Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / afc8a799627b71bba716e207cee8185852a6d390 / . / app / access-control / controllers / ldap-controller.js
blob: cfdab5031a69e4d801f9a856a42666ff008f132f [file] [log] [blame]
beccabroek5e258e42018-11-07 12:22:31 -0600[diff] [blame]1/**
2 * Controller for LDAP
3 *
miramurali23afc8a792019-06-17 13:07:24 -0500[diff] [blame^]4 * @module app/access-control
beccabroek5e258e42018-11-07 12:22:31 -0600[diff] [blame]5 * @exports ldapController
6 * @name ldapController
7 */
8
9window.angular && (function(angular) {
10 'use strict';
11
miramurali23afc8a792019-06-17 13:07:24 -0500[diff] [blame^]12 angular.module('app.accessControl').controller('ldapController', [
beccabroek5e258e42018-11-07 12:22:31 -0600[diff] [blame]13 '$scope', 'APIUtils', '$q', 'toastService',
14 function($scope, APIUtils, $q, toastService) {
15 $scope.loading = false;
16 $scope.isSecure = false;
17 $scope.ldapProperties = {};
18 $scope.originalProperties = {};
19 $scope.submitted = false;
20 $scope.roleGroups = [];
21 $scope.roleGroupType = '';
22 $scope.clientCertificateExpires = '';
23
24 $scope.$on('$viewContentLoaded', function() {
25 $scope.loadLdap();
26 });
27
28 $scope.loadLdap = function() {
29 $scope.loading = true;
30 $scope.submitted = false;
31 var getLdapProperties =
32 APIUtils.getAllUserAccountProperties()
33 .then(function(data) {
34 $scope.ldapProperties = {
35 'ServiceEnabled': data.LDAP.ServiceEnabled ?
36 data.LDAP.ServiceEnabled :
37 data.ActiveDirectory.ServiceEnabled ?
38 data.ActiveDirectory.ServiceEnabled :
39 false,
40 'LDAPServiceEnabled': data.LDAP.ServiceEnabled,
41 'ADServiceEnabled': data.ActiveDirectory.ServiceEnabled,
42 'EnabledServiceType': data.LDAP.ServiceEnabled ?
43 'ldap' :
44 data.ActiveDirectory.ServiceEnabled ? 'ad' : '',
45 'ServiceAddresses': data.LDAP.ServiceEnabled ?
46 data.LDAP.ServiceAddresses :
47 data.ActiveDirectory.ServiceEnabled ?
48 data.ActiveDirectory.ServiceAddresses :
49 [],
50 'useSSL': $scope.isSSL(
51 data.LDAP.ServiceEnabled ?
52 data.LDAP.ServiceAddresses[0] :
53 data.ActiveDirectory.ServiceAddresses[0]),
54 'Username': data.LDAP.ServiceEnabled ?
55 data.LDAP.Authentication.Username :
56 data.ActiveDirectory.ServiceEnabled ?
57 data.ActiveDirectory.Authentication.Username :
58 '',
59 'BaseDistinguishedNames': data.LDAP.ServiceEnabled ?
60 data.LDAP.LDAPService.SearchSettings
61 .BaseDistinguishedNames :
62 data.ActiveDirectory.ServiceEnabled ?
63 data.ActiveDirectory.LDAPService.SearchSettings
64 .BaseDistinguishedNames :
65 [],
66 'GroupsAttribute': data.LDAP.ServiceEnabled ?
67 data.LDAP.LDAPService.SearchSettings.GroupsAttribute :
68 data.ActiveDirectory.ServiceEnabled ?
69 data.ActiveDirectory.LDAPService.SearchSettings
70 .GroupsAttribute :
71 '',
72 'UsernameAttribute': data.LDAP.ServiceEnabled ?
73 data.LDAP.LDAPService.SearchSettings.UsernameAttribute :
74 data.ActiveDirectory.ServiceEnabled ?
75 data.ActiveDirectory.LDAPService.SearchSettings
76 .UsernameAttribute :
77 '',
78 'AuthenticationType': data.LDAP.ServiceEnabled ?
