From 87cb2256682ae47e2dd09f28238205611c17cd0e Mon Sep 17 00:00:00 2001
From: Louis Chemineau <louis@chmn.me>
Date: Tue, 30 Sep 2025 18:19:26 +0200
Subject: [PATCH] refactor(user_ldap): Rewrite setup wizard

Signed-off-by: Louis Chemineau <louis@chmn.me>
---
 .eslintrc.js                                  |   2 +
 apps/files/src/views/Settings.vue             |   1 -
 apps/user_ldap/appinfo/routes.php             |   6 -
 apps/user_ldap/js/wizard/configModel.js       |   4 +
 .../lib/Controller/ConfigAPIController.php    |   9 +-
 apps/user_ldap/lib/Settings/Admin.php         |  43 ++-
 apps/user_ldap/openapi.json                   |  59 ++--
 apps/user_ldap/src/LDAPSettingsApp.vue        |  11 +
 .../components/SettingsTabs/AdvancedTab.vue   | 294 ++++++++++++++++++
 .../src/components/SettingsTabs/ExpertTab.vue |  64 ++++
 .../src/components/SettingsTabs/GroupsTab.vue | 158 ++++++++++
 .../src/components/SettingsTabs/LoginTab.vue  | 171 ++++++++++
 .../src/components/SettingsTabs/ServerTab.vue | 192 ++++++++++++
 .../src/components/SettingsTabs/UsersTab.vue  | 180 +++++++++++
 .../src/components/WizardControls.vue         |  94 ++++++
 apps/user_ldap/src/main.ts                    |  21 ++
 apps/user_ldap/src/models/index.ts            |  71 +++++
 .../src/services/ldapConfigService.ts         | 189 +++++++++++
 apps/user_ldap/src/services/logger.ts         |  11 +
 apps/user_ldap/src/store/configs.ts           |  75 +++++
 apps/user_ldap/src/store/index.ts             |   8 +
 apps/user_ldap/src/views/Settings.vue         | 186 +++++++++++
 apps/user_ldap/templates/settings.php         |   5 +-
 apps/user_ldap/tests/Settings/AdminTest.php   |   8 +-
 openapi.json                                  |  59 ++--
 webpack.modules.js                            |   3 +
 26 files changed, 1834 insertions(+), 90 deletions(-)
 create mode 100644 apps/user_ldap/src/LDAPSettingsApp.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/AdvancedTab.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/ExpertTab.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/GroupsTab.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/LoginTab.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/ServerTab.vue
 create mode 100644 apps/user_ldap/src/components/SettingsTabs/UsersTab.vue
 create mode 100644 apps/user_ldap/src/components/WizardControls.vue
 create mode 100644 apps/user_ldap/src/main.ts
 create mode 100644 apps/user_ldap/src/models/index.ts
 create mode 100644 apps/user_ldap/src/services/ldapConfigService.ts
 create mode 100644 apps/user_ldap/src/services/logger.ts
 create mode 100644 apps/user_ldap/src/store/configs.ts
 create mode 100644 apps/user_ldap/src/store/index.ts
 create mode 100644 apps/user_ldap/src/views/Settings.vue

diff --git a/.eslintrc.js b/.eslintrc.js
index f41e338fe9d..0ec03ea03ed 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -32,6 +32,8 @@ module.exports = {
 			ignores: ['/^[a-z]+(?:-[a-z]+)*:[a-z]+(?:-[a-z]+)*$/u'],
 		}],
 		'vue/html-self-closing': 'error',
+		'jsdoc/require-jsdoc': 'off',
+		'jsdoc/require-param-description': 'off',
 	},
 	settings: {
 		jsdoc: {
diff --git a/apps/files/src/views/Settings.vue b/apps/files/src/views/Settings.vue
index bfac8e0b3d6..0160e387892 100644
--- a/apps/files/src/views/Settings.vue
+++ b/apps/files/src/views/Settings.vue
@@ -127,7 +127,6 @@
 
 		<NcAppSettingsSection id="shortcuts"
 			:name="t('files', 'Keyboard shortcuts')">
-
 			<h3>{{ t('files', 'Actions') }}</h3>
 			<dl>
 				<div>
diff --git a/apps/user_ldap/appinfo/routes.php b/apps/user_ldap/appinfo/routes.php
index 52138060f58..688d8014555 100644
--- a/apps/user_ldap/appinfo/routes.php
+++ b/apps/user_ldap/appinfo/routes.php
@@ -23,12 +23,6 @@ $this->create('user_ldap_ajax_wizard', 'apps/user_ldap/ajax/wizard.php')
 	->actionInclude('user_ldap/ajax/wizard.php');
 
 return [
-	'ocs' => [
-		['name' => 'ConfigAPI#create', 'url' => '/api/v1/config', 'verb' => 'POST'],
-		['name' => 'ConfigAPI#show',   'url' => '/api/v1/config/{configID}', 'verb' => 'GET'],
-		['name' => 'ConfigAPI#modify', 'url' => '/api/v1/config/{configID}', 'verb' => 'PUT'],
-		['name' => 'ConfigAPI#delete', 'url' => '/api/v1/config/{configID}', 'verb' => 'DELETE'],
-	],
 	'routes' => [
 		['name' => 'renewPassword#tryRenewPassword', 'url' => '/renewpassword', 'verb' => 'POST'],
 		['name' => 'renewPassword#showRenewPasswordForm', 'url' => '/renewpassword/{user}', 'verb' => 'GET'],
diff --git a/apps/user_ldap/js/wizard/configModel.js b/apps/user_ldap/js/wizard/configModel.js
index 85c87e2ef15..b559fc33861 100644
--- a/apps/user_ldap/js/wizard/configModel.js
+++ b/apps/user_ldap/js/wizard/configModel.js
@@ -117,6 +117,8 @@ OCA = OCA || {};
 		 * @returns {jqXHR}
 		 */
 		callWizard: function(params, callback, detector) {
+			console.debug('[LDAP - Legacy] Called wizard action', { params })
+
 			return this.callAjax('wizard.php', params, callback, detector);
 		},
 
@@ -180,6 +182,7 @@ OCA = OCA || {};
 			var strParams = OC.buildQueryString(objParams);
 			var model = this;
 			$.post(url, strParams, function(result) { model._processSetResult(model, result, objParams) });
+			console.debug('[LDAP - Legacy] Saved value', { objParams })
 			return true;
 		},
 
@@ -321,6 +324,7 @@ OCA = OCA || {};
 			var params = OC.buildQueryString({ldap_serverconfig_chooser: this.configID});
 			var model = this;
 			$.post(url, params, function(result) { model._processTestResult(model, result) });
+			console.debug('[LDAP - Legacy] Tested configuration', { params })
 			//TODO: make sure only one test is running at a time
 		},
 
diff --git a/apps/user_ldap/lib/Controller/ConfigAPIController.php b/apps/user_ldap/lib/Controller/ConfigAPIController.php
index d98e6d41b52..f417718fa46 100644
--- a/apps/user_ldap/lib/Controller/ConfigAPIController.php
+++ b/apps/user_ldap/lib/Controller/ConfigAPIController.php
@@ -14,6 +14,7 @@ use OCA\User_LDAP\ConnectionFactory;
 use OCA\User_LDAP\Helper;
 use OCA\User_LDAP\Settings\Admin;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\ApiRoute;
 use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
@@ -58,6 +59,7 @@ class ConfigAPIController extends OCSController {
 	 * 200: Config created successfully
 	 */
 	#[AuthorizedAdminSetting(settings: Admin::class)]
+	#[ApiRoute(verb: 'POST', url: '/api/v1/config')]
 	public function create() {
 		try {
 			$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
@@ -82,6 +84,7 @@ class ConfigAPIController extends OCSController {
 	 * 200: Config deleted successfully
 	 */
 	#[AuthorizedAdminSetting(settings: Admin::class)]
+	#[ApiRoute(verb: 'DELETE', url: '/api/v1/config/{configID}')]
 	public function delete($configID) {
 		try {
 			$this->ensureConfigIDExists($configID);
@@ -103,7 +106,7 @@ class ConfigAPIController extends OCSController {
 	 *
 	 * @param string $configID ID of the config
 	 * @param array<string, mixed> $configData New config
-	 * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
+	 * @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>
 	 * @throws OCSException
 	 * @throws OCSBadRequestException Modifying config is not possible
 	 * @throws OCSNotFoundException Config not found
@@ -111,6 +114,7 @@ class ConfigAPIController extends OCSController {
 	 * 200: Config returned
 	 */
 	#[AuthorizedAdminSetting(settings: Admin::class)]
+	#[ApiRoute(verb: 'PUT', url: '/api/v1/config/{configID}')]
 	public function modify($configID, $configData) {
 		try {
 			$this->ensureConfigIDExists($configID);
@@ -137,7 +141,7 @@ class ConfigAPIController extends OCSController {
 			throw new OCSException('An issue occurred when modifying the config.');
 		}
 
-		return new DataResponse();
+		return $this->show($configID, false);
 	}
 
 	/**
@@ -215,6 +219,7 @@ class ConfigAPIController extends OCSController {
 	 * 200: Config returned
 	 */
 	#[AuthorizedAdminSetting(settings: Admin::class)]
+	#[ApiRoute(verb: 'GET', url: '/api/v1/config/{configID}')]
 	public function show($configID, $showPassword = false) {
 		try {
 			$this->ensureConfigIDExists($configID);
diff --git a/apps/user_ldap/lib/Settings/Admin.php b/apps/user_ldap/lib/Settings/Admin.php
index 89fb063265b..a3144fd9c57 100644
--- a/apps/user_ldap/lib/Settings/Admin.php
+++ b/apps/user_ldap/lib/Settings/Admin.php
@@ -9,6 +9,7 @@ namespace OCA\User_LDAP\Settings;
 use OCA\User_LDAP\Configuration;
 use OCA\User_LDAP\Helper;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Services\IInitialState;
 use OCP\IL10N;
 use OCP\Server;
 use OCP\Settings\IDelegatedSettings;
@@ -18,13 +19,11 @@ class Admin implements IDelegatedSettings {
 	public function __construct(
 		private IL10N $l,
 		private ITemplateManager $templateManager,
+		private IInitialState $initialState,
 	) {
 	}
 
-	/**
-	 * @return TemplateResponse
-	 */
-	public function getForm() {
+	public function getForm(): TemplateResponse {
 		$helper = Server::get(Helper::class);
 		$prefixes = $helper->getServerConfigurationPrefixes();
 		if (count($prefixes) === 0) {
@@ -35,19 +34,6 @@ class Admin implements IDelegatedSettings {
 			$prefixes[] = $newPrefix;
 		}
 
-		$hosts = $helper->getServerConfigurationHosts();
-
-		$wControls = $this->templateManager->getTemplate('user_ldap', 'part.wizardcontrols');
-		$wControls = $wControls->fetchPage();
-		$sControls = $this->templateManager->getTemplate('user_ldap', 'part.settingcontrols');
-		$sControls = $sControls->fetchPage();
-
-		$parameters = [];
-		$parameters['serverConfigurationPrefixes'] = $prefixes;
-		$parameters['serverConfigurationHosts'] = $hosts;
-		$parameters['settingControls'] = $sControls;
-		$parameters['wizardControls'] = $wControls;
-
 		// assign default values
 		if (!isset($config)) {
 			$config = new Configuration('', false);
@@ -57,13 +43,26 @@ class Admin implements IDelegatedSettings {
 			$parameters[$key . '_default'] = $default;
 		}
 
+		$ldapConfigs = [];
+		foreach ($prefixes as $prefix) {
+			$ldapConfig = new Configuration($prefix);
+			$rawLdapConfig = $ldapConfig->getConfiguration();
+			foreach ($rawLdapConfig as $key => $value) {
+				if (is_array($value)) {
+					$rawLdapConfig[$key] = implode(';', $value);
+				}
+			}
+
+			$ldapConfigs[$prefix] = $rawLdapConfig;
+		}
+
+		$this->initialState->provideInitialState('ldapConfigs', $ldapConfigs);
+		$this->initialState->provideInitialState('ldapModuleInstalled', function_exists('ldap_connect'));
+
 		return new TemplateResponse('user_ldap', 'settings', $parameters);
 	}
 
