apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8647 added account_type to the linkDomainToLdap API

Browse Source
This commit is contained in:
Rajani Karuturi 2015-08-11 12:07:44 +05:30 committed by Rajani Karuturi
parent 7109689fde
commit 0dc9ccd189
10 changed files with 79 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
View File

@ -52,14 +52,17 @@ public class LinkDomainToLdapCmd extends BaseCmd {
@Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ") @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")
private String admin; private String admin;
@Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account to auto import. Specify 0 for user, 1 for root " +
"admin, and 2 for domain admin")
private short accountType;
@Inject @Inject
private LdapManager _ldapManager; private LdapManager _ldapManager;
@Override @Override
public void execute() throws ServerApiException { public void execute() throws ServerApiException {
// TODO Auto-generated method stub
try { try {
LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name); LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
response.setObjectName("LinkDomainToLdap"); response.setObjectName("LinkDomainToLdap");
response.setResponseName(getCommandName()); response.setResponseName(getCommandName());
setResponseObject(response); setResponseObject(response);

30
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java
View File

@ -22,14 +22,12 @@ import com.cloud.serializer.Param;
import com.google.gson.annotations.SerializedName; import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse; import org.apache.cloudstack.api.BaseResponse;
import org.apache.log4j.Logger;
public class LinkDomainToLdapResponse extends BaseResponse { public class LinkDomainToLdapResponse extends BaseResponse {
public static final Logger s_logger = Logger.getLogger(LinkDomainToLdapResponse.class.getName());
@SerializedName(ApiConstants.DOMAIN_ID) @SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "id of the Domain which is linked to LDAP") @Param(description = "id of the Domain which is linked to LDAP")
private String domainId; private long domainId;
@SerializedName(ApiConstants.NAME) @SerializedName(ApiConstants.NAME)
@Param(description = "name of the group or OU in LDAP which is linked to the domain") @Param(description = "name of the group or OU in LDAP which is linked to the domain")
@ -39,4 +37,30 @@ public class LinkDomainToLdapResponse extends BaseResponse {
@Param(description = "type of the name in LDAP which is linke to the domain") @Param(description = "type of the name in LDAP which is linke to the domain")
private String type; private String type;
@SerializedName(ApiConstants.ACCOUNT_TYPE)
@Param(description = "Type of the account to auto import")
private short accountType;
public LinkDomainToLdapResponse(long domainId, String type, String name, short accountType) {
this.domainId = domainId;
this.name = name;
this.type = type;
this.accountType = accountType;
}
public long getDomainId() {
return domainId;
}
public String getName() {
return name;
}
public String getType() {
return type;
}
public short getAccountType() {
return accountType;
}
} }

8
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
View File

@ -32,7 +32,7 @@ import org.apache.log4j.Logger;
public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements LdapUserManager { public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements LdapUserManager {
public static final Logger s_logger = Logger.getLogger(ADLdapUserManagerImpl.class.getName()); public static final Logger s_logger = Logger.getLogger(ADLdapUserManagerImpl.class.getName());
private static final String MICROSOFT_AD_NESTED_MEMBERS_FILTER = "memberOf:1.2.840.113556.1.4.1941"; private static final String MICROSOFT_AD_NESTED_MEMBERS_FILTER = "memberOf:1.2.840.113556.1.4.1941:";
@Override @Override
public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException { public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws NamingException {
@ -66,7 +66,7 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements Ld
final StringBuilder memberOfFilter = new StringBuilder(); final StringBuilder memberOfFilter = new StringBuilder();
String groupCnName = _ldapConfiguration.getCommonNameAttribute() + "=" +groupName + "," + _ldapConfiguration.getBaseDn(); String groupCnName = _ldapConfiguration.getCommonNameAttribute() + "=" +groupName + "," + _ldapConfiguration.getBaseDn();
memberOfFilter.append("(" + MICROSOFT_AD_NESTED_MEMBERS_FILTER + ":="); memberOfFilter.append("(" + MICROSOFT_AD_NESTED_MEMBERS_FILTER + "=");
memberOfFilter.append(groupCnName); memberOfFilter.append(groupCnName);
memberOfFilter.append(")"); memberOfFilter.append(")");
@ -92,4 +92,8 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements Ld
} }
return isDisabledUser; return isDisabledUser;
} }
protected String getMemberOfAttribute() {
return MICROSOFT_AD_NESTED_MEMBERS_FILTER;
}
} }

