def _group_elements(self):
group_elements = [
(
"group_dn",
LDAPDistinguishedName(
title=_("Group base DN"),
help=_(
"Give a base distinguished name here, e. g. <tt>OU=groups,DC=example,DC=com</tt><br> "
"All groups used must be located below this one."),
size=80,
),
),
(
"group_scope",
DropdownChoice(
title=_("Search scope"),
help=
_("Scope to be used in group related LDAP searches. In most cases "
"<i>Search whole subtree below the base DN</i> "
"is the best choice. It searches for matching objects in the given base "
"recursively."),
choices=[
("sub", _("Search whole subtree below the base DN")),
("base", _("Search only the entry at the base DN")),
("one",
_("Search all entries one level below the base DN")),
],
default_value="sub",
),
),
(
"group_filter",
TextInput(
title=_("Search filter"),
help=
_("Using this option you can define an optional LDAP filter which is used "
"during group related LDAP searches. It can be used to only handle a "
"subset of the groups below the given base DN.<br><br>"
"e.g. <tt>(objectclass=group)</tt>"),
size=80,
default_value=lambda: ldap_filter_of_connection(
self._connection_id, "groups", False),
),
),
(
"group_member",
TextInput(
title=_("Member attribute"),
help=
_("The attribute used to identify users group memberships."
),
default_value=lambda: ldap_attr_of_connection(
self._connection_id, "member"),
),
),
]
return group_elements
def _user_elements(self):
user_elements = [
(
"user_dn",
LDAPDistinguishedName(
title=_("User base DN"),
help=
_("Give a base distinguished name here, e. g. <tt>OU=users,DC=example,DC=com</tt><br> "
"All user accounts to synchronize must be located below this one."
),
size=80,
),
),
(
"user_scope",
DropdownChoice(
title=_("Search scope"),
help=_(
"Scope to be used in LDAP searches. In most cases <i>Search whole subtree below "
"the base DN</i> is the best choice. "
"It searches for matching objects recursively."),
choices=[
("sub", _("Search whole subtree below the base DN")),
("base", _("Search only the entry at the base DN")),
("one",
_("Search all entries one level below the base DN")),
],
default_value="sub",
),
),
(
"user_filter",
TextInput(
title=_("Search filter"),
help=
_("Using this option you can define an optional LDAP filter which is used during "
"LDAP searches. It can be used to only handle a subset of the users below the given "
"base DN.<br><br>Some common examples:<br><br> "
"All user objects in LDAP:<br> "
"<tt>(&(objectclass=user)(objectcategory=person))</tt><br> "
"Members of a group:<br> "
"<tt>(&(objectclass=user)(objectcategory=person)(memberof=CN=cmk-users,OU=groups,DC=example,DC=com))</tt><br> "
"Members of a nested group:<br> "
"<tt>(&(objectclass=user)(objectcategory=person)(memberof:1.2.840.113556.1.4.1941:=CN=cmk-users,OU=groups,DC=example,DC=com))</tt><br>"
),
size=80,
default_value=lambda: ldap_filter_of_connection(
self._connection_id, "users", False),
),
),
(
"user_filter_group",
LDAPDistinguishedName(
title=_("Filter group (see help)"),
help=
_("Using this option you can define the DN of a group object which is used to filter the users. "
"Only members of this group will then be synchronized. This is a filter which can be "
'used to extend capabilities of the regular "Search Filter". Using the search filter '
"you can only define filters which directly apply to the user objects. To filter by "
"group memberships, you can use the <tt>memberOf</tt> attribute of the user objects in some "
"directories. But some directories do not have such attributes because the memberships "
"are stored in the group objects as e.g. <tt>member</tt> attributes. You should use the "
"regular search filter whenever possible and only use this filter when it is really "
"neccessary. Finally you can say, you should not use this option when using Active Directory. "
"This option is neccessary in OpenLDAP directories when you like to filter by group membership.<br><br>"
"If using, give a plain distinguished name of a group here, e. g. "
"<tt>CN=cmk-users,OU=groups,DC=example,DC=com</tt>"),
size=80,
),
),
(
"user_id",
TextInput(
title=_("User-ID attribute"),
help=
_("The attribute used to identify the individual users. It must have "
"unique values to make an user identifyable by the value of this "
"attribute."),
default_value=lambda: ldap_attr_of_connection(
self._connection_id, "user_id"),
),
),
(
"lower_user_ids",
FixedValue(
title=_("Lower case User-IDs"),
help=
_("Convert imported User-IDs to lower case during synchronization."
),
value=True,
totext=_("Enforce lower case User-IDs."),
),
),
(
"user_id_umlauts",
Transform(
DropdownChoice(
title=_("Umlauts in User-IDs (deprecated)"),
help=
_("Checkmk was not not supporting special characters (like Umlauts) in "
"User-IDs. To deal with LDAP users having umlauts in their User-IDs "
"you had the choice to replace umlauts with other characters. This option "
"is still available for compatibility reasons, but you are adviced to use "
'the "keep" option for new installations.'),
choices=[
("keep", _("Keep special characters")),
("replace",
_('Replace umlauts like "ü" with "ue"')),
],
default_value="keep",
),
forth=lambda x: "keep" if (x == "skip") else x,
),
),
(
"create_only_on_login",
FixedValue(
title=_("Create users only on login"),
value=True,
totext=_(
"Instead of creating the user accounts during the regular sync, create "
"the user on the first login."),
),
),
]
return user_elements
