CLOUDSTACK-5236 : ability to identify where the user is from (ex. LDAP)

Added a source column to the user table. Source now has only two values UNKNOWN,LDAP with UNKNOWN being the default and is an enum is com.cloud.User. When the source is UNKNOWN, the old method of authenticating against all the available authenticators is used. If a source is available, only that particular authenticator will be used. added overloaded methods in AccountService to createUserAccount and createUser with source specified. (cherry picked from commit 5da733072e838c830720909ef5ba27ef6ce6d0b0)
2025-10-26 08:42:29 +01:00 · 2014-10-21 15:30:57 +05:30 · 2014-10-21 15:30:57 +05:30 · 843f6b1691
commit 843f6b1691
parent 2783cf540b
28 changed files with 167 additions and 60 deletions
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@ -59,6 +59,9 @@ public interface AccountService {
    UserAccount createUserAccount(String userName, String password, String firstName, String lastName, String email, String timezone, String accountName,
        short accountType, Long domainId, String networkDomain, Map<String, String> details, String accountUUID, String userUUID);

+    UserAccount createUserAccount(String userName, String password, String firstName, String lastName, String email, String timezone, String accountName, short accountType, Long domainId, String networkDomain,
+                                  Map<String, String> details, String accountUUID, String userUUID, User.Source source);
+
    /**
     * Locks a user by userId. A locked user cannot access the API, but will still have running VMs/IP addresses
     * allocated/etc.
@ -72,8 +75,10 @@ public interface AccountService {

    User getSystemUser();

-        User
-        createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId, String userUUID);
+    User createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId, String userUUID);
+
+    User createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId, String userUUID,
+                    User.Source source);

    boolean isAdmin(Long accountId);

--- a/api/src/com/cloud/user/User.java
+++ b/api/src/com/cloud/user/User.java
@ -21,6 +21,11 @@ import java.util.Date;
 import org.apache.cloudstack.api.InternalIdentity;

 public interface User extends OwnedBy, InternalIdentity {
+
+    public enum Source {
+        LDAP, UNKNOWN
+    }
+
    public static final long UID_SYSTEM = 1;
    public static final long UID_ADMIN = 2;

@ -77,4 +82,6 @@ public interface User extends OwnedBy, InternalIdentity {

    boolean isDefault();

+    public Source getSource();
+
 }
--- a/api/src/com/cloud/user/UserAccount.java
+++ b/api/src/com/cloud/user/UserAccount.java
@ -61,4 +61,6 @@ public interface UserAccount extends InternalIdentity {
    boolean isRegistered();

    int getLoginAttempts();
+
+    public User.Source getSource();
 }
--- a/engine/schema/src/com/cloud/user/UserAccountVO.java
+++ b/engine/schema/src/com/cloud/user/UserAccountVO.java
@ -20,6 +20,8 @@ import java.util.Date;

 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
@ -99,6 +101,10 @@ public class UserAccountVO implements UserAccount, InternalIdentity {
    @Column(name = "state", table = "account", insertable = false, updatable = false)
    private String accountState;

+    @Column(name = "source")
+    @Enumerated(value = EnumType.STRING)
+    private User.Source source;
+
    public UserAccountVO() {
    }

@ -281,4 +287,13 @@ public class UserAccountVO implements UserAccount, InternalIdentity {
    public int getLoginAttempts() {
        return loginAttempts;
    }
+
+    @Override
+    public User.Source getSource() {
+        return source;
+    }
+
+    public void setSource(User.Source source) {
+        this.source = source;
+    }
 }
--- a/engine/schema/src/com/cloud/user/UserVO.java
+++ b/engine/schema/src/com/cloud/user/UserVO.java
@ -97,6 +97,10 @@ public class UserVO implements User, Identity, InternalIdentity {
    @Column(name = "default")
    boolean isDefault;

+    @Column(name = "source")
+    @Enumerated(value = EnumType.STRING)
+    private Source source;
+
    public UserVO() {
        this.uuid = UUID.randomUUID().toString();
    }
@ -106,7 +110,7 @@ public class UserVO implements User, Identity, InternalIdentity {
        this.uuid = UUID.randomUUID().toString();
    }

-    public UserVO(long accountId, String username, String password, String firstName, String lastName, String email, String timezone, String uuid) {
+    public UserVO(long accountId, String username, String password, String firstName, String lastName, String email, String timezone, String uuid, Source source) {
        this.accountId = accountId;
        this.username = username;
        this.password = password;
@ -116,6 +120,7 @@ public class UserVO implements User, Identity, InternalIdentity {
        this.timezone = timezone;
        this.state = State.enabled;
        this.uuid = uuid;
+        this.source = source;
    }

    @Override
@ -270,4 +275,12 @@ public class UserVO implements User, Identity, InternalIdentity {
        return isDefault;
    }

+    public Source getSource() {
+        return source;
+    }
+
+    public void setSource(Source source) {
+        this.source = source;
+    }
+
 }
--- a/plugins/dedicated-resources/test/org/apache/cloudstack/dedicated/manager/DedicatedApiUnitTest.java
+++ b/plugins/dedicated-resources/test/org/apache/cloudstack/dedicated/manager/DedicatedApiUnitTest.java
@ -26,8 +26,11 @@ import java.util.UUID;

 import javax.inject.Inject;

