def _group_elements(self): group_elements = [ ( "group_dn", LDAPDistinguishedName( title=_("Group base DN"), help=_( "Give a base distinguished name here, e. g. <tt>OU=groups,DC=example,DC=com</tt><br> " "All groups used must be located below this one."), size=80, ), ), ( "group_scope", DropdownChoice( title=_("Search scope"), help= _("Scope to be used in group related LDAP searches. In most cases " "<i>Search whole subtree below the base DN</i> " "is the best choice. It searches for matching objects in the given base " "recursively."), choices=[ ("sub", _("Search whole subtree below the base DN")), ("base", _("Search only the entry at the base DN")), ("one", _("Search all entries one level below the base DN")), ], default_value="sub", ), ), ( "group_filter", TextInput( title=_("Search filter"), help= _("Using this option you can define an optional LDAP filter which is used " "during group related LDAP searches. It can be used to only handle a " "subset of the groups below the given base DN.<br><br>" "e.g. <tt>(objectclass=group)</tt>"), size=80, default_value=lambda: ldap_filter_of_connection( self._connection_id, "groups", False), ), ), ( "group_member", TextInput( title=_("Member attribute"), help= _("The attribute used to identify users group memberships." ), default_value=lambda: ldap_attr_of_connection( self._connection_id, "member"), ), ), ] return group_elements
def _user_elements(self): user_elements = [ ( "user_dn", LDAPDistinguishedName( title=_("User base DN"), help= _("Give a base distinguished name here, e. g. <tt>OU=users,DC=example,DC=com</tt><br> " "All user accounts to synchronize must be located below this one." ), size=80, ), ), ( "user_scope", DropdownChoice( title=_("Search scope"), help=_( "Scope to be used in LDAP searches. In most cases <i>Search whole subtree below " "the base DN</i> is the best choice. " "It searches for matching objects recursively."), choices=[ ("sub", _("Search whole subtree below the base DN")), ("base", _("Search only the entry at the base DN")), ("one", _("Search all entries one level below the base DN")), ], default_value="sub", ), ), ( "user_filter", TextInput( title=_("Search filter"), help= _("Using this option you can define an optional LDAP filter which is used during " "LDAP searches. It can be used to only handle a subset of the users below the given " "base DN.<br><br>Some common examples:<br><br> " "All user objects in LDAP:<br> " "<tt>(&(objectclass=user)(objectcategory=person))</tt><br> " "Members of a group:<br> " "<tt>(&(objectclass=user)(objectcategory=person)(memberof=CN=cmk-users,OU=groups,DC=example,DC=com))</tt><br> " "Members of a nested group:<br> " "<tt>(&(objectclass=user)(objectcategory=person)(memberof:1.2.840.113556.1.4.1941:=CN=cmk-users,OU=groups,DC=example,DC=com))</tt><br>" ), size=80, default_value=lambda: ldap_filter_of_connection( self._connection_id, "users", False), ), ), ( "user_filter_group", LDAPDistinguishedName( title=_("Filter group (see help)"), help= _("Using this option you can define the DN of a group object which is used to filter the users. " "Only members of this group will then be synchronized. This is a filter which can be " 'used to extend capabilities of the regular "Search Filter". Using the search filter ' "you can only define filters which directly apply to the user objects. To filter by " "group memberships, you can use the <tt>memberOf</tt> attribute of the user objects in some " "directories. But some directories do not have such attributes because the memberships " "are stored in the group objects as e.g. <tt>member</tt> attributes. You should use the " "regular search filter whenever possible and only use this filter when it is really " "neccessary. Finally you can say, you should not use this option when using Active Directory. " "This option is neccessary in OpenLDAP directories when you like to filter by group membership.<br><br>" "If using, give a plain distinguished name of a group here, e. g. " "<tt>CN=cmk-users,OU=groups,DC=example,DC=com</tt>"), size=80, ), ), ( "user_id", TextInput( title=_("User-ID attribute"), help= _("The attribute used to identify the individual users. It must have " "unique values to make an user identifyable by the value of this " "attribute."), default_value=lambda: ldap_attr_of_connection( self._connection_id, "user_id"), ), ), ( "lower_user_ids", FixedValue( title=_("Lower case User-IDs"), help= _("Convert imported User-IDs to lower case during synchronization." ), value=True, totext=_("Enforce lower case User-IDs."), ), ), ( "user_id_umlauts", Transform( DropdownChoice( title=_("Umlauts in User-IDs (deprecated)"), help= _("Checkmk was not not supporting special characters (like Umlauts) in " "User-IDs. To deal with LDAP users having umlauts in their User-IDs " "you had the choice to replace umlauts with other characters. This option " "is still available for compatibility reasons, but you are adviced to use " 'the "keep" option for new installations.'), choices=[ ("keep", _("Keep special characters")), ("replace", _('Replace umlauts like "ü" with "ue"')), ], default_value="keep", ), forth=lambda x: "keep" if (x == "skip") else x, ), ), ( "create_only_on_login", FixedValue( title=_("Create users only on login"), value=True, totext=_( "Instead of creating the user accounts during the regular sync, create " "the user on the first login."), ), ), ] return user_elements