-	/**
-	 * @return string the section ID, e.g. 'sharing'
-	 */
-	public function getSection() {
+	public function getSection(): string {
 		return 'ldap';
 	}
 
@@ -74,7 +73,7 @@ class Admin implements IDelegatedSettings {
 	 *
 	 * E.g.: 70
 	 */
-	public function getPriority() {
+	public function getPriority(): int {
 		return 5;
 	}
 
diff --git a/apps/user_ldap/openapi.json b/apps/user_ldap/openapi.json
index 165aedced54..7a04c35072e 100644
--- a/apps/user_ldap/openapi.json
+++ b/apps/user_ldap/openapi.json
@@ -174,10 +174,10 @@
             }
         },
         "/ocs/v2.php/apps/user_ldap/api/v1/config/{configID}": {
-            "get": {
-                "operationId": "configapi-show",
-                "summary": "Get a configuration",
-                "description": "Output can look like this: <?xml version=\"1.0\"?> <ocs> <meta> <status>ok</status> <statuscode>200</statuscode> <message>OK</message> </meta> <data> <ldapHost>ldaps://my.ldap.server</ldapHost> <ldapPort>7770</ldapPort> <ldapBackupHost></ldapBackupHost> <ldapBackupPort></ldapBackupPort> <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase> <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers> <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups> <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName> <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword> <ldapTLS>1</ldapTLS> <turnOffCertCheck>0</turnOffCertCheck> <ldapIgnoreNamingRules/> <ldapUserDisplayName>displayname</ldapUserDisplayName> <ldapUserDisplayName2>uid</ldapUserDisplayName2> <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass> <ldapUserFilterGroups></ldapUserFilterGroups> <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter> <ldapUserFilterMode>1</ldapUserFilterMode> <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter> <ldapGroupFilterMode>0</ldapGroupFilterMode> <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass> <ldapGroupFilterGroups></ldapGroupFilterGroups> <ldapGroupDisplayName>cn</ldapGroupDisplayName> <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr> <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter> <ldapLoginFilterMode>0</ldapLoginFilterMode> <ldapLoginFilterEmail>0</ldapLoginFilterEmail> <ldapLoginFilterUsername>1</ldapLoginFilterUsername> <ldapLoginFilterAttributes></ldapLoginFilterAttributes> <ldapQuotaAttribute></ldapQuotaAttribute> <ldapQuotaDefault></ldapQuotaDefault> <ldapEmailAttribute>mail</ldapEmailAttribute> <ldapCacheTTL>20</ldapCacheTTL> <ldapUuidUserAttribute>auto</ldapUuidUserAttribute> <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute> <ldapOverrideMainServer></ldapOverrideMainServer> <ldapConfigurationActive>1</ldapConfigurationActive> <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch> <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch> <ldapExperiencedAdmin>0</ldapExperiencedAdmin> <homeFolderNamingRule></homeFolderNamingRule> <hasMemberOfFilterSupport></hasMemberOfFilterSupport> <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership> <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr> <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr> <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr> <lastJpegPhotoLookup>0</lastJpegPhotoLookup> <ldapNestedGroups>0</ldapNestedGroups> <ldapPagingSize>500</ldapPagingSize> <turnOnPasswordChange>1</turnOnPasswordChange> <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL> </data> </ocs>\nThis endpoint requires admin access",
+            "delete": {
+                "operationId": "configapi-delete",
+                "summary": "Delete a LDAP configuration",
+                "description": "This endpoint requires admin access",
                 "tags": [
                     "configapi"
                 ],
@@ -199,15 +199,6 @@
                             "type": "string"
                         }
                     },
-                    {
-                        "name": "showPassword",
-                        "in": "query",
-                        "description": "Whether to show the password",
-                        "schema": {
-                            "type": "boolean",
-                            "default": false
-                        }
-                    },
                     {
                         "name": "OCS-APIRequest",
                         "in": "header",
@@ -221,7 +212,7 @@
                 ],
                 "responses": {
                     "200": {
-                        "description": "Config returned",
+                        "description": "Config deleted successfully",
                         "content": {
                             "application/json": {
                                 "schema": {
@@ -240,12 +231,7 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {
-                                                    "type": "object",
-                                                    "additionalProperties": {
-                                                        "type": "object"
-                                                    }
-                                                }
+                                                "data": {}
                                             }
                                         }
                                     }
@@ -418,7 +404,12 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {}
+                                                "data": {
+                                                    "type": "object",
+                                                    "additionalProperties": {
+                                                        "type": "object"
+                                                    }
+                                                }
                                             }
                                         }
                                     }
@@ -540,10 +531,10 @@
                     }
                 }
             },
-            "delete": {
-                "operationId": "configapi-delete",
-                "summary": "Delete a LDAP configuration",
-                "description": "This endpoint requires admin access",
+            "get": {
+                "operationId": "configapi-show",
+                "summary": "Get a configuration",
+                "description": "Output can look like this: <?xml version=\"1.0\"?> <ocs> <meta> <status>ok</status> <statuscode>200</statuscode> <message>OK</message> </meta> <data> <ldapHost>ldaps://my.ldap.server</ldapHost> <ldapPort>7770</ldapPort> <ldapBackupHost></ldapBackupHost> <ldapBackupPort></ldapBackupPort> <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase> <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers> <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups> <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName> <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword> <ldapTLS>1</ldapTLS> <turnOffCertCheck>0</turnOffCertCheck> <ldapIgnoreNamingRules/> <ldapUserDisplayName>displayname</ldapUserDisplayName> <ldapUserDisplayName2>uid</ldapUserDisplayName2> <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass> <ldapUserFilterGroups></ldapUserFilterGroups> <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter> <ldapUserFilterMode>1</ldapUserFilterMode> <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter> <ldapGroupFilterMode>0</ldapGroupFilterMode> <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass> <ldapGroupFilterGroups></ldapGroupFilterGroups> <ldapGroupDisplayName>cn</ldapGroupDisplayName> <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr> <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter> <ldapLoginFilterMode>0</ldapLoginFilterMode> <ldapLoginFilterEmail>0</ldapLoginFilterEmail> <ldapLoginFilterUsername>1</ldapLoginFilterUsername> <ldapLoginFilterAttributes></ldapLoginFilterAttributes> <ldapQuotaAttribute></ldapQuotaAttribute> <ldapQuotaDefault></ldapQuotaDefault> <ldapEmailAttribute>mail</ldapEmailAttribute> <ldapCacheTTL>20</ldapCacheTTL> <ldapUuidUserAttribute>auto</ldapUuidUserAttribute> <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute> <ldapOverrideMainServer></ldapOverrideMainServer> <ldapConfigurationActive>1</ldapConfigurationActive> <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch> <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch> <ldapExperiencedAdmin>0</ldapExperiencedAdmin> <homeFolderNamingRule></homeFolderNamingRule> <hasMemberOfFilterSupport></hasMemberOfFilterSupport> <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership> <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr> <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr> <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr> <lastJpegPhotoLookup>0</lastJpegPhotoLookup> <ldapNestedGroups>0</ldapNestedGroups> <ldapPagingSize>500</ldapPagingSize> <turnOnPasswordChange>1</turnOnPasswordChange> <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL> </data> </ocs>\nThis endpoint requires admin access",
                 "tags": [
                     "configapi"
                 ],
@@ -565,6 +556,15 @@
                             "type": "string"
                         }
                     },
+                    {
+                        "name": "showPassword",
+                        "in": "query",
+                        "description": "Whether to show the password",
+                        "schema": {
+                            "type": "boolean",
+                            "default": false
+                        }
+                    },
                     {
                         "name": "OCS-APIRequest",
                         "in": "header",
@@ -578,7 +578,7 @@
                 ],
                 "responses": {
                     "200": {
-                        "description": "Config deleted successfully",
+                        "description": "Config returned",
                         "content": {
                             "application/json": {
                                 "schema": {
@@ -597,7 +597,12 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {}
+                                                "data": {
+                                                    "type": "object",
+                                                    "additionalProperties": {
+                                                        "type": "object"
+                                                    }
+                                                }
                                             }
                                         }
                                     }
diff --git a/apps/user_ldap/src/LDAPSettingsApp.vue b/apps/user_ldap/src/LDAPSettingsApp.vue
new file mode 100644
index 00000000000..d2daeb62de6
--- /dev/null
+++ b/apps/user_ldap/src/LDAPSettingsApp.vue
@@ -0,0 +1,11 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<Settings />
+</template>
+
+<script lang="ts" setup>
+import Settings from './views/Settings.vue'
+</script>
diff --git a/apps/user_ldap/src/components/SettingsTabs/AdvancedTab.vue b/apps/user_ldap/src/components/SettingsTabs/AdvancedTab.vue
new file mode 100644
index 00000000000..5ff05fa01bb
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/AdvancedTab.vue
@@ -0,0 +1,294 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__advanced">
+		<details open name="ldap-wizard__advanced__section" class="ldap-wizard__advanced__section">
+			<summary><h3>{{ t('user_ldap', 'Connection Settings') }}</h3></summary>
+
+			<NcTextField autocomplete="off"
+				:label=" t('user_ldap', 'Backup (Replica) Host')"
+				:value="ldapConfigProxy.ldapBackupHost"
+				:helper-text="t('user_ldap', 'Give an optional backup host. It must be a replica of the main LDAP/AD server.')"
+				@change.native="(event) => ldapConfigProxy.ldapBackupHost = event.target.value" />
+
+			<NcTextField type="number"
+				:value="ldapConfigProxy.ldapBackupPort"
+				:label="t('user_ldap', 'Backup (Replica) Port') "
+				@change.native="(event) => ldapConfigProxy.ldapBackupPort = event.target.value" />
+
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.ldapOverrideMainServer === '1'"
+				type="switch"
+				:aria-label="t('user_ldap', 'Only connect to the replica server.')"
+				@update:checked="ldapConfigProxy.ldapOverrideMainServer = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Disable Main Server') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.turnOffCertCheck === '1'"
+				:aria-label="t('user_ldap', 'Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your {instanceName} server.', { instanceName })"
+				@update:checked="ldapConfigProxy.turnOffCertCheck = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Turn off SSL certificate validation.') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcTextField type="number"
+				:label="t('user_ldap', 'Cache Time-To-Live')"
+				:value="ldapConfigProxy.ldapCacheTTL"
+				:helper-text="t('user_ldap', 'in seconds. A change empties the cache.')"
+				@change.native="(event) => ldapConfigProxy.ldapCacheTTL = event.target.value" />
+		</details>
+
+		<details name="ldap-wizard__advanced__section" class="ldap-wizard__advanced__section">
+			<summary><h3>{{ t('user_ldap', 'Directory Settings') }}</h3></summary>
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapUserDisplayName"
+				:label="t('user_ldap', 'User Display Name Field')"
+				:helper-text="t('user_ldap', 'The LDAP attribute to use to generate the user\'s display name.')"
+				@change.native="(event) => ldapConfigProxy.ldapUserDisplayName = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapUserDisplayName2"
+				:label="t('user_ldap', '2nd User Display Name Field')"
+				:helper-text="t('user_ldap', 'Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.')"
+				@change.native="(event) => ldapConfigProxy.ldapUserDisplayName2 = event.target.value" />
+
+			<NcTextArea :value="ldapConfigProxy.ldapBaseUsers"
+				:placeholder="t('user_ldap', 'One User Base DN per line')"
+				:label="t('user_ldap', 'Base User Tree')"
+				@change.native="(event) => ldapConfigProxy.ldapBaseUsers = event.target.value" />
+
+			<NcTextArea :value="ldapConfigProxy.ldapAttributesForUserSearch"
+				:placeholder="t('user_ldap', 'Optional; one attribute per line')"
+				:label="t('user_ldap', 'User Search Attributes')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributesForUserSearch = event.target.value" />
+
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.markRemnantsAsDisabled === '1'"
