mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
548a47ae56
* [MM-63717] LDAP Wizard skeleton (#31029) * add ldap_wizard component to render its admin components * i18n * test adjustment * keys and props fixes * title fix * fix placeholders * fix value initialization * linting * remove all ...props (except custom component); any->unknown * fix i18n (temp, will be changed in later PR) * better return; simplify function checking/calling * [MM-64259] Sections sidebar and navigation (#31059) * initial sections list sidebar * sidebar highlighting and scroll on click * some tidying up * add custom section titles for section sidebar * i18n * updating border on sections * scss style lint * color -> border-color * simplify activeSectionKey initialization; remove trailing newline * add useSectionNavigation; clean up ldap_wizard and scss; PR comments * extract section of code into renderSidebar() --------- Co-authored-by: Asaad Mahmood <asaadmahmood@users.noreply.github.com> * [MM-64296] Add test connection for connection settings panel (#31190) * button -> ldap test connect api * fix console error by sanitizing value in text component * return detailed error as error; adjust button -> primary, flushLeft * middle of redesigning how we do hover text, first button * add hover text to bools and file uploads * i18n * add LdapSettings as api type; add new endpoint to api yaml * allow testing without first enabling LDAP and saving config * i18n id changes * improve TestLdapConnection to current standards * PR comments * safeDereference; cleaner returns * remove hover markdown; formatting and typing simplification * use button for "More Info"; i18n * finish renaming help_text_hover -> help_text_more_info * fix error output * only send bindpassword if it has been changed * fix: don't send blank bindPassword when it is still ***** * merge conflict * [MM-64480] Refactor Admin Definition (#31280) * move ldap definition to its own file for simplicity & context * refactor admin_definition to eliminate circular dependencies * merge conflicts * before: buggy userHasReadPermissinOnSomeResources; after: fix incorrect snapshot * merge conflict: new bindPasssword definition was left behind; fixed. * merge conflict * [MM-63765] LDAP Wizard: User filter expandable section (#31286) * add "more info" hover to user filter help texts; make wider * add expandable_setting type and component * use Dislosure show/hide pattern for accessibility * fix tooltip scss selectors * fix hover -> more_info; make sure translation files are correct * use join('\n\n') instead of the eslint disable line * Revert "use join('\n\n') instead of the eslint disable line" This reverts commit 274667e875b34703f14fee0706cd28b0125cefc9. * [MM-64482] LDAP Wizard - Test User filters (#31312) * initial cut at UI and backend for test filters * api definitions; mocks * clean up to current standards * [MM-64512] - Test user filters UI (#31355) * result_count -> total_count * json cannot marshal error, returning error as string as god intended * render errors with icon, hover text, and better feedback texts * gather the settings that may be in expandable sections * remove success, use error == "" to indicate success * [MM-64536] LDAP Wizard: Test user attributes (#31373) * LdapFilterTestResult -> LdapDiagnosticResult; FilterName -> TestName * implement test_attributes endpoint and limited frontend (first step) * adding EntriesWithValue * [MM-64550] LDAP Wizard: Test user attributes UI (#31374) * [MM-64551] LDAP Wizard: Test group attributes (#31375) * remove Test LDAP button (not needed); reused helptext for other btn * implement test_group_attributes endpoint; button/client-side paths * [MM-64552] LDAP Wizard: Test group attributes UI (#31376) * implement Test Group Attributes button * simplify helper functions (improves useCallback dependencies) * show the default filter that was used on the backend in the tooltip * show the icon when there's an error (e.g. required filter/attribute) * fix infinite rerendering * fix error after failed save; fix navigation unlocked after save * empty * Adjust message feedback given we don't test the schema anymore * improve css; don't use inline styles * removed unneccesary pointer indirection * improved i18n strings and logic * combining filters/attributes/group attributes endpoints improve types * improve help text for User Filter (it's tricky) * AvailableAttrs -> AvailableAttributes * fix for e2e tests (renamed title) * more e2e fixes * skip broken e2e test --------- Co-authored-by: Asaad Mahmood <asaadmahmood@users.noreply.github.com>
451 lines
13 KiB
YAML
451 lines
13 KiB
YAML
/api/v4/ldap/sync:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Sync with LDAP
|
|
description: >
|
|
Synchronize any user attribute changes in the configured AD/LDAP server
|
|
with Mattermost.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: SyncLdap
|
|
responses:
|
|
"200":
|
|
description: LDAP sync successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/test:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Test LDAP configuration
|
|
description: >
|
|
Test the current AD/LDAP configuration to see if the AD/LDAP server can
|
|
be contacted successfully.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: TestLdap
|
|
responses:
|
|
"200":
|
|
description: LDAP test successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/test_connection:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Test LDAP connection with specific settings
|
|
description: >
|
|
Test the LDAP connection using the provided settings without modifying
|
|
the current server configuration.
|
|
|
|
##### Permissions
|
|
|
|
Must have `sysconsole_read_authentication_ldap` or `manage_system` permission.
|
|
operationId: TestLdapConnection
|
|
requestBody:
|
|
description: LDAP settings to test
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/LdapSettings"
|
|
responses:
|
|
"200":
|
|
description: LDAP connection test successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/test_diagnostics:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Test LDAP diagnostics with specific settings
|
|
description: >
|
|
Test LDAP diagnostics using the provided settings to validate configuration
|
|
and see sample results without modifying the current server configuration.
