apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8647 added account_type to the linkDomainToLdap API

Browse Source
This commit is contained in:
Rajani Karuturi 2015-08-11 12:07:44 +05:30 committed by Rajani Karuturi
parent 7109689fde
commit 0dc9ccd189
10 changed files with 79 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
View File

@ -52,14 +52,17 @@ public class LinkDomainToLdapCmd extends BaseCmd {
@Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")
private String admin;
@Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account to auto import. Specify 0 for user, 1 for root " +
"admin, and 2 for domain admin")
private short accountType;
@Inject
private LdapManager _ldapManager;
@Override
public void execute() throws ServerApiException {
// TODO Auto-generated method stub
try {
LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name);
LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
response.setObjectName("LinkDomainToLdap");
response.setResponseName(getCommandName());
setResponseObject(response);

30
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java
View File

@ -22,14 +22,12 @@ import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.log4j.Logger;
public class LinkDomainToLdapResponse extends BaseResponse {
public static final Logger s_logger = Logger.getLogger(LinkDomainToLdapResponse.class.getName());
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "id of the Domain which is linked to LDAP")
private String domainId;
private long domainId;
@SerializedName(ApiConstants.NAME)
@Param(description = "name of the group or OU in LDAP which is linked to the domain")
@ -39,4 +37,30 @@ public class LinkDomainToLdapResponse extends BaseResponse {
@Param(description = "type of the name in LDAP which is linke to the domain")
private String type;
@SerializedName(ApiConstants.ACCOUNT_TYPE)
@Param(description = "Type of the account to auto import")
private short accountType;
public LinkDomainToLdapResponse(long domainId, String type, String name, short accountType) {
this.domainId = domainId;
this.name = name;
this.type = type;
this.accountType = accountType;
}
public long getDomainId() {
return domainId;
}
public String getName() {
return name;
}
public String getType() {
return type;
}
public short getAccountType() {
return accountType;
}
}

8
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
View File

@ -32,7 +32,7 @@ import org.apache.log4j.Logger;
public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements LdapUserManager {
public static final Logger s_logger = Logger.getLogger(ADLdapUserManagerImpl.class.getName());
private static final String MICROSOFT_AD_NESTED_MEMBERS_FILTER = "memberOf:1.2.840.113556.1.4.1941";
private static final String MICROSOFT_AD_NESTED_MEMBERS_FILTER = "memberOf:1.2.840.113556.1.4.1941:";
@Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
@ -66,7 +66,7 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements Ld
final StringBuilder memberOfFilter = new StringBuilder();
String groupCnName = _ldapConfiguration.getCommonNameAttribute() + "=" +groupName + "," + _ldapConfiguration.getBaseDn();
memberOfFilter.append("(" + MICROSOFT_AD_NESTED_MEMBERS_FILTER + ":=");
memberOfFilter.append("(" + MICROSOFT_AD_NESTED_MEMBERS_FILTER + "=");
memberOfFilter.append(groupCnName);
memberOfFilter.append(")");
@ -92,4 +92,8 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements Ld
}
return isDisabledUser;
}
protected String getMemberOfAttribute() {
return MICROSOFT_AD_NESTED_MEMBERS_FILTER;
}
}

24
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
View File

@ -17,7 +17,6 @@
package org.apache.cloudstack.ldap;
import com.cloud.server.auth.DefaultUserAuthenticator;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.User;
import com.cloud.user.UserAccount;
@ -62,18 +61,16 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
ActionOnFailedAuthentication action = null;
if (_ldapManager.isLdapEnabled()) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
if(ldapTrustMapVO != null) {
try {
LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType(), ldapTrustMapVO.getName());
if(!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
if(result) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
// import user to cloudstack
createCloudStackUserAccount(ldapUser, domainId);
}
if(result && (user == null)) {
// import user to cloudstack
createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
}
} else {
//disable user in cloudstack
@ -85,7 +82,6 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
} else {
//domain is not linked to ldap follow normal authentication
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if(user != null ) {
try {
LdapUser ldapUser = _ldapManager.getUser(username);
@ -99,18 +95,18 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
}
}
}
if (!result && user != null) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
}
if (!result) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
return new Pair<Boolean, ActionOnFailedAuthentication>(result, action);
}
private void createCloudStackUserAccount(LdapUser user, long domainId) {
private void createCloudStackUserAccount(LdapUser user, long domainId, short accountType) {
String username = user.getUsername();
_accountService.createUserAccount(username, "", user.getFirstname(), user.getLastname(), user.getEmail(), "GMT", username, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId,
username, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
_accountService.createUserAccount(username, "", user.getFirstname(), user.getLastname(), user.getEmail(), null, username, accountType, domainId, username, null,
UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
}
private void disableUserInCloudStack(LdapUser ldapUser, long domainId) {

2
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
View File

@ -53,7 +53,7 @@ public interface LdapManager extends PluggableService {
List<LdapUser> searchUsers(String query) throws NoLdapUserMatchingQueryException;
LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name);
LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType);
public LdapTrustMapVO getDomainLinkedToLdap(long domainId);
}

8
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
View File

@ -264,10 +264,10 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
}
@Override
public LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name) {
// TODO Auto-generated method stub
LdapTrustMapVO ldapTrustMapVO = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, type, name));
return null;
public LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType) {
LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, type, name, accountType));
LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(vo.getDomainId(), vo.getType(), vo.getName(), vo.getAccountType());
return response;
}
@Override

13
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapTrustMapVO.java
View File

@ -45,10 +45,18 @@ public class LdapTrustMapVO implements InternalIdentity {
@Column(name = "domain_id")
private long domainId;
public LdapTrustMapVO(long domainId, String type, String name) {
@Column(name = "account_type")
private short accountType;
public LdapTrustMapVO() {
}
public LdapTrustMapVO(long domainId, String type, String name, short accountType) {
this.domainId = domainId;
this.type = type;
this.name = name;
this.accountType = accountType;
}
@Override
@ -68,6 +76,7 @@ public class LdapTrustMapVO implements InternalIdentity {
return domainId;
}
public LdapTrustMapVO() {
public short getAccountType() {
return accountType;
}
}

7
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/OpenLdapUserManagerImpl.java
View File

@ -153,7 +153,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
final StringBuilder memberOfFilter = new StringBuilder();
if ("GROUP".equals(type)) {
memberOfFilter.append("(memberof=");
memberOfFilter.append("(").append(getMemberOfAttribute()).append("=");
memberOfFilter.append(name);
memberOfFilter.append(")");
}
@ -167,6 +167,11 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
return searchUser(basedn, searchQuery.toString(), context);
}
protected String getMemberOfAttribute() {
return "memberof";
}
@Override
public List<LdapUser> getUsers(final LdapContext context) throws NamingException, IOException {
return getUsers(null, context);

8
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -2173,6 +2173,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (domain != null) {
domainName = domain.getName();
}
if (userAccount == null) {
_userAccountDao.getUserAccount(username, domainId);
}
if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) ||
!userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
@ -2192,6 +2195,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
}
if (userAccount == null) {
s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
return null;
}
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getId())) {
// Internal accounts are not disabled

1
setup/db/db/schema-452to460.sql
View File

@ -404,6 +404,7 @@ CREATE TABLE `cloud`.`ldap_trust_map` (
`domain_id` bigint unsigned NOT NULL,
`type` varchar(10) NOT NULL,
`name` varchar(255) NOT NULL,
`account_type` int(1) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `uk_ldap_trust_map__domain_id` (`id`),
KEY `fk_ldap_trust_map__domain_id` (`domain_id`),