24
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
View File

@ -17,7 +17,6 @@
package org.apache.cloudstack.ldap; package org.apache.cloudstack.ldap;
import com.cloud.server.auth.DefaultUserAuthenticator; import com.cloud.server.auth.DefaultUserAuthenticator;
import com.cloud.user.Account;
import com.cloud.user.AccountService; import com.cloud.user.AccountService;
import com.cloud.user.User; import com.cloud.user.User;
import com.cloud.user.UserAccount; import com.cloud.user.UserAccount;
@ -62,18 +61,16 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
ActionOnFailedAuthentication action = null; ActionOnFailedAuthentication action = null;
if (_ldapManager.isLdapEnabled()) { if (_ldapManager.isLdapEnabled()) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId); LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
if(ldapTrustMapVO != null) { if(ldapTrustMapVO != null) {
try { try {
LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType(), ldapTrustMapVO.getName()); LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType(), ldapTrustMapVO.getName());
if(!ldapUser.isDisabled()) { if(!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password); result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
if(result) { if(result && (user == null)) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId); // import user to cloudstack
if (user == null) { createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
// import user to cloudstack
createCloudStackUserAccount(ldapUser, domainId);
}
} }
} else { } else {
//disable user in cloudstack //disable user in cloudstack
@ -85,7 +82,6 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
} else { } else {
//domain is not linked to ldap follow normal authentication //domain is not linked to ldap follow normal authentication
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if(user != null ) { if(user != null ) {
try { try {
LdapUser ldapUser = _ldapManager.getUser(username); LdapUser ldapUser = _ldapManager.getUser(username);
@ -99,18 +95,18 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
} }
} }
} }
if (!result && user != null) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
} }
if (!result) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
return new Pair<Boolean, ActionOnFailedAuthentication>(result, action); return new Pair<Boolean, ActionOnFailedAuthentication>(result, action);
} }
private void createCloudStackUserAccount(LdapUser user, long domainId) { private void createCloudStackUserAccount(LdapUser user, long domainId, short accountType) {
String username = user.getUsername(); String username = user.getUsername();
_accountService.createUserAccount(username, "", user.getFirstname(), user.getLastname(), user.getEmail(), "GMT", username, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, _accountService.createUserAccount(username, "", user.getFirstname(), user.getLastname(), user.getEmail(), null, username, accountType, domainId, username, null,
username, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
} }
private void disableUserInCloudStack(LdapUser ldapUser, long domainId) { private void disableUserInCloudStack(LdapUser ldapUser, long domainId) {

2
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
View File

@ -53,7 +53,7 @@ public interface LdapManager extends PluggableService {
List<LdapUser> searchUsers(String query) throws NoLdapUserMatchingQueryException; List<LdapUser> searchUsers(String query) throws NoLdapUserMatchingQueryException;
LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name); LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType);
public LdapTrustMapVO getDomainLinkedToLdap(long domainId); public LdapTrustMapVO getDomainLinkedToLdap(long domainId);
} }

8
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
View File

@ -264,10 +264,10 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
} }
@Override @Override
public LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name) { public LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType) {
// TODO Auto-generated method stub LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, type, name, accountType));
LdapTrustMapVO ldapTrustMapVO = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, type, name)); LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(vo.getDomainId(), vo.getType(), vo.getName(), vo.getAccountType());
return null; return response;
} }
@Override @Override

13
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapTrustMapVO.java
View File

@ -45,10 +45,18 @@ public class LdapTrustMapVO implements InternalIdentity {
@Column(name = "domain_id") @Column(name = "domain_id")
private long domainId; private long domainId;
public LdapTrustMapVO(long domainId, String type, String name) { @Column(name = "account_type")
private short accountType;
public LdapTrustMapVO() {
}
public LdapTrustMapVO(long domainId, String type, String name, short accountType) {
this.domainId = domainId; this.domainId = domainId;
this.type = type; this.type = type;
this.name = name; this.name = name;
this.accountType = accountType;
} }
@Override @Override
@ -68,6 +76,7 @@ public class LdapTrustMapVO implements InternalIdentity {
return domainId; return domainId;
} }
public LdapTrustMapVO() { public short getAccountType() {
return accountType;
} }
} }

7
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/OpenLdapUserManagerImpl.java
View File

@ -153,7 +153,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
final StringBuilder memberOfFilter = new StringBuilder(); final StringBuilder memberOfFilter = new StringBuilder();
if ("GROUP".equals(type)) { if ("GROUP".equals(type)) {
memberOfFilter.append("(memberof="); memberOfFilter.append("(").append(getMemberOfAttribute()).append("=");
memberOfFilter.append(name); memberOfFilter.append(name);
memberOfFilter.append(")"); memberOfFilter.append(")");
} }
@ -167,6 +167,11 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
return searchUser(basedn, searchQuery.toString(), context); return searchUser(basedn, searchQuery.toString(), context);
} }
protected String getMemberOfAttribute() {
return "memberof";
}
@Override @Override
public List<LdapUser> getUsers(final LdapContext context) throws NamingException, IOException { public List<LdapUser> getUsers(final LdapContext context) throws NamingException, IOException {
return getUsers(null, context); return getUsers(null, context);

8
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -2173,6 +2173,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (domain != null) { if (domain != null) {
domainName = domain.getName(); domainName = domain.getName();
} }
if (userAccount == null) {
_userAccountDao.getUserAccount(username, domainId);
}
if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) || if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) ||
!userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) { !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
@ -2192,6 +2195,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId); s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
} }
if (userAccount == null) {
s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
return null;
}
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) { if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getId())) { if (!isInternalAccount(userAccount.getId())) {
// Internal accounts are not disabled // Internal accounts are not disabled

1
setup/db/db/schema-452to460.sql
View File

@ -404,6 +404,7 @@ CREATE TABLE `cloud`.`ldap_trust_map` (
`domain_id` bigint unsigned NOT NULL, `domain_id` bigint unsigned NOT NULL,
`type` varchar(10) NOT NULL, `type` varchar(10) NOT NULL,
`name` varchar(255) NOT NULL, `name` varchar(255) NOT NULL,
`account_type` int(1) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `uk_ldap_trust_map__domain_id` (`id`), UNIQUE KEY `uk_ldap_trust_map__domain_id` (`id`),
KEY `fk_ldap_trust_map__domain_id` (`domain_id`), KEY `fk_ldap_trust_map__domain_id` (`domain_id`),