+				:aria-label="t('user_ldap', 'When switched on, users imported from LDAP which are then missing will be disabled')"
+				@update:checked="ldapConfigProxy.markRemnantsAsDisabled = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Disable users missing from LDAP') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapGroupDisplayName"
+				:label="t('user_ldap', 'Group Display Name Field')"
+				:title="t('user_ldap', 'The LDAP attribute to use to generate the groups\'s display name.')"
+				@change.native="(event) => ldapConfigProxy.ldapGroupDisplayName = event.target.value" />
+
+			<NcTextArea :value="ldapConfigProxy.ldapBaseGroups"
+				:placeholder="t('user_ldap', 'One Group Base DN per line')"
+				:label="t('user_ldap', 'Base Group Tree')"
+				@change.native="(event) => ldapConfigProxy.ldapBaseGroups = event.target.value" />
+
+			<NcTextArea :value="ldapConfigProxy.ldapAttributesForGroupSearch"
+				:placeholder="t('user_ldap', 'Optional; one attribute per line')"
+				:label="t('user_ldap', 'Group Search Attributes')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributesForGroupSearch = event.target.value" />
+
+			<NcSelect v-model="ldapConfigProxy.ldapGroupMemberAssocAttr"
+				:options="Object.keys(groupMemberAssociation)"
+				:input-label="t('user_ldap', 'Group-Member association')">
+				<template #option="{label: configId}">
+					{{ groupMemberAssociation[configId] }}
+				</template>
+				<template #selected-option="{label: configId}">
+					{{ groupMemberAssociation[configId] }}
+				</template>
+			</NcSelect>
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Dynamic Group Member URL')"
+				:value="ldapConfigProxy.ldapDynamicGroupMemberURL"
+				:helper-text="t('user_ldap', 'The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)')"
+				@change.native="(event) => ldapConfigProxy.ldapDynamicGroupMemberURL = event.target.value" />
+
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.ldapNestedGroups === '1'"
+				:aria-label="t('user_ldap', 'When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)')"
+				@update:checked="ldapConfigProxy.ldapNestedGroups = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Nested Groups') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcTextField type="number"
+				:label="t('user_ldap', 'Paging chunksize')"
+				:value="ldapConfigProxy.ldapPagingSize"
+				:helper-text="t('user_ldap', 'Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)')"
+				@change.native="(event) => ldapConfigProxy.ldapPagingSize = event.target.value" />
+
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.turnOnPasswordChange === '1'"
+				:aria-label="t('user_ldap', 'Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.')"
+				@update:checked="ldapConfigProxy.turnOnPasswordChange = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Enable LDAP password changes per user') }}
+			</NcCheckboxRadioSwitch>
+			<span class="tablecell">
+				{{ t('user_ldap', '(New password is sent as plain text to LDAP)') }}
+			</span>
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Default password policy DN')"
+				:value="ldapConfigProxy.ldapDefaultPPolicyDN"
+				:helper-text="t('user_ldap', 'The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.')"
+				@change.native="(event) => ldapConfigProxy.ldapDefaultPPolicyDN = event.target.value" />
+		</details>
+
+		<details name="ldap-wizard__advanced__section" class="ldap-wizard__advanced__section">
+			<summary><h3>{{ t('user_ldap', 'Special Attributes') }}</h3></summary>
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapQuotaAttribute"
+				:label="t('user_ldap', 'Quota Field')"
+				:helper-text="t('user_ldap', 'Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.')"
+				@change.native="(event) => ldapConfigProxy.ldapQuotaAttribute = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapQuotaDefault"
+				:label="t('user_ldap', 'Quota Default')"
+				:helper-text="t('user_ldap', 'Override default quota for LDAP users who do not have a quota set in the Quota Field.')"
+				@change.native="(event) => ldapConfigProxy.ldapQuotaDefault = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:value="ldapConfigProxy.ldapEmailAttribute"
+				:label="t('user_ldap', 'Email Field')"
+				:helper-text="t('user_ldap', 'Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.')"
+				@change.native="(event) => ldapConfigProxy.ldapEmailAttribute = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'User Home Folder Naming Rule')"
+				:value="ldapConfigProxy.homeFolderNamingRule"
+				:helper-text="t('user_ldap', 'Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.')"
+				@change.native="(event) => ldapConfigProxy.homeFolderNamingRule = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', '`$home` Placeholder Field')"
+				:value="ldapConfigProxy.ldapExtStorageHomeAttribute"
+				:helper-text="t('user_ldap', '$home in an external storage configuration will be replaced with the value of the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapExtStorageHomeAttribute = event.target.value" />
+		</details>
+
+		<details name="ldap-wizard__advanced__section" class="ldap-wizard__advanced__section">
+			<summary><h3>{{ t('user_ldap', 'User Profile Attributes') }}</h3></summary>
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Phone Field')"
+				:value="ldapConfigProxy.ldapAttributePhone"
+				:helper-text="t('user_ldap', 'User profile Phone will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributePhone = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Website Field')"
+				:value="ldapConfigProxy.ldapAttributeWebsite"
+				:helper-text="t('user_ldap', 'User profile Website will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeWebsite = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Address Field')"
+				:value="ldapConfigProxy.ldapAttributeAddress"
+				:helper-text="t('user_ldap', 'User profile Address will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeAddress = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Twitter Field')"
+				:value="ldapConfigProxy.ldapAttributeTwitter"
+				:helper-text="t('user_ldap', 'User profile Twitter will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeTwitter = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Fediverse Field')"
+				:value="ldapConfigProxy.ldapAttributeFediverse"
+				:helper-text="t('user_ldap', 'User profile Fediverse will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeFediverse = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Organisation Field')"
+				:value="ldapConfigProxy.ldapAttributeOrganisation"
+				:helper-text="t('user_ldap', 'User profile Organisation will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeOrganisation = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Role Field')"
+				:value="ldapConfigProxy.ldapAttributeRole"
+				:helper-text="t('user_ldap', 'User profile Role will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeRole = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Headline Field')"
+				:value="ldapConfigProxy.ldapAttributeHeadline"
+				:helper-text="t('user_ldap', 'User profile Headline will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeHeadline = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Biography Field')"
+				:value="ldapConfigProxy.ldapAttributeBiography"
+				:helper-text="t('user_ldap', 'User profile Biography will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeBiography = event.target.value" />
+
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'Birthdate Field')"
+				:value="ldapConfigProxy.ldapAttributeBirthDate"
+				:helper-text="t('user_ldap', 'User profile Date of birth will be set from the specified attribute')"
+				@change.native="(event) => ldapConfigProxy.ldapAttributeBirthDate = event.target.value" />
+		</details>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { computed } from 'vue'
+
+import { t } from '@nextcloud/l10n'
+import { NcTextField, NcTextArea, NcCheckboxRadioSwitch, NcSelect } from '@nextcloud/vue'
+import { getCapabilities } from '@nextcloud/capabilities'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId))
+
+const instanceName = (getCapabilities() as { theming: { name:string } }).theming.name
+
+const groupMemberAssociation = {
+	uniqueMember: t('user_ldap', 'uniqueMember'),
+	memberUid: t('user_ldap', 'memberUid'),
+	member: t('user_ldap', 'member (AD)'),
+	gidNumber: t('user_ldap', 'gidNumber'),
+	zimbraMailForwardingAddress: t('user_ldap', 'zimbraMailForwardingAddress'),
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__advanced {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	&__section {
+		display: flex;
+		flex-direction: column;
+		border: 1px solid var(--color-text-lighter);
+		border-radius: var(--border-radius);
+		padding: 8px;
+
+		& > * {
+			margin-top: 12px !important;
+		}
+
+		summary {
+			margin-top: 0 !important;
+
+			h3 {
+				margin: 0;
+				display: inline;
+				cursor: pointer;
+				color: var(--color-text-lighter);
+				font-size: 16px;
+
+			}
+		}
+
+		&:hover, &[open] {
+			h3 {
+				color: var(--color-text-light);
+			}
+		}
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/SettingsTabs/ExpertTab.vue b/apps/user_ldap/src/components/SettingsTabs/ExpertTab.vue
new file mode 100644
index 00000000000..28695db1daf
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/ExpertTab.vue
@@ -0,0 +1,64 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__expert">
+		<div class="ldap-wizard__expert__line">
+			<strong>{{ t('user_ldap', 'Internal Username') }}</strong>
+			<p id="ldap_expert_username_attr">
+				{{ t('user_ldap', 'By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all DAV services. With this setting, the default behavior can be overridden. Changes will have effect only on newly mapped (added) LDAP users. Leave it empty for default behavior.') }}
+			</p>
+			<NcTextField aria-describedby="ldap_expert_username_attr"
+				autocomplete="off"
+				:label="t('user_ldap', 'Internal Username Attribute:')"
+				:value="ldapConfigProxy.ldapExpertUsernameAttr"
+				:label-outside="true"
+				@change.native="(event) => ldapConfigProxy.ldapExpertUsernameAttr = event.target.value" />
+		</div>
+
+		<div class="ldap-wizard__expert__line">
+			<strong>{{ t('user_ldap', 'Override UUID detection') }}</strong>
+			<p id="ldap_expert_uuid_user_attr">
+				{{ t('user_ldap', 'By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.') }}
+			</p>
+			<NcTextField aria-describedby="ldap_expert_uuid_user_attr"
+				autocomplete="off"
+				:label="t('user_ldap', 'UUID Attribute for Users')"
+				:value="ldapConfigProxy.ldapExpertUUIDUserAttr"
+				@change.native="(event) => ldapConfigProxy.ldapExpertUUIDUserAttr = event.target.value" />
+			<NcTextField autocomplete="off"
+				:label="t('user_ldap', 'UUID Attribute for Groups')"
+				:value="ldapConfigProxy.ldapExpertUUIDGroupAttr"
+				@change.native="(event) => ldapConfigProxy.ldapExpertUUIDGroupAttr = event.target.value" />
+		</div>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { computed } from 'vue'
+
+import { t } from '@nextcloud/l10n'
+import { NcTextField } from '@nextcloud/vue'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId))
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__expert {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	&__line {
+		display: flex;
+		flex-direction: column;
+		padding-inline-start: 32px;
+		gap: 4px;
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/SettingsTabs/GroupsTab.vue b/apps/user_ldap/src/components/SettingsTabs/GroupsTab.vue
new file mode 100644
index 00000000000..fc35e28aafc
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/GroupsTab.vue
@@ -0,0 +1,158 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__groups">
+		<legend>
+			{{ t('user_ldap', 'Groups meeting these criteria are available in {instanceName}:', {instanceName}) }}
+		</legend>
+
+		<div class="ldap-wizard__groups__line ldap-wizard__groups__filter-selection">
+			<NcSelect v-model="ldapGroupFilterObjectclass"
+				class="ldap-wizard__groups__group-filter-groups__select"
+				:options="groupObjectClasses"
+				:disabled="ldapConfigProxy.ldapGroupFilterMode === '1'"
+				:input-label="t('user_ldap', 'Only these object classes:')"
+				:multiple="true" />
+
+			<NcSelect v-model="ldapGroupFilterGroups"
+				class="ldap-wizard__groups__group-filter-groups__select"
+				:options="groupGroups"
+				:disabled="ldapConfigProxy.ldapGroupFilterMode === '1'"
+				:input-label="t('user_ldap', 'Only from these groups:')"
+				:multiple="true" />
+		</div>
+
+		<div class="ldap-wizard__groups__line ldap-wizard__groups__groups-filter">
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.ldapGroupFilterMode === '1'"
+				@update:checked="toggleFilterMode">
+				{{ t('user_ldap', 'Edit LDAP Query') }}
+			</NcCheckboxRadioSwitch>
+
+			<div v-if="ldapConfigProxy.ldapGroupFilterMode === '1'">
+				<NcTextArea :value.sync="ldapConfigProxy.ldapGroupFilter"
+					:placeholder="t('user_ldap', 'Edit LDAP Query')"
+					:helper-text="t('user_ldap', 'The filter specifies which LDAP groups shall have access to the {instanceName} instance.', {instanceName})" />
+			</div>
+			<div v-else>
+				<span>{{ t('user_ldap', 'LDAP Filter:') }}</span>
+				<code>{{ ldapConfigProxy.ldapGroupFilter }}</code>
+			</div>
+		</div>
+
+		<div class="ldap-wizard__groups__line ldap-wizard__groups__groups-count-check">
+			<NcButton :disabled="loadingGroupCount" @click="countGroups">
+				{{ t('user_ldap', 'Verify settings and count the groups') }}
+			</NcButton>
+
+			<NcLoadingIcon v-if="loadingGroupCount" :size="20" />
+			<span v-if="groupsCountLabel !== undefined && !loadingGroupCount">{{ groupsCountLabel }}</span>
+		</div>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { ref, computed } from 'vue'
+import { storeToRefs } from 'pinia'
+
+import { t } from '@nextcloud/l10n'
+import { NcButton, NcTextArea, NcCheckboxRadioSwitch, NcSelect, NcLoadingIcon } from '@nextcloud/vue'
+import { getCapabilities } from '@nextcloud/capabilities'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+import { callWizard, showEnableAutomaticFilterInfo } from '../../services/ldapConfigService'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { ldapConfigs } = storeToRefs(ldapConfigsStore)
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId, {
+	ldapGroupFilterObjectclass: getGroupFilter,
+	ldapGroupFilterGroups: getGroupFilter,
+}))
+
+const instanceName = (getCapabilities() as { theming: { name:string } }).theming.name
+
+const groupsCountLabel = ref<number|undefined>(undefined)
+
+const groupObjectClasses = ref([] as string[])
