outposts/ldap: use authorization_flow instead of separate field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/providers/ldap/api.py

@@ -14,7 +14,6 @@ class LDAPProviderSerializer(ProviderSerializer):
 
         model = LDAPProvider
         fields = ProviderSerializer.Meta.fields + [
-            "bind_flow",
             "base_dn",
         ]
 
@@ -31,7 +30,7 @@ class LDAPOutpostConfigSerializer(ModelSerializer):
     """LDAPProvider Serializer"""
 
     application_slug = CharField(source="application.slug")
-    bind_flow_slug = CharField(source="bind_flow.slug")
+    bind_flow_slug = CharField(source="authorization_flow.slug")
 
     class Meta:
 

authentik/providers/ldap/migrations/0001_initial.py

@@ -1,4 +1,4 @@
-# Generated by Django 3.2 on 2021-04-26 09:51
+# Generated by Django 3.2 on 2021-04-26 12:45
 
 import django.db.models.deletion
 from django.db import migrations, models
@@ -10,7 +10,6 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ("authentik_core", "0019_source_managed"),
-        ("authentik_flows", "0018_oob_flows"),
     ]
 
     operations = [
@@ -35,21 +34,11 @@ class Migration(migrations.Migration):
                         help_text="DN under which objects are accessible.",
                     ),
                 ),
-                (
-                    "bind_flow",
-                    models.ForeignKey(
-                        default=None,
-                        help_text="Flow which is used to bind users. When left empty, no users will be able to bind.",
-                        null=True,
-                        on_delete=django.db.models.deletion.SET_DEFAULT,
-                        to="authentik_flows.flow",
-                    ),
-                ),
             ],
             options={
                 "verbose_name": "LDAP Provider",
                 "verbose_name_plural": "LDAP Providers",
             },
-            bases=("authentik_core.provider",),
+            bases=("authentik_core.provider", models.Model),
         ),
     ]

authentik/providers/ldap/models.py

@@ -18,16 +18,6 @@ class LDAPProvider(OutpostModel, Provider):
         help_text=_("DN under which objects are accessible."),
     )
 
-    bind_flow = models.ForeignKey(
-        Flow,
-        null=True,
-        default=None,
-        on_delete=models.SET_DEFAULT,
-        help_text=_(
-            "Flow which is used to bind users. When left empty, no users will be able to bind."
-        ),
-    )
-
     @property
     def launch_url(self) -> Optional[str]:
         """LDAP never has a launch URL"""

outpost/pkg/ldap/api.go

@@ -37,7 +37,7 @@ func (ls *LDAPServer) Refresh() error {
 }
 
 func (ls *LDAPServer) Start() error {
-	listen := "127.0.0.1:3390"
+	listen := "0.0.0.0:3389"
 	log.Debugf("Listening on %s", listen)
 	err := ls.s.ListenAndServe(listen)
 	if err != nil {

outpost/proxy.Dockerfile

@@ -6,7 +6,6 @@ COPY . .
 
 RUN go build -o /work/proxy ./cmd/proxy
 
-# Copy binary to alpine
 FROM gcr.io/distroless/base-debian10:debug
 
 COPY --from=builder /work/proxy /

swagger.yaml

@@ -17101,13 +17101,6 @@ definitions:
         title: Verbose name plural
         type: string
         readOnly: true
-      bind_flow:
-        title: Bind flow
-        description: Flow which is used to bind users. When left empty, no users will
-          be able to bind.
-        type: string
-        format: uuid
-        x-nullable: true
       base_dn:
         title: Base dn
         description: DN under which objects are accessible.

web/src/pages/outposts/OutpostForm.ts

@@ -89,6 +89,16 @@ export class OutpostForm extends Form<Outpost> {
                             return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
                         });
                     }), html`<option>${t`Loading...`}</option>`)}
+                    ${until(new ProvidersApi(DEFAULT_CONFIG).providersLdapList({
+                        ordering: "pk"
+                    }).then(providers => {
+                        return providers.results.map(provider => {
+                            const selected = Array.from(this.outpost?.providers || []).some(sp => {
+                                return sp == provider.pk;
+                            });
+                            return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
+                        });
+                    }), html`<option>${t`Loading...`}</option>`)}
                 </select>
                 <p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p>
             </ak-form-element-horizontal>

web/src/pages/providers/ldap/LDAPProviderForm.ts

@@ -56,14 +56,14 @@ export class LDAPProviderFormPage extends Form<LDAPProvider> {
             <ak-form-element-horizontal
                 label=${t`Bind flow`}
                 ?required=${true}
-                name="bindFlow">
+                name="authorizationFlow">
                 <select class="pf-c-form-control">
                     ${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
                         ordering: "pk",
                         designation: FlowDesignationEnum.Authentication,
                     }).then(flows => {
                         return flows.results.map(flow => {
-                            return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.bindFlow === flow.pk}>${flow.name} (${flow.slug})</option>`;
+                            return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.authorizationFlow === flow.pk}>${flow.name} (${flow.slug})</option>`;
                         });
                     }), html`<option>${t`Loading...`}</option>`)}
                 </select>