feat: add management for ldap idp template (#5220)

Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 03:57:32 +00:00 · 2023-02-15 09:14:59 +01:00
parent 058192c22b
commit 586495a0be
37 changed files with 7298 additions and 14 deletions
--- a/docs/docs/apis/proto/admin.md
+++ b/docs/docs/apis/proto/admin.md
@@ -568,6 +568,68 @@ all fields are updated. If no value is provided the field will be empty afterwar
    PUT: /idps/{idp_id}/jwt_config


+### ListProviders
+
+> **rpc** ListProviders([ListProvidersRequest](#listprovidersrequest))
+[ListProvidersResponse](#listprovidersresponse)
+
+Returns all identity providers, which match the query
+Limit should always be set, there is a default limit set by the service
+
+
+
+    POST: /idps/templates/_search
+
+
+### GetProviderByID
+
+> **rpc** GetProviderByID([GetProviderByIDRequest](#getproviderbyidrequest))
+[GetProviderByIDResponse](#getproviderbyidresponse)
+
+Returns an identity provider of the instance
+
+
+
+    GET: /idps/templates/{id}
+
+
+### AddLDAPProvider
+
+> **rpc** AddLDAPProvider([AddLDAPProviderRequest](#addldapproviderrequest))
+[AddLDAPProviderResponse](#addldapproviderresponse)
+
+Add a new ldap identity provider on the instance
+
+
+
+    POST: /idps/ldap
+
+
+### UpdateLDAPProvider
+
+> **rpc** UpdateLDAPProvider([UpdateLDAPProviderRequest](#updateldapproviderrequest))
+[UpdateLDAPProviderResponse](#updateldapproviderresponse)
+
+Change an existing ldap identity provider on the instance
+
+
+
+    POST: /idps/ldap/{id}
+
+
+### DeleteProvider
+
+> **rpc** DeleteProvider([DeleteProviderRequest](#deleteproviderrequest))
+[DeleteProviderResponse](#deleteproviderresponse)
+
+Remove an identity provider
+Will remove all linked providers of this configuration on the users
+
+
+
+    POST: /idps/templates/{id}
+
+
 ### GetOrgIAMPolicy

 > **rpc** GetOrgIAMPolicy([GetOrgIAMPolicyRequest](#getorgiampolicyrequest))
@@ -1861,6 +1923,39 @@ This is an empty request



+### AddLDAPProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| name |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| host |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| port |  string | - | string.max_len: 5<br />  |
+| tls |  bool | - |  |
+| base_dn |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_object_class |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_unique_attribute |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| admin |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| password |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| attributes |  zitadel.idp.v1.LDAPAttributes | - |  |
+| provider_options |  zitadel.idp.v1.Options | - |  |
+
+
+
+
+### AddLDAPProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+| id |  string | - |  |
+
+
+
+
 ### AddMultiFactorToLoginPolicyRequest


@@ -2124,6 +2219,28 @@ This is an empty request



+### DeleteProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+
+
+
+
+### DeleteProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+
+
+
+
 ### ExportDataRequest


@@ -2924,6 +3041,28 @@ This is an empty request



+### GetProviderByIDRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+
+
+
+
+### GetProviderByIDResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| idp |  zitadel.idp.v1.Provider | - |  |
+
+
+
+
 ### GetSMSProviderRequest


@@ -3541,6 +3680,30 @@ This is an empty request



+### ListProvidersRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| query |  zitadel.v1.ListQuery | list limitations and ordering |  |
+| queries | repeated ProviderQuery | criteria the client is looking for |  |
+
+
+
+
+### ListProvidersResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ListDetails | - |  |
+| result | repeated zitadel.idp.v1.Provider | - |  |
+
+
+
+
 ### ListSMSProvidersRequest


@@ -3605,6 +3768,18 @@ This is an empty request



+### ProviderQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.idp_id_query |  zitadel.idp.v1.IDPIDQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.idp_name_query |  zitadel.idp.v1.IDPNameQuery | - |  |
+
+
+
+
 ### ReactivateIDPRequest