+const groupGroups = ref([] as string[])
+const loadingGroupCount = ref(false)
+
+const ldapGroupFilterObjectclass = computed({
+	get() { return ldapConfigProxy.value.ldapGroupFilterObjectclass.split(';').filter((item) => item !== '') },
+	set(value) { ldapConfigProxy.value.ldapGroupFilterObjectclass = value.join(';') },
+})
+const ldapGroupFilterGroups = computed({
+	get() { return ldapConfigProxy.value.ldapGroupFilterGroups.split(';').filter((item) => item !== '') },
+	set(value) { ldapConfigProxy.value.ldapGroupFilterGroups = value.join(';') },
+})
+
+async function init() {
+	const response1 = await callWizard('determineGroupObjectClasses', props.configId)
+	groupObjectClasses.value = response1.options!.ldap_groupfilter_objectclass
+
+	const response2 = await callWizard('determineGroupsForGroups', props.configId)
+	groupGroups.value = response2.options!.ldap_groupfilter_groups
+}
+
+init()
+
+async function getGroupFilter() {
+	const response = await callWizard('getGroupFilter', props.configId)
+	// Not using ldapConfig to avoid triggering the save logic.
+	ldapConfigs.value[props.configId].ldapGroupFilter = response.changes!.ldap_group_filter as string
+}
+
+async function countGroups() {
+	try {
+		loadingGroupCount.value = true
+		const response = await callWizard('countGroups', props.configId)
+		groupsCountLabel.value = response.changes!.ldap_group_count as number
+	} finally {
+		loadingGroupCount.value = false
+	}
+}
+
+async function toggleFilterMode(value: boolean) {
+	if (value) {
+		ldapConfigProxy.value.ldapGroupFilterMode = '1'
+	} else {
+		ldapConfigProxy.value.ldapGroupFilterMode = await showEnableAutomaticFilterInfo() ? '0' : '1'
+	}
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__groups {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	&__line {
+		display: flex;
+		align-items: start;
+	}
+
+	&__filter-selection {
+		flex-direction: column;
+	}
+
+	&__groups-filter {
+		display: flex;
+		flex-direction: column;
+
+		code {
+			background-color: var(--color-background-dark);
+			padding: 4px;
+			border-radius: 4px;
+		}
+	}
+
+	&__groups-count-check {
+		display: flex;
+		align-items: center;
+		gap: 16px;
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/SettingsTabs/LoginTab.vue b/apps/user_ldap/src/components/SettingsTabs/LoginTab.vue
new file mode 100644
index 00000000000..ab177182899
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/LoginTab.vue
@@ -0,0 +1,171 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__login">
+		<legend>
+			{{ t('user_ldap', 'When logging in, {instanceName} will find the user based on the following attributes:', { instanceName }) }}
+		</legend>
+
+		<div class="ldap-wizard__login__line ldap-wizard__login__login-attributes">
+			<NcSelect v-model="ldapLoginFilterAttributes"
+				:close-on-select="false"
+				:disabled="ldapLoginFilterMode"
+				:options="filteredLoginFilterOptions"
+				:input-label="t('user_ldap', 'Other Attributes:')"
+				:multiple="true" />
+		</div>
+
+		<div class="ldap-wizard__login__line ldap-wizard__login__user-login-filter">
+			<NcCheckboxRadioSwitch :model-value="ldapLoginFilterMode"
+				@update:checked="toggleFilterMode">
+				{{ t('user_ldap', 'Edit LDAP Query') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcTextArea v-if="ldapLoginFilterMode"
+				:value="ldapConfigProxy.ldapLoginFilter"
+				:placeholder="t('user_ldap', 'Edit LDAP Query')"
+				:helper-text="t('user_ldap', 'Defines the filter to apply, when login is attempted. `%%uid` replaces the username in the login action. Example: `uid=%%uid`')"
+				@change.native="(event) => ldapConfigProxy.ldapLoginFilter = event.target.value" />
+			<div v-else>
+				<span>{{ t('user_ldap', 'LDAP Filter:') }}</span>
+				<code>{{ ldapConfigProxy.ldapLoginFilter }}</code>
+			</div>
+		</div>
+
+		<div class="ldap-wizard__login__line">
+			<NcTextField v-model="testUsername"
+				:helper-text="t('user_ldap', 'Attempts to receive a DN for the given login name and the current login filter')"
+				:placeholder="t('user_ldap', 'Test Login name')"
+				autocomplete="off" />
+
+			<NcButton :disabled="testUsername.length === 0"
+				@click="verifyLoginName">
+				{{ t('user_ldap', 'Verify settings') }}
+			</NcButton>
+		</div>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { computed, ref } from 'vue'
+import { storeToRefs } from 'pinia'
+
+import { t } from '@nextcloud/l10n'
+import { NcButton, NcTextField, NcTextArea, NcCheckboxRadioSwitch, NcSelect } from '@nextcloud/vue'
+import { getCapabilities } from '@nextcloud/capabilities'
+import { showError, showSuccess, showWarning } from '@nextcloud/dialogs'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+import { callWizard, showEnableAutomaticFilterInfo } from '../../services/ldapConfigService'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { ldapConfigs } = storeToRefs(ldapConfigsStore)
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId, {
+	ldapLoginFilterAttributes: getUserLoginFilter,
+	ldapLoginFilterUsername: getUserLoginFilter,
+	ldapLoginFilterEmail: getUserLoginFilter,
+}))
+
+const instanceName = (getCapabilities() as { theming: { name:string } }).theming.name
+const testUsername = ref('')
+const loginFilterOptions = ref<string[]>([])
+
+const ldapLoginFilterAttributes = computed({
+	get() { return ldapConfigProxy.value.ldapLoginFilterAttributes.split(';').filter((item) => item !== '') },
+	set(value) { ldapConfigProxy.value.ldapLoginFilterAttributes = value.join(';') },
+})
+
+const ldapLoginFilterMode = computed(() => ldapConfigProxy.value.ldapLoginFilterMode === '1')
+const filteredLoginFilterOptions = computed(() => loginFilterOptions.value.filter((option) => !ldapLoginFilterAttributes.value.includes(option)))
+
+async function init() {
+	const response = await callWizard('determineAttributes', props.configId)
+	loginFilterOptions.value = response.options!.ldap_loginfilter_attributes
+}
+
+init()
+
+async function getUserLoginFilter() {
+	if (ldapConfigProxy.value.ldapLoginFilterMode === '0') {
+		const response = await callWizard('getUserLoginFilter', props.configId)
+		// Not using ldapConfig to avoid triggering the save logic.
+		ldapConfigs.value[props.configId].ldapLoginFilter = response.changes!.ldap_login_filter as string
+	}
+}
+
+async function verifyLoginName() {
+	try {
+		const response = await callWizard('testLoginName', props.configId, { ldap_test_loginname: testUsername.value })
+
+		const testLoginName = response.changes!.ldap_test_loginname as number
+		const testEffectiveFilter = response.changes!.ldap_test_effective_filter as string
+
+		if (testLoginName < 1) {
+			showError(t('user_ldap', 'User not found. Please check your login attributes and username. Effective filter (to copy-and-paste for command-line validation): {filter}', { filter: testEffectiveFilter }))
+		} else if (testLoginName === 1) {
+			showSuccess(t('user_ldap', 'User found and settings verified.'))
+		} else if (testLoginName > 1) {
+			showWarning(t('user_ldap', 'Consider narrowing your search, as it encompassed many users, only the first one of whom will be able to log in.'))
+		}
+	} catch (error) {
+		const message = error ?? t('user_ldap', 'An unspecified error occurred. Please check log and settings.')
+
+		switch (message) {
+		case 'Bad search filter':
+			showError(t('user_ldap', 'The search filter is invalid, probably due to syntax issues like uneven number of opened and closed brackets. Please revise.'))
+			break
+		case 'connection error':
+			showError(t('user_ldap', 'A connection error to LDAP/AD occurred. Please check host, port and credentials.'))
+			break
+		case 'missing placeholder':
+			showError(t('user_ldap', 'The "%uid" placeholder is missing. It will be replaced with the login name when querying LDAP/AD.'))
+			break
+		}
+	}
+}
+
+async function toggleFilterMode(value: boolean) {
+	if (value) {
+		ldapConfigProxy.value.ldapLoginFilterMode = '1'
+	} else {
+		ldapConfigProxy.value.ldapLoginFilterMode = await showEnableAutomaticFilterInfo() ? '0' : '1'
+	}
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__login {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	button {
+		flex-shrink: 0;
+	}
+
+	&__line {
+		display: flex;
+		align-items: start;
+		gap: 8px;
+	}
+
+	&__login-attributes {
+		display: flex;
+		flex-direction: column;
+	}
+
+	&__user-login-filter {
+		display: flex;
+		flex-direction: column;
+
+		code {
+			background-color: var(--color-background-dark);
+			padding: 4px;
+			border-radius: 4px;
+		}
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/SettingsTabs/ServerTab.vue b/apps/user_ldap/src/components/SettingsTabs/ServerTab.vue
new file mode 100644
index 00000000000..a382ee40d8f
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/ServerTab.vue
@@ -0,0 +1,192 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__server">
+		<div class="ldap-wizard__server__line">
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.ldapConfigurationActive === '1'"
+				type="switch"
+				:aria-label="t('user_ldap', 'When unchecked, this configuration will be skipped.')"
+				@update:checked="ldapConfigProxy.ldapConfigurationActive = $event ? '1' : '0'">
+				{{ t('user_ldap', 'Configuration Active') }}
+			</NcCheckboxRadioSwitch>
+
+			<NcButton :title="t('user_ldap', 'Copy current configuration into new directory binding')"
+				@click="ldapConfigsStore.copyConfig(configId)">
+				<template #icon>
+					<ContentCopy :size="20" />
+				</template>
+				{{ t('user_ldap', 'Copy configuration') }}
+			</NcButton>
+			<NcButton variant="error"
+				@click="ldapConfigsStore.removeConfig(configId)">
+				<template #icon>
+					<Delete :size="20" />
+				</template>
+				{{ t('user_ldap', 'Delete configuration') }}
+			</NcButton>
+		</div>
+
+		<div class="ldap-wizard__server__line">
+			<NcTextField :value="ldapConfigProxy.ldapHost"
+				:helper-text="t('user_ldap', 'You can omit the protocol, unless you require SSL. If so, start with ldaps://')"
+				:placeholder="t('user_ldap', 'Host')"
+				autocomplete="off"
+				@change.native="(event) => ldapConfigProxy.ldapHost = event.target.value" />
+			<div class="ldap-wizard__server__host__port">
+				<NcTextField :value="ldapConfigProxy.ldapPort"
+					:placeholder="t('user_ldap', 'Port')"
+					type="number"
+					autocomplete="off"
+					@change.native="(event) => ldapConfigProxy.ldapPort = event.target.value" />
+				<NcButton :disabled="loadingGuessPortAndTLS" @click="guessPortAndTLS">
+					{{ t('user_ldap', 'Detect Port') }}
+				</NcButton>
+			</div>
+		</div>
+
+		<div class="ldap-wizard__server__line">
+			<NcTextField v-model="localLdapAgentName"
+				:helper-text="t('user_ldap', 'The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.')"
+				:placeholder="t('user_ldap', 'User DN')"
+				autocomplete="off" />
+		</div>
+
+		<div class="ldap-wizard__server__line">
+			<NcTextField v-model="localLdapAgentPassword"
+				type="password"
+				:helper-text="t('user_ldap', 'For anonymous access, leave DN and Password empty.')"
+				:placeholder="t('user_ldap', 'Password')"
+				autocomplete="off" />
+
+			<NcButton :disabled="!needsToSaveCredentials" @click="updateCredentials">
+				{{ t('user_ldap', 'Save Credentials') }}
+			</NcButton>
+		</div>
+
+		<div class="ldap-wizard__server__line">
+			<NcTextArea :label="t('user_ldap', 'Base DN')"
+				:value="ldapConfigProxy.ldapBase"
+				:placeholder="t('user_ldap', 'One Base DN per line')"
+				:helper-text="t('user_ldap', 'You can specify Base DN for users and groups in the Advanced tab')"
+				@change.native="(event) => ldapConfigProxy.ldapBase = event.target.value" />
+
+			<NcButton :disabled="loadingGuessBaseDN" @click="guessBaseDN">
+				{{ t('user_ldap', 'Detect Base DN') }}
+			</NcButton>
+			<NcButton :disabled="loadingCountInBaseDN" @click="countInBaseDN">
+				{{ t('user_ldap', 'Test Base DN') }}
+			</NcButton>
+		</div>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { computed, ref } from 'vue'
+
+import ContentCopy from 'vue-material-design-icons/ContentCopy.vue'
+import Delete from 'vue-material-design-icons/Delete.vue'
+
+import { n, t } from '@nextcloud/l10n'
+import { NcButton, NcTextField, NcTextArea, NcCheckboxRadioSwitch } from '@nextcloud/vue'
+import { showInfo } from '@nextcloud/dialogs'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+import { callWizard } from '../../services/ldapConfigService'
+import { storeToRefs } from 'pinia'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { ldapConfigs } = storeToRefs(ldapConfigsStore)
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId))
+
+const loadingGuessPortAndTLS = ref(false)
+const loadingCountInBaseDN = ref(false)
+const loadingGuessBaseDN = ref(false)
+
+const localLdapAgentName = ref(ldapConfigProxy.value.ldapAgentName)
+const localLdapAgentPassword = ref(ldapConfigProxy.value.ldapAgentPassword)
+const needsToSaveCredentials = computed(() => {
+	return ldapConfigProxy.value.ldapAgentName !== localLdapAgentName.value || ldapConfigProxy.value.ldapAgentPassword !== localLdapAgentPassword.value
+})
+
+function updateCredentials() {
+	ldapConfigProxy.value.ldapAgentName = localLdapAgentName.value
+	ldapConfigProxy.value.ldapAgentPassword = localLdapAgentPassword.value
+}
+
+async function guessPortAndTLS() {
+	try {
+		loadingGuessPortAndTLS.value = true
+		const { changes } = await callWizard('guessPortAndTLS', props.configId)
+		// Not using ldapConfigProxy to avoid triggering the save logic.
+		ldapConfigs.value[props.configId].ldapPort = (changes!.ldap_port as string) ?? ''
+	} finally {
+		loadingGuessPortAndTLS.value = false
+	}
+}
+
+async function guessBaseDN() {
+	try {
+		loadingGuessBaseDN.value = true
+		const { changes } = await callWizard('guessBaseDN', props.configId)
+		// Not using ldapConfigProxy to avoid triggering the save logic.
+		ldapConfigs.value[props.configId].ldapBase = (changes!.ldap_base as string) ?? ''
+	} finally {
+		loadingGuessBaseDN.value = false
+	}
+}
+
+async function countInBaseDN() {
+	try {
+		loadingCountInBaseDN.value = true
+		const { changes } = await callWizard('countInBaseDN', props.configId)
+		const ldapTestBase = changes!.ldap_test_base as number
+
+		if (ldapTestBase < 1) {
+			showInfo(t('user_ldap', 'No object found in the given Base DN. Please revise.'))
+		} else if (ldapTestBase > 1000) {
+			showInfo(t('user_ldap', 'More than 1,000 directory entries available.'))
+		} else {
+			showInfo(
+				n(
+					'user_ldap',
+					'{ldapTestBase} entry available within the provided Base DN',
+					'{ldapTestBase} entries available within the provided Base DN',
+					ldapTestBase,
+					{ ldapTestBase },
+				),
