ [],
+ 'GroupsAttribute': data.LDAP.ServiceEnabled ?
+ data.LDAP.LDAPService.SearchSettings.GroupsAttribute :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.LDAPService.SearchSettings
+ .GroupsAttribute :
+ '',
+ 'UsernameAttribute': data.LDAP.ServiceEnabled ?
+ data.LDAP.LDAPService.SearchSettings.UsernameAttribute :
+ data.ActiveDirectory.ServiceEnabled ?
+ data.ActiveDirectory.LDAPService.SearchSettings
+ .UsernameAttribute :
+ '',
+ 'AuthenticationType': data.LDAP.ServiceEnabled ?
+ data.LDAP.Authentication.AuthenticationType :
+ data.ActiveDirectory.Authentication.AuthenticationType,
+ };
+
+ $scope.roleGroupType =
+ $scope.ldapProperties.EnabledServiceType;
+
+ if ($scope.ldapProperties.ServiceEnabled) {
+ if ($scope.ldapProperties.LDAPServiceEnabled) {
+ $scope.roleGroups = data.LDAP.RemoteRoleMapping;
+ } else if ($scope.ldapProperties.ADServiceEnabled) {
+ $scope.roleGroups =
+ data.ActiveDirectory.RemoteRoleMapping;
+ }
+ }
+ })
+ .catch(function(error) {
+ console.log(JSON.stringify(error));
+ });
+ var getClientCertificate =
+ APIUtils
+ .getCertificate('/redfish/v1/AccountService/LDAP/Certificates')
+ .then(function(data) {
+ if (data.Members) {
+ var certificate = data.Members[0];
+ APIUtils.getCertificate(certificate['@odata.id'])
+ .then(
+ function(data) {
+ $scope.clientCertificateExpires =
+ data.ValidNotAfter;
+ },
+ function(error) {
+ console.log(JSON.stringify(error));
+ })
+ }
+ })
+ .catch(function(error) {
+ console.log(JSON.stringify(error));
+ });
+
+ var promises = [getLdapProperties, getClientCertificate];
+ $q.all(promises).finally(function() {
+ $scope.loading = false;
+ });
+ };
+
+ $scope.saveLdapSettings = function() {
+ for (var i in $scope.ldapProperties.ServiceAddresses) {
+ if ($scope.ldapProperties.useSSL !==
+ $scope.isSSL($scope.ldapProperties.ServiceAddresses[i])) {
+ toastService.error(
+ 'Server URI ' + $scope.ldapProperties.ServiceAddresses[i] +
+ ' must begin with ' +
+ ($scope.ldapProperties.useSSL ? 'ldaps:// ' : 'ldap:// ') +
+ 'when SSL is ' +
+ ($scope.ldapProperties.useSSL ? 'configured. ' :
+ 'not configured.'));
+ }
+ }
+
+ // Default LDAP and AD Attributes
+ let LDAP = {};
+
+ let ActiveDirectory = {};
+
+ // Data to pass to request
+ let data = {};
+ data.LDAP = LDAP;
+ data.ActiveDirectory = ActiveDirectory;
+
+ // Values to update the service type object
+ let Authentication = {};
+ Authentication.Username = $scope.ldapProperties.Username;
+ Authentication.Password = $scope.ldapProperties.Password;
+ Authentication.AuthenticationType =
+ $scope.ldapProperties.AuthenticationType;
+
+ let LDAPService = {};
+ LDAPService.SearchSettings = {};
+ LDAPService.SearchSettings.BaseDistinguishedNames =
+ $scope.ldapProperties.BaseDistinguishedNames;
+ LDAPService.SearchSettings.GroupsAttribute =
+ $scope.ldapProperties.GroupsAttribute;
+ LDAPService.SearchSettings.UsernameAttribute =
+ $scope.ldapProperties.UsernameAttribute;
+
+ let ServiceAddresses = $scope.ldapProperties.ServiceAddresses;
+ if ($scope.ldapProperties.EnabledServiceType == 'ldap') {
+ ActiveDirectory.ServiceEnabled = false;
+ LDAP.ServiceEnabled = true;
+ LDAP.Authentication = Authentication;
+ LDAP.LDAPService = LDAPService;
+ LDAP.ServiceAddresses = ServiceAddresses;
+ } else if ($scope.ldapProperties.EnabledServiceType == 'ad') {
+ ActiveDirectory.ServiceEnabled = true;
+ LDAP.ServiceEnabled = false;
+ ActiveDirectory.Authentication = Authentication;
+ ActiveDirectory.LDAPService = LDAPService;
+ ActiveDirectory.ServiceAddresses = ServiceAddresses;
+ }
+
+ APIUtils.saveLdapProperties(data).then(
+ function(response) {
+ if (!response.data.hasOwnProperty('error')) {
+ toastService.success('Successfully updated LDAP settings.');
+ $scope.loadLdap();
+ } else {
+ toastService.error('Unable to update LDAP settings.');
+ console.log(JSON.stringify(response.data.error.message));
+ }
+ },
+ function(error) {
+ toastService.error('Unable to update LDAP settings.');
+ console.log(JSON.stringify(error));
+ });
+ };
+
+ $scope.isSSL = function(uri) {
+ return uri.startsWith('ldaps://');
+ };
+ $scope.updateServiceEnabled = function() {
+ if (!$scope.ldapProperties.ServiceEnabled) {
+ $scope.ldapProperties.EnabledServiceType = '';
+ let data = {};
+ let LDAP = {};
+ data.LDAP = LDAP;
+ LDAP.ServiceEnabled = false;
+ let ActiveDirectory = {};
+ data.ActiveDirectory = ActiveDirectory;
+ ActiveDirectory.ServiceEnabled = false;
+
+ APIUtils.saveLdapProperties(data).then(
+ function(response) {
+ toastService.success('Successfully disabled LDAP.');
+ $scope.roleGroups = [];
+ $scope.loadLdap();
+ },
+ function(error) {
+ toastService.error('Unable to disable LDAP.');
+ console.log(JSON.stringify(error));
+ });
+ }
+ }
+ }
+ ]);
+})(angular);