@@ -4715,6 +4890,39 @@ this is en empty request



+### UpdateLDAPProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| name |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| host |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| port |  string | - | string.max_len: 5<br />  |
+| tls |  bool | - |  |
+| base_dn |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_object_class |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_unique_attribute |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| admin |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| password |  string | - | string.max_len: 200<br />  |
+| attributes |  zitadel.idp.v1.LDAPAttributes | - |  |
+| provider_options |  zitadel.idp.v1.Options | - |  |
+
+
+
+
+### UpdateLDAPProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+
+
+
+
 ### UpdateLabelPolicyRequest


--- a/docs/docs/apis/proto/idp.md
+++ b/docs/docs/apis/proto/idp.md
@@ -105,6 +105,48 @@ title: zitadel/idp.proto



+### LDAPAttributes
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id_attribute |  string | - | string.max_len: 200<br />  |
+| first_name_attribute |  string | - | string.max_len: 200<br />  |
+| last_name_attribute |  string | - | string.max_len: 200<br />  |
+| display_name_attribute |  string | - | string.max_len: 200<br />  |
+| nick_name_attribute |  string | - | string.max_len: 200<br />  |
+| preferred_username_attribute |  string | - | string.max_len: 200<br />  |
+| email_attribute |  string | - | string.max_len: 200<br />  |
+| email_verified_attribute |  string | - | string.max_len: 200<br />  |
+| phone_attribute |  string | - | string.max_len: 200<br />  |
+| phone_verified_attribute |  string | - | string.max_len: 200<br />  |
+| preferred_language_attribute |  string | - | string.max_len: 200<br />  |
+| avatar_url_attribute |  string | - | string.max_len: 200<br />  |
+| profile_attribute |  string | - | string.max_len: 200<br />  |
+
+
+
+
+### LDAPConfig
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| host |  string | - |  |
+| port |  string | - |  |
+| tls |  bool | - |  |
+| base_dn |  string | - |  |
+| user_object_class |  string | - |  |
+| user_unique_attribute |  string | - |  |
+| admin |  string | - |  |
+| attributes |  LDAPAttributes | - |  |
+| provider_options |  Options | - |  |
+
+
+
+
 ### OIDCConfig


@@ -120,6 +162,49 @@ title: zitadel/idp.proto



+### Options
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| is_linking_allowed |  bool | - |  |
+| is_creation_allowed |  bool | - |  |
+| is_auto_creation |  bool | - |  |
+| is_auto_update |  bool | - |  |
+
+
+
+
+### Provider
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - |  |
+| details |  zitadel.v1.ObjectDetails | - |  |
+| state |  IDPState | - |  |
+| name |  string | - |  |
+| owner |  IDPOwnerType | - |  |
+| type |  ProviderType | - |  |
+| config |  ProviderConfig | - |  |
+
+
+
+
+### ProviderConfig
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| options |  Options | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) config.ldap |  LDAPConfig | - |  |
+
+
+
+


 ## Enums
@@ -195,3 +280,23 @@ authorization framework of the identity provider



+### ProviderType {#providertype}
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| PROVIDER_TYPE_UNSPECIFIED | 0 | - |
+| PROVIDER_TYPE_OIDC | 1 | - |
+| PROVIDER_TYPE_JWT | 2 | - |
+| PROVIDER_TYPE_LDAP | 3 | - |
+| PROVIDER_TYPE_OAUTH | 4 | - |
+| PROVIDER_TYPE_AZURE_AD | 5 | - |
+| PROVIDER_TYPE_GITHUB | 6 | - |
+| PROVIDER_TYPE_GITHUB_EE | 7 | - |
+| PROVIDER_TYPE_GITLAB | 8 | - |
+| PROVIDER_TYPE_GITLAB_SELF_HOSTED | 9 | - |
+| PROVIDER_TYPE_GOOGLE | 10 | - |
+
+
+
+
--- a/docs/docs/apis/proto/management.md
+++ b/docs/docs/apis/proto/management.md
@@ -3025,6 +3025,68 @@ Change JWT identity provider configuration of the organisation
    PUT: /idps/{idp_id}/jwt_config