+			)
+		}
+	} finally {
+		loadingCountInBaseDN.value = false
+	}
+
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__server {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	button {
+		flex-shrink: 0;
+	}
+
+	&__line {
+		display: flex;
+		align-items: start;
+		gap: 16px;
+	}
+
+	&__host__port {
+		display: flex;
+		align-items: center;
+		flex-shrink: 0;
+		gap: 16px;
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/SettingsTabs/UsersTab.vue b/apps/user_ldap/src/components/SettingsTabs/UsersTab.vue
new file mode 100644
index 00000000000..c2c2b9c61f7
--- /dev/null
+++ b/apps/user_ldap/src/components/SettingsTabs/UsersTab.vue
@@ -0,0 +1,180 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<fieldset class="ldap-wizard__users">
+		{{ t('user_ldap', 'Listing and searching for users is constrained by these criteria:') }}
+
+		<div class="ldap-wizard__users__line ldap-wizard__users__user-filter-object-class">
+			<NcSelect v-model="ldapUserFilterObjectclass"
+				:disabled="ldapConfigProxy.ldapUserFilterMode === '1'"
+				class="ldap-wizard__users__user-filter-object-class__select"
+				:options="userObjectClasses"
+				:input-label="t('user_ldap', 'Only these object classes:')"
+				:multiple="true" />
+			{{ t('user_ldap', 'The most common object classes for users are organizationalPerson, person, user, and inetOrgPerson. If you are not sure which object class to select, please consult your directory admin.') }}
+		</div>
+
+		<div class="ldap-wizard__users__line ldap-wizard__users__user-filter-groups">
+			<NcSelect v-model="ldapUserFilterGroups"
+				class="ldap-wizard__users__user-filter-groups__select"
+				:disabled="ldapConfigProxy.ldapUserFilterMode === '1'"
+				:options="userGroups"
+				:input-label="t('user_ldap', 'Only from these groups:')"
+				:multiple="true" />
+		</div>
+
+		<div class="ldap-wizard__users__line ldap-wizard__users__user-filter">
+			<NcCheckboxRadioSwitch :checked="ldapConfigProxy.ldapUserFilterMode === '1'"
+				@update:checked="toggleFilterMode">
+				{{ t('user_ldap', 'Edit LDAP Query') }}
+			</NcCheckboxRadioSwitch>
+
+			<div v-if="ldapConfigProxy.ldapUserFilterMode === '1'">
+				<NcTextArea :value.sync="ldapConfigProxy.ldapUserFilter"
+					:placeholder="t('user_ldap', 'Edit LDAP Query')"
+					:helper-text="t('user_ldap', 'The filter specifies which LDAP users shall have access to the {instanceName} instance.', { instanceName })" />
+			</div>
+			<div v-else>
+				<label>{{ t('user_ldap', 'LDAP Filter:') }}</label>
+				<code>{{ ldapConfigProxy.ldapUserFilter }}</code>
+			</div>
+		</div>
+
+		<div class="ldap-wizard__users__line ldap-wizard__users__user-count-check">
+			<NcButton :disabled="loadingUserCount" @click="countUsers">
+				{{ t('user_ldap', 'Verify settings and count users') }}
+			</NcButton>
+
+			<NcLoadingIcon v-if="loadingUserCount" :size="16" />
+			<span v-if="usersCount !== undefined && !loadingUserCount">{{ t('user_ldap', 'User count: {usersCount}', { usersCount }, { escape: false }) }}</span>
+		</div>
+	</fieldset>
+</template>
+
+<script lang="ts" setup>
+import { ref, computed } from 'vue'
+import { storeToRefs } from 'pinia'
+
+import { t } from '@nextcloud/l10n'
+import { NcButton, NcTextArea, NcCheckboxRadioSwitch, NcSelect, NcLoadingIcon } from '@nextcloud/vue'
+import { getCapabilities } from '@nextcloud/capabilities'
+
+import { useLDAPConfigsStore } from '../../store/configs'
+import { callWizard, showEnableAutomaticFilterInfo } from '../../services/ldapConfigService'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { ldapConfigs } = storeToRefs(ldapConfigsStore)
+const ldapConfigProxy = computed(() => ldapConfigsStore.getConfigProxy(props.configId, {
+	ldapUserFilterObjectclass: reloadFilters,
+	ldapUserFilterGroups: reloadFilters,
+}))
+
+const usersCount = ref<number|undefined>(undefined)
+const loadingUserCount = ref(false)
+
+const instanceName = (getCapabilities() as { theming: { name:string } }).theming.name
+
+const userObjectClasses = ref([] as string[])
+const userGroups = ref([] as string[])
+
+const ldapUserFilterObjectclass = computed({
+	get() { return ldapConfigProxy.value.ldapUserFilterObjectclass?.split(';').filter((item) => item !== '') ?? [] },
+	set(value) { ldapConfigProxy.value.ldapUserFilterObjectclass = value.join(';') },
+})
+const ldapUserFilterGroups = computed({
+	get() { return ldapConfigProxy.value.ldapUserFilterGroups.split(';').filter((item) => item !== '') },
+	set(value) { ldapConfigProxy.value.ldapUserFilterGroups = value.join(';') },
+})
+
+async function init() {
+	const response1 = await callWizard('determineUserObjectClasses', props.configId)
+	userObjectClasses.value = response1.options!.ldap_userfilter_objectclass
+	// Not using ldapConfig to avoid triggering the save logic.
+	ldapConfigs.value[props.configId].ldapUserFilterObjectclass = response1.changes!.ldap_userfilter_objectclass?.join(';') ?? ''
+
+	const response2 = await callWizard('determineGroupsForUsers', props.configId)
+	userGroups.value = response2.options!.ldap_userfilter_groups
+	// Not using ldapConfig to avoid triggering the save logic.
+	ldapConfigs.value[props.configId].ldapUserFilterGroups = response2.changes!.ldap_userfilter_groups?.join(';') ?? ''
+}
+
+init()
+
+async function reloadFilters() {
+	if (ldapConfigProxy.value.ldapUserFilterMode === '0') {
+		const response1 = await callWizard('getUserListFilter', props.configId)
+		// Not using ldapConfig to avoid triggering the save logic.
+		ldapConfigs.value[props.configId].ldapUserFilter = response1.changes!.ldap_userlist_filter as string
+
+		const response2 = await callWizard('getUserLoginFilter', props.configId)
+		// Not using ldapConfig to avoid triggering the save logic.
+		ldapConfigs.value[props.configId].ldapLoginFilter = response2.changes!.ldap_userlogin_filter as string
+	}
+}
+
+async function countUsers() {
+	try {
+		loadingUserCount.value = true
+		const response = await callWizard('countUsers', props.configId)
+		usersCount.value = response.changes!.ldap_user_count as number
+	} finally {
+		loadingUserCount.value = false
+	}
+}
+
+async function toggleFilterMode(value: boolean) {
+	if (value) {
+		ldapConfigProxy.value.ldapUserFilterMode = '1'
+	} else {
+		ldapConfigProxy.value.ldapUserFilterMode = await showEnableAutomaticFilterInfo() ? '0' : '1'
+	}
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__users {
+	display: flex;
+	flex-direction: column;
+	gap: 16px;
+
+	&__line {
+		display: flex;
+		align-items: start;
+	}
+
+	&__user-filter-object-class {
+		display: flex;
+		gap: 16px;
+
+		&__select {
+			min-width: 50%;
+			flex-grow: 1;
+		}
+	}
+
+	&__user-filter-groups {
+		display: flex;
+		gap: 16px;
+	}
+
+	&__user-filter {
+		display: flex;
+		flex-direction: column;
+
+		code {
+			background-color: var(--color-background-dark);
+			padding: 4px;
+			border-radius: 4px;
+		}
+	}
+
+	&__user-count-check {
+		display: flex;
+		align-items: center;
+		gap: 16px;
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/components/WizardControls.vue b/apps/user_ldap/src/components/WizardControls.vue
new file mode 100644
index 00000000000..a1100c55c81
--- /dev/null
+++ b/apps/user_ldap/src/components/WizardControls.vue
@@ -0,0 +1,94 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<div class="ldap-wizard__controls">
+		<NcButton type="primary" :disabled="loading" @click="testSelectedConfig">
+			{{ t('user_ldap', 'Test Configuration') }}
+		</NcButton>
+
+		<NcButton variant="tertiary"
+			href="https://docs.nextcloud.com/server/stable/go.php?to=admin-ldap"
+			target="_blank"
+			rel="noreferrer noopener">
+			<template #icon>
+				<Information :size="20" />
+			</template>
+			<span>{{ t('user_ldap', 'Help') }}</span>
+		</NcButton>
+
+		<template v-if="result !== null && !loading">
+			<span class="ldap-wizard__controls__state_indicator"
+				:class="{'ldap-wizard__controls__state_indicator--valid': isValide}" />
+
+			<span class="ldap-wizard__controls__state_message">
+				{{ result.message }}
+			</span>
+		</template>
+
+		<NcLoadingIcon v-if="loading" :size="16" />
+	</div>
+</template>
+
+<script lang="ts" setup>
+import { computed, ref, watch } from 'vue'
+import { storeToRefs } from 'pinia'
+
+import Information from 'vue-material-design-icons/ContentCopy.vue'
+
+import { t } from '@nextcloud/l10n'
+import { NcButton, NcLoadingIcon } from '@nextcloud/vue'
+
+import { testConfiguration } from '../services/ldapConfigService'
+import { useLDAPConfigsStore } from '../store/configs'
+
+const props = defineProps<{configId: string}>()
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { updatingConfig } = storeToRefs(ldapConfigsStore)
+
+const loading = ref(false)
+const result = ref<{message: string, status: 'error'|'success'}|null>(null)
+const isValide = computed(() => result.value?.status === 'success')
+
+watch(updatingConfig, () => {
+	result.value = null
+})
+
+async function testSelectedConfig() {
+	try {
+		loading.value = true
+		result.value = await testConfiguration(props.configId)
+	} finally {
+		loading.value = false
+	}
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard__controls {
+	display: flex;
+	gap: 16px;
+	align-items: center;
+	min-height: 45px; // Prevents jumping when the message length need two lines.
+
+	& > * {
+		flex-shrink: 0;
+	}
+
+	&__state_message {
+		flex-shrink: 1;
+	}
+
+	&__state_indicator {
+		width: 16px;
+		height: 16px;
+		border-radius: 100%;
+		background-color: var(--color-element-error);
+
+		&--valid {
+			background-color: var(--color-element-success);
+		}
+	}
+}
+</style>
diff --git a/apps/user_ldap/src/main.ts b/apps/user_ldap/src/main.ts
new file mode 100644
index 00000000000..4d22c5a8966
--- /dev/null
+++ b/apps/user_ldap/src/main.ts
@@ -0,0 +1,21 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import Vue from 'vue'
+import { PiniaVuePlugin } from 'pinia'
+import { getCSPNonce } from '@nextcloud/auth'
+
+import { pinia } from './store/index'
+import LDAPSettingsApp from './LDAPSettingsApp.vue'
+
+__webpack_nonce__ = getCSPNonce()
+
+// Init Pinia store
+Vue.use(PiniaVuePlugin)
+
+const LDAPSettingsAppVue = Vue.extend(LDAPSettingsApp)
+new LDAPSettingsAppVue({
+	name: 'LDAPSettingsApp',
+	pinia,
+}).$mount('#content-ldap-settings')
diff --git a/apps/user_ldap/src/models/index.ts b/apps/user_ldap/src/models/index.ts
new file mode 100644
index 00000000000..6a3defea569
--- /dev/null
+++ b/apps/user_ldap/src/models/index.ts
@@ -0,0 +1,71 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+export type LDAPConfig = {
+	ldapHost: string // Example: ldaps://my.ldap.server</ldapHost>
+	ldapPort: string // Example: 7770
+	ldapBackupHost: string
+	ldapBackupPort: string
+	ldapBase: string // Example: ou=small,dc=my,dc=ldap,dc=server
+	ldapBaseUsers: string // Example: ou=users,ou=small,dc=my,dc=ldap,dc=server
+	ldapBaseGroups: string // Example: ou=small,dc=my,dc=ldap,dc=server
+	ldapAgentName: string // Example: cn=root,dc=my,dc=ldap,dc=server
+	ldapAgentPassword: string // Example: clearTextWithShowPassword=1
+	ldapTLS: '0'|'1' // Example: 1
+	turnOffCertCheck: '0'|'1' // Example: 0
+	ldapIgnoreNamingRules: string // Example: >
+	ldapUserDisplayName: string // Example: displayname
+	ldapUserDisplayName2: string // Example: uid
+	ldapUserFilterObjectclass?: string // Example: inetOrgPerson
+	ldapUserFilterGroups: string
+	ldapUserFilter: string // Example: (&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))
+	ldapUserFilterMode: '0'|'1' // Example: 1
+	ldapGroupFilter: string // Example: (&amp;(|(objectclass=nextcloudGroup)))
+	ldapGroupFilterMode: '0'|'1' // Example: 0
+	ldapGroupFilterObjectclass: string // Example: nextcloudGroup
+	ldapGroupFilterGroups: string
+	ldapGroupDisplayName: string // Example: cn
+	ldapGroupMemberAssocAttr: string // Example: memberUid
+	ldapLoginFilter: string // Example: (&amp;(|(objectclass=inetOrgPerson))(uid=%uid))
+	ldapLoginFilterMode: '0'|'1' // Example: 0
+	ldapLoginFilterEmail: '0'|'1' // Example: 0
+	ldapLoginFilterUsername: '0'|'1' // Example: 1
+	ldapLoginFilterAttributes: string
+	ldapQuotaAttribute: string
+	ldapQuotaDefault: string
+	ldapEmailAttribute: string // Example: mail
+	ldapCacheTTL: string // Example: 20
+	ldapUuidUserAttribute: string // Example: auto
+	ldapUuidGroupAttribute: string // Example: auto
+	ldapOverrideMainServer: string
+	ldapConfigurationActive: '0'|'1' // Example: 1
+	ldapAttributesForUserSearch: string // Example: uid;sn;givenname
+	ldapAttributesForGroupSearch: string
+	ldapExperiencedAdmin: '0'|'1' // Example: 0
+	homeFolderNamingRule: string
+	hasMemberOfFilterSupport: string
+	useMemberOfToDetectMembership: '0'|'1' // Example: 1
+	ldapExpertUsernameAttr: string // Example: uid
+	ldapExpertUUIDUserAttr: string // Example: uid
+	ldapExpertUUIDGroupAttr: string
+	lastJpegPhotoLookup: '0'|'1' // Example: 0
+	ldapNestedGroups: '0'|'1' // Example: 0
+	ldapPagingSize: string // Example: 500
+	turnOnPasswordChange: '0'|'1' // Example: 1
+	ldapDynamicGroupMemberURL: string
+	markRemnantsAsDisabled: '0'|'1' // Example: 1
+	ldapDefaultPPolicyDN: string
+	ldapExtStorageHomeAttribute: string
+	ldapAttributePhone: string
+	ldapAttributeWebsite: string
+	ldapAttributeAddress: string
+	ldapAttributeTwitter: string
+	ldapAttributeFediverse: string
+	ldapAttributeOrganisation: string
+	ldapAttributeRole: string
+	ldapAttributeHeadline: string
+	ldapAttributeBiography: string
+	ldapAttributeBirthDate: string
+}
diff --git a/apps/user_ldap/src/services/ldapConfigService.ts b/apps/user_ldap/src/services/ldapConfigService.ts
new file mode 100644
index 00000000000..809b063ea5b
--- /dev/null
+++ b/apps/user_ldap/src/services/ldapConfigService.ts
@@ -0,0 +1,189 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import path from 'path'
+
+import { DialogSeverity, getDialogBuilder, showError, showSuccess } from '@nextcloud/dialogs'
+import axios, { AxiosError, type AxiosResponse } from '@nextcloud/axios'
+import { getAppRootUrl, generateOcsUrl } from '@nextcloud/router'
+import type { OCSResponse } from '@nextcloud/typings/ocs'
+import { t } from '@nextcloud/l10n'
+
+import type { LDAPConfig } from '../models'
+import logger from './logger'
+
+const AJAX_ENDPOINT = path.join(getAppRootUrl('user_ldap'), '/ajax')
+
+export type WizardAction =
+	'guessPortAndTLS' |
+	'guessBaseDN' |
+	'detectEmailAttribute' |
+	'detectUserDisplayNameAttribute' |
+	'determineGroupMemberAssoc' |
+	'determineUserObjectClasses' |
+	'determineGroupObjectClasses' |
+	'determineGroupsForUsers' |
+	'determineGroupsForGroups' |
+	'determineAttributes' |
+	'getUserListFilter' |
+	'getUserLoginFilter' |