79 data.LDAP.Authentication.AuthenticationType :
80 data.ActiveDirectory.Authentication.AuthenticationType,
81 };
82
83 $scope.roleGroupType =
84 $scope.ldapProperties.EnabledServiceType;
85
86 if ($scope.ldapProperties.ServiceEnabled) {
87 if ($scope.ldapProperties.LDAPServiceEnabled) {
88 $scope.roleGroups = data.LDAP.RemoteRoleMapping;
89 } else if ($scope.ldapProperties.ADServiceEnabled) {
90 $scope.roleGroups =
91 data.ActiveDirectory.RemoteRoleMapping;
92 }
93 }
94 })
95 .catch(function(error) {
96 console.log(JSON.stringify(error));
97 });
98 var getClientCertificate =
99 APIUtils
100 .getCertificate('/redfish/v1/AccountService/LDAP/Certificates')
101 .then(function(data) {
102 if (data.Members) {
103 var certificate = data.Members[0];
104 APIUtils.getCertificate(certificate['@odata.id'])
105 .then(
106 function(data) {
107 $scope.clientCertificateExpires =
108 data.ValidNotAfter;
109 },
110 function(error) {
111 console.log(JSON.stringify(error));
112 })
113 }
114 })
115 .catch(function(error) {
116 console.log(JSON.stringify(error));
117 });
118
119 var promises = [getLdapProperties, getClientCertificate];
120 $q.all(promises).finally(function() {
121 $scope.loading = false;
122 });
123 };
124
125 $scope.saveLdapSettings = function() {
126 for (var i in $scope.ldapProperties.ServiceAddresses) {
127 if ($scope.ldapProperties.useSSL !==
128 $scope.isSSL($scope.ldapProperties.ServiceAddresses[i])) {
129 toastService.error(
130 'Server URI ' + $scope.ldapProperties.ServiceAddresses[i] +
131 ' must begin with ' +
132 ($scope.ldapProperties.useSSL ? 'ldaps:// ' : 'ldap:// ') +
133 'when SSL is ' +
134 ($scope.ldapProperties.useSSL ? 'configured. ' :
135 'not configured.'));
136 }
137 }
138
139 // Default LDAP and AD Attributes
140 let LDAP = {};
141
142 let ActiveDirectory = {};
143
144 // Data to pass to request
145 let data = {};
146 data.LDAP = LDAP;
147 data.ActiveDirectory = ActiveDirectory;
148
149 // Values to update the service type object
150 let Authentication = {};
151 Authentication.Username = $scope.ldapProperties.Username;
152 Authentication.Password = $scope.ldapProperties.Password;
153 Authentication.AuthenticationType =
154 $scope.ldapProperties.AuthenticationType;
155
156 let LDAPService = {};
157 LDAPService.SearchSettings = {};
158 LDAPService.SearchSettings.BaseDistinguishedNames =
159 $scope.ldapProperties.BaseDistinguishedNames;
160 LDAPService.SearchSettings.GroupsAttribute =
161 $scope.ldapProperties.GroupsAttribute;
162 LDAPService.SearchSettings.UsernameAttribute =
163 $scope.ldapProperties.UsernameAttribute;
164
165 let ServiceAddresses = $scope.ldapProperties.ServiceAddresses;
166 if ($scope.ldapProperties.EnabledServiceType == 'ldap') {
167 ActiveDirectory.ServiceEnabled = false;
168 LDAP.ServiceEnabled = true;
169 LDAP.Authentication = Authentication;
170 LDAP.LDAPService = LDAPService;
171 LDAP.ServiceAddresses = ServiceAddresses;
172 } else if ($scope.ldapProperties.EnabledServiceType == 'ad') {
173 ActiveDirectory.ServiceEnabled = true;
174 LDAP.ServiceEnabled = false;
175 ActiveDirectory.Authentication = Authentication;
176 ActiveDirectory.LDAPService = LDAPService;
177 ActiveDirectory.ServiceAddresses = ServiceAddresses;
178 }
179
180 APIUtils.saveLdapProperties(data).then(
181 function(response) {
182 if (!response.data.hasOwnProperty('error')) {
183 toastService.success('Successfully updated LDAP settings.');
184 $scope.loadLdap();
185 } else {
186 toastService.error('Unable to update LDAP settings.');
187 console.log(JSON.stringify(response.data.error.message));
188 }
189 },
190 function(error) {
191 toastService.error('Unable to update LDAP settings.');
192 console.log(JSON.stringify(error));
193 });
194 };
195
196 $scope.isSSL = function(uri) {
197 return uri.startsWith('ldaps://');
198 };
199 $scope.updateServiceEnabled = function() {
200 if (!$scope.ldapProperties.ServiceEnabled) {
201 $scope.ldapProperties.EnabledServiceType = '';
202 let data = {};
203 let LDAP = {};
204 data.LDAP = LDAP;
205 LDAP.ServiceEnabled = false;
206 let ActiveDirectory = {};
207 data.ActiveDirectory = ActiveDirectory;
208 ActiveDirectory.ServiceEnabled = false;
209
210 APIUtils.saveLdapProperties(data).then(
211 function(response) {
212 toastService.success('Successfully disabled LDAP.');
213 $scope.roleGroups = [];
214 $scope.loadLdap();
215 },
216 function(error) {
217 toastService.error('Unable to disable LDAP.');
218 console.log(JSON.stringify(error));
219 });
220 }
221 }
222 }
223 ]);
224})(angular);