+### ListProviders
+
+> **rpc** ListProviders([ListProvidersRequest](#listprovidersrequest))
+[ListProvidersResponse](#listprovidersresponse)
+
+Returns all identity providers, which match the query
+Limit should always be set, there is a default limit set by the service
+
+
+
+    POST: /idps/templates/_search
+
+
+### GetProviderByID
+
+> **rpc** GetProviderByID([GetProviderByIDRequest](#getproviderbyidrequest))
+[GetProviderByIDResponse](#getproviderbyidresponse)
+
+Returns an identity provider of the organisation
+
+
+
+    GET: /idps/templates/{id}
+
+
+### AddLDAPProvider
+
+> **rpc** AddLDAPProvider([AddLDAPProviderRequest](#addldapproviderrequest))
+[AddLDAPProviderResponse](#addldapproviderresponse)
+
+Add a new ldap identity provider in the organisation
+
+
+
+    POST: /idps/ldap
+
+
+### UpdateLDAPProvider
+
+> **rpc** UpdateLDAPProvider([UpdateLDAPProviderRequest](#updateldapproviderrequest))
+[UpdateLDAPProviderResponse](#updateldapproviderresponse)
+
+Change an existing ldap identity provider in the organisation
+
+
+
+    POST: /idps/ldap/{id}
+
+
+### DeleteProvider
+
+> **rpc** DeleteProvider([DeleteProviderRequest](#deleteproviderrequest))
+[DeleteProviderResponse](#deleteproviderresponse)
+
+Remove an identity provider
+Will remove all linked providers of this configuration on the users
+
+
+
+    POST: /idps/templates/{id}
+
+
 ### ListActions

 > **rpc** ListActions([ListActionsRequest](#listactionsrequest))
@@ -3551,6 +3613,39 @@ This is an empty request



+### AddLDAPProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| name |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| host |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| port |  string | - | string.max_len: 5<br />  |
+| tls |  bool | - |  |
+| base_dn |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_object_class |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_unique_attribute |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| admin |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| password |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| attributes |  zitadel.idp.v1.LDAPAttributes | - |  |
+| provider_options |  zitadel.idp.v1.Options | - |  |
+
+
+
+
+### AddLDAPProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+| id |  string | - |  |
+
+
+
+
 ### AddMachineKeyRequest


@@ -4450,6 +4545,28 @@ This is an empty request



+### DeleteProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+
+
+
+
+### DeleteProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+
+
+
+
 ### GenerateMachineSecretRequest


@@ -5539,6 +5656,28 @@ This is an empty request



+### GetProviderByIDRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+
+
+
+
+### GetProviderByIDResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| idp |  zitadel.idp.v1.Provider | - |  |
+
+
+
+
 ### GetSupportedLanguagesRequest
 This is an empty request

@@ -6544,6 +6683,30 @@ This is an empty request



+### ListProvidersRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| query |  zitadel.v1.ListQuery | list limitations and ordering |  |
+| queries | repeated ProviderQuery | criteria the client is looking for |  |
+
+
+
+
+### ListProvidersResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ListDetails | - |  |
+| result | repeated zitadel.idp.v1.Provider | - |  |
+
+
+
+
 ### ListUserChangesRequest


@@ -6689,6 +6852,19 @@ This is an empty request



+### ProviderQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.idp_id_query |  zitadel.idp.v1.IDPIDQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.idp_name_query |  zitadel.idp.v1.IDPNameQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.owner_type_query |  zitadel.idp.v1.IDPOwnerTypeQuery | - |  |
+
+
+
+
 ### ReactivateActionRequest


@@ -8760,6 +8936,39 @@ This is an empty request



+### UpdateLDAPProviderRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| id |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| name |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| host |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| port |  string | - | string.max_len: 5<br />  |
+| tls |  bool | - |  |
+| base_dn |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_object_class |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| user_unique_attribute |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| admin |  string | - | string.min_len: 1<br /> string.max_len: 200<br />  |
+| password |  string | - | string.max_len: 200<br />  |
+| attributes |  zitadel.idp.v1.LDAPAttributes | - |  |
+| provider_options |  zitadel.idp.v1.Options | - |  |
+
+
+
+
+### UpdateLDAPProviderResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ObjectDetails | - |  |
+
+
+
+
 ### UpdateMachineRequest