+	'getGroupFilter' |
+	'countUsers' |
+	'countGroups' |
+	'countInBaseDN' |
+	'testLoginName' |
+	'save'
+
+export async function createConfig() {
+	const response = await axios.post(generateOcsUrl('apps/user_ldap/api/v1/config')) as AxiosResponse<OCSResponse<{configID: string}>>
+	logger.debug('Created configuration', { configId: response.data.ocs.data.configID })
+	return response.data.ocs.data.configID
+}
+
+export async function copyConfig(configId: string) {
+	const params = new FormData()
+	params.set('copyConfig', configId)
+
+	const response = await axios.post(
+		path.join(AJAX_ENDPOINT, 'getNewServerConfigPrefix.php'),
+		params,
+	) as AxiosResponse<{status: 'error'|'success', configPrefix: string}>
+
+	logger.debug('Created configuration', { configId: response.data.configPrefix })
+	return response.data.configPrefix
+}
+
+export async function getConfig(configId: string): Promise<LDAPConfig> {
+	const response = await axios.get(generateOcsUrl('apps/user_ldap/api/v1/config/{configId}', { configId })) as AxiosResponse<OCSResponse<LDAPConfig>>
+	logger.debug('Fetched configuration', { configId, config: response.data.ocs.data })
+	return response.data.ocs.data
+}
+
+export async function updateConfig(configId: string, config: LDAPConfig): Promise<LDAPConfig> {
+	const response = await axios.put(
+		generateOcsUrl('apps/user_ldap/api/v1/config/{configId}', { configId }),
+		{ configData: config },
+	) as AxiosResponse<OCSResponse<LDAPConfig>>
+
+	logger.debug('Updated configuration', { configId, config })
+
+	return response.data.ocs.data
+}
+
+export async function deleteConfig(configId: string): Promise<boolean> {
+	try {
+		const isConfirmed = await confirmOperation(
+			t('user_ldap', 'Confirm action'),
+			t('user_ldap', 'Are you sure you want to permanently delete this LDAP configuration? This cannot be undone.'),
+		)
+		if (!isConfirmed) {
+			return false
+		}
+
+		await axios.delete(generateOcsUrl('apps/user_ldap/api/v1/config/{configId}', { configId }))
+		logger.debug('Deleted configuration', { configId })
+	} catch (error) {
+		const errorResponse = (error as AxiosError<OCSResponse>).response
+		showError(errorResponse?.data.ocs.meta.message || t('user_ldap', 'Fail to delete config'))
+	}
+
+	return true
+}
+
+export async function testConfiguration(configId: string) {
+	const params = new FormData()
+	params.set('ldap_serverconfig_chooser', configId)
+
+	const response = await axios.post(
+		path.join(AJAX_ENDPOINT, 'testConfiguration.php'),
+		params,
+	) as AxiosResponse<{message: string, status: 'error'|'success'}>
+
+	logger.debug(`Configuration is ${response.data.status === 'success' ? 'valide' : 'invalide'}`, { configId, params, response })
+
+	return response.data
+}
+
+export async function clearMapping(subject: 'user' | 'group') {
+	const isConfirmed = await confirmOperation(
+		t('user_ldap', 'Confirm action'),
+		t('user_ldap', 'Are you sure you want to permanently clear the LDAP mapping? This cannot be undone.'),
+	)
+	if (!isConfirmed) {
+		return false
+	}
+
+	const params = new FormData()
+	params.set('ldap_clear_mapping', subject)
+
+	const response = await axios.post(
+		path.join(AJAX_ENDPOINT, 'clearMappings.php'),
+		params,
+	)
+
+	if (response.data.status === 'success') {
+		logger.debug('Cleared mapping', { subject, params, response })
+		showSuccess(t('user_ldap', 'Mapping cleared'))
+	} else {
+		showError(t('user_ldap', 'Failed to clear mapping'))
+	}
+}
+
+export async function callWizard(action: WizardAction, configId: string, extraParams: Record<string, string> = {}) {
+	const params = new FormData()
+	params.set('action', action)
+	params.set('ldap_serverconfig_chooser', configId)
+
+	Object.entries(extraParams).forEach(([key, value]) => {
+		params.set(key, value)
+	})
+
+	const response = await axios.post(
+		path.join(AJAX_ENDPOINT, 'wizard.php'),
+		params,
+	) as AxiosResponse<{ status: 'error', message?: string} | {status: 'success', changes?: Record<string, unknown>, options?: Record<string, []>}>
+
+	logger.debug(`Called wizard action: ${action}`, { configId, params, response })
+
+	if (response.data.status === 'error') {
+		const message = response.data.message ?? t('user_ldap', 'An error occurred')
+		showError(message)
+		throw new Error(message)
+	}
+
+	return response.data
+}
+
+export async function showEnableAutomaticFilterInfo() {
+	return await confirmOperation(
+		t('user_ldap', 'Mode switch'),
+		t('user_ldap', 'Switching the mode will enable automatic LDAP queries. Depending on your LDAP size they may take a while. Do you still want to switch the mode?'),
+	)
+}
+
+export async function confirmOperation(name: string, text: string): Promise<boolean> {
+	return new Promise((resolve) => {
+		const dialog = getDialogBuilder(name)
+			.setText(text)
+			.setSeverity(DialogSeverity.Warning)
+			.addButton({
+				label: t('user_ldap', 'Cancel'),
+				callback() {
+					dialog.hide()
+					resolve(false)
+				},
+			})
+			.addButton({
+				label: t('user_ldap', 'Confirm'),
+				variant: 'error',
+				callback() {
+					resolve(true)
+				},
+			})
+			.build()
+
+		dialog.show()
+	})
+}
diff --git a/apps/user_ldap/src/services/logger.ts b/apps/user_ldap/src/services/logger.ts
new file mode 100644
index 00000000000..cb66efa8b81
--- /dev/null
+++ b/apps/user_ldap/src/services/logger.ts
@@ -0,0 +1,11 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { getLoggerBuilder } from '@nextcloud/logger'
+
+export default getLoggerBuilder()
+	.setApp('LDAP')
+	.detectUser()
+	.build()
diff --git a/apps/user_ldap/src/store/configs.ts b/apps/user_ldap/src/store/configs.ts
new file mode 100644
index 00000000000..6729217d094
--- /dev/null
+++ b/apps/user_ldap/src/store/configs.ts
@@ -0,0 +1,75 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import { defineStore } from 'pinia'
+import Vue, { computed, ref } from 'vue'
+
+import { loadState } from '@nextcloud/initial-state'
+
+import { callWizard, copyConfig, createConfig, deleteConfig, getConfig } from '../services/ldapConfigService'
+import type { LDAPConfig } from '../models'
+
+export const useLDAPConfigsStore = defineStore('ldap-configs', () => {
+	const ldapConfigs = ref(loadState('user_ldap', 'ldapConfigs') as Record<string, LDAPConfig>)
+	const selectedConfigId = ref<string>(Object.keys(ldapConfigs.value)[0])
+	const selectedConfig = computed(() => ldapConfigs.value[selectedConfigId.value])
+	const updatingConfig = ref(0)
+
+	function getConfigProxy<J>(configId: string, postSetHooks: Partial<Record<keyof LDAPConfig, (value: J) => void >> = {}) {
+		return new Proxy(ldapConfigs.value[configId], {
+			get(target, property) {
+				return target[property]
+			},
+			set(target, property: string, newValue) {
+				target[property] = newValue
+
+				;(async () => {
+					updatingConfig.value++
+					await callWizard('save', configId, { cfgkey: property, cfgval: newValue })
+					updatingConfig.value--
+
+					if (postSetHooks[property] !== undefined) {
+						postSetHooks[property](target[property])
+					}
+				})()
+
+				return true
+			},
+		})
+	}
+
+	async function create() {
+		const configId = await createConfig()
+		Vue.set(ldapConfigs.value, configId, await getConfig(configId))
+		selectedConfigId.value = configId
+		return configId
+	}
+
+	async function _copyConfig(fromConfigId: string) {
+		const configId = await copyConfig(fromConfigId)
+		Vue.set(ldapConfigs.value, configId, { ...ldapConfigs.value[fromConfigId] })
+		selectedConfigId.value = configId
+		return configId
+	}
+
+	async function removeConfig(configId: string) {
+		const result = await deleteConfig(configId)
+		if (result === true) {
+			Vue.delete(ldapConfigs.value, configId)
+		}
+
+		selectedConfigId.value = Object.keys(ldapConfigs.value)[0] ?? await create()
+	}
+
+	return {
+		ldapConfigs,
+		selectedConfigId,
+		selectedConfig,
+		updatingConfig,
+		getConfigProxy,
+		create,
+		copyConfig: _copyConfig,
+		removeConfig,
+	}
+})
diff --git a/apps/user_ldap/src/store/index.ts b/apps/user_ldap/src/store/index.ts
new file mode 100644
index 00000000000..00676b3bc8e
--- /dev/null
+++ b/apps/user_ldap/src/store/index.ts
@@ -0,0 +1,8 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { createPinia } from 'pinia'
+
+export const pinia = createPinia()
diff --git a/apps/user_ldap/src/views/Settings.vue b/apps/user_ldap/src/views/Settings.vue
new file mode 100644
index 00000000000..88a3d014da8
--- /dev/null
+++ b/apps/user_ldap/src/views/Settings.vue
@@ -0,0 +1,186 @@
+<!--
+ - SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+ -->
+<template>
+	<form class="ldap-wizard">
+		<h2>{{ t('user_ldap', 'LDAP/AD integration') }}</h2>
+
+		<NcNoteCard v-if="!ldapModuleInstalled"
+			type="warning"
+			:text="t('user_ldap', 'The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.')" />
+
+		<template v-if="ldapModuleInstalled">
+			<div class="ldap-wizard__config-selection">
+				<NcSelect v-if="selectedConfigId !== undefined"
+					v-model="selectedConfigId"
+					:options="Object.keys(ldapConfigs)"
+					:input-label="t('user_ldap', 'Select LDAP Config')">
+					<template #option="{label: configId}">
+						{{ `${configId}: ${ldapConfigs[configId].ldapHost}` }}
+					</template>
+					<template #selected-option="{label: configId}">
+						{{ `${configId}: ${ldapConfigs[configId].ldapHost}` }}
+					</template>
+				</NcSelect>
+				<NcButton :label="t('user_ldap','Create New Config')"
+					class="ldap-wizard__config-selection__create-button"
+					@click="ldapConfigsStore.create">
+					<template #icon>
+						<Plus :size="20" />
+					</template>
+					{{ t('user_ldap', 'Create configuration') }}
+				</NcButton>
+			</div>
+
+			<div v-if="selectedConfigId !== undefined" class="ldap-wizard__tab-container">
+				<div class="ldap-wizard__tab-selection-container">
+					<div class="ldap-wizard__tab-selection">
+						<NcCheckboxRadioSwitch v-for="(tabLabel, tabId) in tabs"
+							:key="tabId"
+							:button-variant="true"
+							:checked.sync="selectedTab"
+							:value="tabId"
+							type="radio"
+							:disabled="tabId !== 'server' && !selectedConfigHasServerInfo"
+							button-variant-grouped="horizontal">
+							{{ tabLabel }}
+						</NcCheckboxRadioSwitch>
+					</div>
+				</div>
+
+				<ServerTab v-if="selectedTab === 'server'" :config-id="selectedConfigId" />
+				<UsersTab v-else-if="selectedTab === 'users'" :config-id="selectedConfigId" />
+				<LoginTab v-else-if="selectedTab === 'login'" :config-id="selectedConfigId" />
+				<GroupsTab v-else-if="selectedTab === 'groups'" :config-id="selectedConfigId" />
+				<ExpertTab v-else-if="selectedTab === 'expert'" :config-id="selectedConfigId" />
+				<AdvancedTab v-else-if="selectedTab === 'advanced'" :config-id="selectedConfigId" />
+
+				<WizardControls class="ldap-wizard__controls" :config-id="selectedConfigId" />
+			</div>
+
+			<div class="ldap-wizard__clear-mapping">
+				<strong>{{ t('user_ldap', 'Username-LDAP User Mapping') }}</strong>
+				{{ t('user_ldap', 'Usernames are used to store and assign metadata. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.') }}
+
+				<div class="ldap-wizard__clear-mapping__buttons">
+					<NcButton variant="error"
+						:disabled="clearMappingLoading"
+						@click="requestClearMapping('user')">
+						{{ t('user_ldap', 'Clear Username-LDAP User Mapping') }}
+					</NcButton>
+					<NcButton variant="error"
+						:disabled="clearMappingLoading"
+						@click="requestClearMapping('group')">
+						{{ t('user_ldap', 'Clear Groupname-LDAP Group Mapping') }}
+					</NcButton>
+				</div>
+			</div>
+		</template>
+	</form>
+</template>
+
+<script lang="ts" setup>
+
+import Plus from 'vue-material-design-icons/Plus.vue'
+import { computed, ref } from 'vue'
+import { storeToRefs } from 'pinia'
+
+import { t } from '@nextcloud/l10n'
+import { loadState } from '@nextcloud/initial-state'
+import { NcCheckboxRadioSwitch, NcSelect, NcButton, NcNoteCard } from '@nextcloud/vue'
+
+import ServerTab from '../components/SettingsTabs/ServerTab.vue'
+import UsersTab from '../components/SettingsTabs/UsersTab.vue'
+import LoginTab from '../components/SettingsTabs/LoginTab.vue'
+import GroupsTab from '../components/SettingsTabs/GroupsTab.vue'
+import ExpertTab from '../components/SettingsTabs/ExpertTab.vue'
+import AdvancedTab from '../components/SettingsTabs/AdvancedTab.vue'
+import WizardControls from '../components/WizardControls.vue'
+import { useLDAPConfigsStore } from '../store/configs'
+import { clearMapping } from '../services/ldapConfigService'
+
+const ldapModuleInstalled = loadState('user_ldap', 'ldapModuleInstalled')
+
+const tabs = {
+	server: t('user_ldap', 'Server'),
+	users: t('user_ldap', 'Users'),
+	login: t('user_ldap', 'Login Attributes'),
+	groups: t('user_ldap', 'Groups'),
+	advanced: t('user_ldap', 'Advanced'),
+	expert: t('user_ldap', 'Expert'),
+}
+
+const ldapConfigsStore = useLDAPConfigsStore()
+const { ldapConfigs, selectedConfigId, selectedConfig } = storeToRefs(ldapConfigsStore)
+
+const selectedTab = ref('server')
+const clearMappingLoading = ref(false)
+
+const selectedConfigHasServerInfo = computed(() => {
+	return selectedConfig.value.ldapHost !== ''
+		&& selectedConfig.value.ldapPort !== ''
+		&& selectedConfig.value.ldapBase !== ''
+		&& selectedConfig.value.ldapAgentName !== ''
+		&& selectedConfig.value.ldapAgentPassword !== ''
+})
+
+async function requestClearMapping(subject: 'user'|'group') {
+	try {
+		clearMappingLoading.value = true
+		await clearMapping(subject)
+	} finally {
+		clearMappingLoading.value = false
+	}
+}
+</script>
+<style lang="scss" scoped>
+.ldap-wizard {
+	padding: 16px;
+	max-width: 1000px;
+
+	&__config-selection {
+		display: flex;
+		align-items: end;
+		margin-bottom: 8px;
+		gap: 16px;
+
+		&__create-button {
+			margin-bottom: 4px;
+		}
+	}
+
+	&__tab-selection-container {
+		display: flex;
+	}
+
+	&__tab-selection {
+		display: flex;
+		margin-inline-start: -16px;
+		margin-bottom: 16px;
+
+		&:last-of-type {
+			margin-inline-end: -16px;
+		}
+	}
+
+	&__tab-container {
+		border-bottom: 1px solid var(--color-text-light);
+		padding: 0 16px 16px 16px;
+	}
+
+	&__controls {
+		margin-top: 16px;
+	}
+
+	&__clear-mapping {
+		padding: 16px;
+
+		&__buttons {
+			display: flex;
+			margin-top: 8px;
+			gap: 16px;
+		}
+	}
+}
+</style>
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 9117a9f533c..aad2053fbc2 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -49,7 +49,8 @@ script('user_ldap', [
 	'wizard/wizardDetectorClearGroupMappings',
 	'wizard/wizardFilterOnType',
 	'wizard/wizardFilterOnTypeFactory',
-	'wizard/wizard'
+	'wizard/wizard',
+	'main'
 ]);
 