|
|
Use the `test` query parameter to specify which diagnostic to run.
|
|
|
|
##### Permissions
|
|
|
|
Must have `sysconsole_read_authentication_ldap` or `manage_system` permission.
|
|
operationId: TestLdapDiagnostics
|
|
parameters:
|
|
- in: query
|
|
name: test
|
|
required: true
|
|
description: Type of LDAP diagnostic test to run
|
|
schema:
|
|
type: string
|
|
enum:
|
|
- filters
|
|
- attributes
|
|
- group_attributes
|
|
example: filters
|
|
requestBody:
|
|
description: LDAP settings to test diagnostics with
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/LdapSettings"
|
|
responses:
|
|
"200":
|
|
description: LDAP diagnostic test results
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/LdapDiagnosticResult"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/groups:
|
|
get:
|
|
tags:
|
|
- ldap
|
|
summary: Returns a list of LDAP groups
|
|
description: >
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
|
|
__Minimum server version__: 5.11
|
|
operationId: GetLdapGroups
|
|
parameters:
|
|
- name: q
|
|
in: query
|
|
description: Search term
|
|
required: false
|
|
schema:
|
|
type: string
|
|
- name: page
|
|
in: query
|
|
description: The page to select.
|
|
schema:
|
|
type: integer
|
|
default: 0
|
|
- name: per_page
|
|
in: query
|
|
description: The number of users per page.
|
|
per page.
|
|
schema:
|
|
type: integer
|
|
default: 60
|
|
responses:
|
|
"200":
|
|
description: LDAP group page retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/LDAPGroupsPaged"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
/api/v4/ldap/groups/{remote_id}/link:
|
|
post:
|
|
tags:
|
|
- ldap
|
|
summary: Link a LDAP group
|
|
description: >
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
|
|
__Minimum server version__: 5.11
|
|
operationId: LinkLdapGroup
|
|
parameters:
|
|
- name: remote_id
|
|
in: path
|
|
description: Group GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"201":
|
|
description: LDAP group successfully linked
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
delete:
|
|
tags:
|
|
- groups
|
|
summary: Delete a link for LDAP group
|
|
description: >
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
|
|
__Minimum server version__: 5.11
|
|
operationId: UnlinkLdapGroup
|
|
parameters:
|
|
- name: remote_id
|
|
in: path
|
|
description: Group GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Successfully deleted ldap group link
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
/api/v4/ldap/migrateid:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Migrate Id LDAP
|
|
description: >
|
|
Migrate LDAP IdAttribute to new value.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
|
|
__Minimum server version__: 5.26
|
|
operationId: MigrateIdLdap
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
required:
|
|
- toAttribute
|
|
properties:
|
|
toAttribute:
|
|
description: New IdAttribute value
|
|
type: string
|
|
required: true
|
|
responses:
|
|
"200":
|
|
description: Migration successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/certificate/public:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Upload public certificate
|
|
description: >
|
|
Upload the public certificate to be used for TLS verification. The server will pick a hard-coded filename for the
|
|
PublicCertificateFile setting in your `config.json`.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: UploadLdapPublicCertificate
|
|
requestBody:
|
|
content:
|
|
multipart/form-data:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
certificate:
|
|
description: The public certificate file
|
|
type: string
|
|
format: binary
|
|
required:
|
|
- certificate
|
|
responses:
|
|
"200":
|
|
description: LDAP certificate upload successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
delete:
|
|
tags:
|
|
- LDAP
|
|
summary: Remove public certificate
|
|
description: >
|
|
Delete the current public certificate being used for TLS verification.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: DeleteLdapPublicCertificate
|
|
responses:
|
|
"200":
|
|
description: LDAP certificate delete successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/certificate/private:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Upload private key
|
|
description: >
|
|
Upload the private key to be used for TLS verification. The server will pick a hard-coded filename for the
|
|
PrivateKeyFile setting in your `config.json`.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: UploadLdapPrivateCertificate
|
|
requestBody:
|
|
content:
|
|
multipart/form-data:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
certificate:
|
|
description: The private key file
|
|
type: string
|
|
format: binary
|
|
required:
|
|
- certificate
|
|
responses:
|
|
"200":
|
|
description: LDAP certificate upload successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
delete:
|
|
tags:
|
|
- LDAP
|
|
summary: Remove private key
|
|
description: >
|
|
Delete the current private key being used with your TLS verification.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_system` permission.
|
|
operationId: DeleteLdapPrivateCertificate
|
|
responses:
|
|
"200":
|
|
description: LDAP certificate delete successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/api/v4/ldap/users/{user_id}/group_sync_memberships:
|
|
post:
|
|
tags:
|
|
- LDAP
|
|
summary: Create memberships for LDAP configured channels and teams for this user
|
|
description: >
|
|
Add the user to each channel and team configured for each LDAP group of whicht the user is
|
|
a member.
|
|
|
|
##### Permissions
|
|
|
|
Must have `sysconsole_write_user_management_groups` permission.
|
|
operationId: AddUserToGroupSyncables
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
description: User Id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Channel and team memberships created as needed.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|