 style('user_ldap', 'settings');
@@ -161,3 +162,5 @@ style('user_ldap', 'settings');
 	<!-- Spinner Template -->
 	<img class="ldapSpinner hidden" src="<?php p(image_path('core', 'loading.gif')); ?>">
 </form>
+
+<div id="content-ldap-settings"></div>
diff --git a/apps/user_ldap/tests/Settings/AdminTest.php b/apps/user_ldap/tests/Settings/AdminTest.php
index b17e96c1a68..eb6d4baa26e 100644
--- a/apps/user_ldap/tests/Settings/AdminTest.php
+++ b/apps/user_ldap/tests/Settings/AdminTest.php
@@ -10,6 +10,7 @@ namespace OCA\User_LDAP\Tests\Settings;
 use OCA\User_LDAP\Configuration;
 use OCA\User_LDAP\Settings\Admin;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Services\IInitialState;
 use OCP\IL10N;
 use OCP\Server;
 use OCP\Template\ITemplateManager;
@@ -23,16 +24,19 @@ use Test\TestCase;
 class AdminTest extends TestCase {
 	private IL10N&MockObject $l10n;
 	private ITemplateManager $templateManager;
+	private IInitialState&MockObject $initialState;
 	private Admin $admin;
 
 	protected function setUp(): void {
 		parent::setUp();
 		$this->l10n = $this->createMock(IL10N::class);
 		$this->templateManager = Server::get(ITemplateManager::class);
+		$this->initialState = $this->createMock(IInitialState::class);
 
 		$this->admin = new Admin(
 			$this->l10n,
 			$this->templateManager,
+			$this->initialState,
 		);
 	}
 
@@ -46,10 +50,6 @@ class AdminTest extends TestCase {
 		$sControls = $sControls->fetchPage();
 
 		$parameters = [];
-		$parameters['serverConfigurationPrefixes'] = $prefixes;
-		$parameters['serverConfigurationHosts'] = $hosts;
-		$parameters['settingControls'] = $sControls;
-		$parameters['wizardControls'] = $wControls;
 
 		// assign default values
 		$config = new Configuration('', false);
diff --git a/openapi.json b/openapi.json
index 1a777cb7263..6b9812a17e8 100644
--- a/openapi.json
+++ b/openapi.json
@@ -34429,10 +34429,10 @@
             }
         },
         "/ocs/v2.php/apps/user_ldap/api/v1/config/{configID}": {
-            "get": {
-                "operationId": "user_ldap-configapi-show",
-                "summary": "Get a configuration",
-                "description": "Output can look like this: <?xml version=\"1.0\"?> <ocs> <meta> <status>ok</status> <statuscode>200</statuscode> <message>OK</message> </meta> <data> <ldapHost>ldaps://my.ldap.server</ldapHost> <ldapPort>7770</ldapPort> <ldapBackupHost></ldapBackupHost> <ldapBackupPort></ldapBackupPort> <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase> <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers> <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups> <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName> <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword> <ldapTLS>1</ldapTLS> <turnOffCertCheck>0</turnOffCertCheck> <ldapIgnoreNamingRules/> <ldapUserDisplayName>displayname</ldapUserDisplayName> <ldapUserDisplayName2>uid</ldapUserDisplayName2> <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass> <ldapUserFilterGroups></ldapUserFilterGroups> <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter> <ldapUserFilterMode>1</ldapUserFilterMode> <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter> <ldapGroupFilterMode>0</ldapGroupFilterMode> <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass> <ldapGroupFilterGroups></ldapGroupFilterGroups> <ldapGroupDisplayName>cn</ldapGroupDisplayName> <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr> <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter> <ldapLoginFilterMode>0</ldapLoginFilterMode> <ldapLoginFilterEmail>0</ldapLoginFilterEmail> <ldapLoginFilterUsername>1</ldapLoginFilterUsername> <ldapLoginFilterAttributes></ldapLoginFilterAttributes> <ldapQuotaAttribute></ldapQuotaAttribute> <ldapQuotaDefault></ldapQuotaDefault> <ldapEmailAttribute>mail</ldapEmailAttribute> <ldapCacheTTL>20</ldapCacheTTL> <ldapUuidUserAttribute>auto</ldapUuidUserAttribute> <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute> <ldapOverrideMainServer></ldapOverrideMainServer> <ldapConfigurationActive>1</ldapConfigurationActive> <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch> <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch> <ldapExperiencedAdmin>0</ldapExperiencedAdmin> <homeFolderNamingRule></homeFolderNamingRule> <hasMemberOfFilterSupport></hasMemberOfFilterSupport> <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership> <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr> <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr> <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr> <lastJpegPhotoLookup>0</lastJpegPhotoLookup> <ldapNestedGroups>0</ldapNestedGroups> <ldapPagingSize>500</ldapPagingSize> <turnOnPasswordChange>1</turnOnPasswordChange> <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL> </data> </ocs>\nThis endpoint requires admin access",
+            "delete": {
+                "operationId": "user_ldap-configapi-delete",
+                "summary": "Delete a LDAP configuration",
+                "description": "This endpoint requires admin access",
                 "tags": [
                     "user_ldap/configapi"
                 ],
@@ -34454,15 +34454,6 @@
                             "type": "string"
                         }
                     },
-                    {
-                        "name": "showPassword",
-                        "in": "query",
-                        "description": "Whether to show the password",
-                        "schema": {
-                            "type": "boolean",
-                            "default": false
-                        }
-                    },
                     {
                         "name": "OCS-APIRequest",
                         "in": "header",
@@ -34476,7 +34467,7 @@
                 ],
                 "responses": {
                     "200": {
-                        "description": "Config returned",
+                        "description": "Config deleted successfully",
                         "content": {
                             "application/json": {
                                 "schema": {
@@ -34495,12 +34486,7 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {
-                                                    "type": "object",
-                                                    "additionalProperties": {
-                                                        "type": "object"
-                                                    }
-                                                }
+                                                "data": {}
                                             }
                                         }
                                     }
@@ -34673,7 +34659,12 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {}
+                                                "data": {
+                                                    "type": "object",
+                                                    "additionalProperties": {
+                                                        "type": "object"
+                                                    }
+                                                }
                                             }
                                         }
                                     }
@@ -34795,10 +34786,10 @@
                     }
                 }
             },
-            "delete": {
-                "operationId": "user_ldap-configapi-delete",
-                "summary": "Delete a LDAP configuration",
-                "description": "This endpoint requires admin access",
+            "get": {
+                "operationId": "user_ldap-configapi-show",
+                "summary": "Get a configuration",
+                "description": "Output can look like this: <?xml version=\"1.0\"?> <ocs> <meta> <status>ok</status> <statuscode>200</statuscode> <message>OK</message> </meta> <data> <ldapHost>ldaps://my.ldap.server</ldapHost> <ldapPort>7770</ldapPort> <ldapBackupHost></ldapBackupHost> <ldapBackupPort></ldapBackupPort> <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase> <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers> <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups> <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName> <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword> <ldapTLS>1</ldapTLS> <turnOffCertCheck>0</turnOffCertCheck> <ldapIgnoreNamingRules/> <ldapUserDisplayName>displayname</ldapUserDisplayName> <ldapUserDisplayName2>uid</ldapUserDisplayName2> <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass> <ldapUserFilterGroups></ldapUserFilterGroups> <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter> <ldapUserFilterMode>1</ldapUserFilterMode> <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter> <ldapGroupFilterMode>0</ldapGroupFilterMode> <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass> <ldapGroupFilterGroups></ldapGroupFilterGroups> <ldapGroupDisplayName>cn</ldapGroupDisplayName> <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr> <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter> <ldapLoginFilterMode>0</ldapLoginFilterMode> <ldapLoginFilterEmail>0</ldapLoginFilterEmail> <ldapLoginFilterUsername>1</ldapLoginFilterUsername> <ldapLoginFilterAttributes></ldapLoginFilterAttributes> <ldapQuotaAttribute></ldapQuotaAttribute> <ldapQuotaDefault></ldapQuotaDefault> <ldapEmailAttribute>mail</ldapEmailAttribute> <ldapCacheTTL>20</ldapCacheTTL> <ldapUuidUserAttribute>auto</ldapUuidUserAttribute> <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute> <ldapOverrideMainServer></ldapOverrideMainServer> <ldapConfigurationActive>1</ldapConfigurationActive> <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch> <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch> <ldapExperiencedAdmin>0</ldapExperiencedAdmin> <homeFolderNamingRule></homeFolderNamingRule> <hasMemberOfFilterSupport></hasMemberOfFilterSupport> <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership> <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr> <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr> <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr> <lastJpegPhotoLookup>0</lastJpegPhotoLookup> <ldapNestedGroups>0</ldapNestedGroups> <ldapPagingSize>500</ldapPagingSize> <turnOnPasswordChange>1</turnOnPasswordChange> <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL> </data> </ocs>\nThis endpoint requires admin access",
                 "tags": [
                     "user_ldap/configapi"
                 ],
@@ -34820,6 +34811,15 @@
                             "type": "string"
                         }
                     },
+                    {
+                        "name": "showPassword",
+                        "in": "query",
+                        "description": "Whether to show the password",
+                        "schema": {
+                            "type": "boolean",
+                            "default": false
+                        }
+                    },
                     {
                         "name": "OCS-APIRequest",
                         "in": "header",
@@ -34833,7 +34833,7 @@
                 ],
                 "responses": {
                     "200": {
-                        "description": "Config deleted successfully",
+                        "description": "Config returned",
                         "content": {
                             "application/json": {
                                 "schema": {
@@ -34852,7 +34852,12 @@
                                                 "meta": {
                                                     "$ref": "#/components/schemas/OCSMeta"
                                                 },
-                                                "data": {}
+                                                "data": {
+                                                    "type": "object",
+                                                    "additionalProperties": {
+                                                        "type": "object"
+                                                    }
+                                                }
                                             }
                                         }
                                     }
diff --git a/webpack.modules.js b/webpack.modules.js
index a15c0e1c54f..f79873f3c9d 100644
--- a/webpack.modules.js
+++ b/webpack.modules.js
@@ -117,6 +117,9 @@ module.exports = {
 		updatenotification: path.join(__dirname, 'apps/updatenotification/src', 'updatenotification.js'),
 		'update-notification-legacy': path.join(__dirname, 'apps/updatenotification/src', 'update-notification-legacy.ts'),
 	},
+	user_ldap: {
+		main: path.join(__dirname, 'apps/user_ldap/src', 'main.js'),
+	},
 	user_status: {
 		menu: path.join(__dirname, 'apps/user_status/src', 'menu.js'),
 	},