+import com.cloud.user.User;
 import junit.framework.Assert;

+import org.apache.cloudstack.dedicated.DedicatedResourceManagerImpl;
+import org.apache.cloudstack.test.utils.SpringUtils;
 import org.apache.log4j.Logger;
 import org.junit.After;
 import org.junit.Before;
@ -49,9 +52,7 @@ import org.springframework.test.context.support.AnnotationConfigContextLoader;
 import org.apache.cloudstack.affinity.AffinityGroupService;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.dedicated.DedicatedResourceManagerImpl;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.cloudstack.test.utils.SpringUtils;

 import com.cloud.dc.DedicatedResourceVO;
 import com.cloud.dc.dao.ClusterDao;
@ -118,7 +119,7 @@ public class DedicatedApiUnitTest {
        AccountVO account = new AccountVO(accountName, domainId, "networkDomain", Account.ACCOUNT_TYPE_NORMAL, "uuid");
        DomainVO domain = new DomainVO("rootDomain", 5L, 5L, "networkDomain");

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);
        when(_acctMgr.finalizeOwner((Account)anyObject(), anyString(), anyLong(), anyLong())).thenReturn(account);
--- a/plugins/deployment-planners/implicit-dedication/test/org/apache/cloudstack/implicitplanner/ImplicitPlannerTest.java
+++ b/plugins/deployment-planners/implicit-dedication/test/org/apache/cloudstack/implicitplanner/ImplicitPlannerTest.java
@ -34,6 +34,7 @@ import java.util.UUID;

 import javax.inject.Inject;

+import com.cloud.user.User;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@ -164,7 +165,7 @@ public class ImplicitPlannerTest {
        acct.setDomainId(domainId);
        acct.setId(accountId);

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, acct);
    }

--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalVlanManagerImpl.java
@ -30,6 +30,7 @@ import com.cloud.network.Networks;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountVO;
+import com.cloud.user.User;
 import com.cloud.user.UserVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.user.dao.UserDao;
@ -256,6 +257,7 @@ public class BaremetalVlanManagerImpl extends ManagerBase implements BaremetalVl
        user.setFirstname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
        user.setLastname(BaremetalUtils.BAREMETAL_SYSTEM_ACCOUNT_NAME);
        user.setPassword(UUID.randomUUID().toString());
+        user.setSource(User.Source.UNKNOWN);
        user = userDao.persist(user);

        String[] keys = acntMgr.createApiKeyAndSecretKey(user.getId());
--- a/plugins/hypervisors/vmware/test/com/cloud/hypervisor/vmware/VmwareDatacenterApiUnitTest.java
+++ b/plugins/hypervisors/vmware/test/com/cloud/hypervisor/vmware/VmwareDatacenterApiUnitTest.java
@ -27,6 +27,7 @@ import java.util.UUID;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;

+import com.cloud.user.User;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
@ -177,7 +178,7 @@ public class VmwareDatacenterApiUnitTest {
        acct.setAccountName("admin");
        acct.setDomainId(domainId);

-        UserVO user1 = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user1 = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user1, acct);

--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@ -127,6 +127,12 @@ public class MockAccountManager extends ManagerBase implements AccountManager {
        return null;
    }

+    @Override public User createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId,
+                                     String userUUID, User.Source source) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
    @Override
    public UserAccount createUserAccount(String arg0, String arg1, String arg2, String arg3, String arg4, String arg5, String arg6, short arg7, Long arg8, String arg9,
        Map<String, String> arg10, String arg11, String arg12) {
@ -134,6 +140,13 @@ public class MockAccountManager extends ManagerBase implements AccountManager {
        return null;
    }

+    @Override
+    public UserAccount createUserAccount(String userName, String password, String firstName, String lastName, String email, String timezone, String accountName, short accountType,
+                                         Long domainId, String networkDomain, Map<String, String> details, String accountUUID, String userUUID, User.Source source) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
    @Override
    public Account finalizeOwner(Account arg0, String arg1, Long arg2, Long arg3) {
        return _systemAccount;
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
@ -92,10 +92,10 @@ public class LdapCreateAccountCmd extends BaseCmd {
        Account account = _accountService.getActiveAccountByName(accountName, domainId);
        if (account == null) {
            return _accountService.createUserAccount(username, generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, accountType,
-                    domainId, networkDomain, details, accountUUID, userUUID);
+                    domainId, networkDomain, details, accountUUID, userUUID, User.Source.LDAP);
        } else {
            User newUser = _accountService.createUser(username, generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, domainId,
-                    userUUID);
+                    userUUID, User.Source.LDAP);
            return _accountService.getUserAccountById(newUser.getId());
        }
    }
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
@ -26,6 +26,7 @@ import java.util.UUID;
 import javax.inject.Inject;

 import com.cloud.user.Account;
+import com.cloud.user.User;
 import com.cloud.user.UserAccount;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@ -111,14 +112,14 @@ public class LdapImportUsersCmd extends BaseListCmd {
        if (account == null) {
            s_logger.debug("No account exists with name: " + accountName + " creating the account and an user with name: " + user.getUsername() + " in the account");
            _accountService.createUserAccount(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, accountType,
-                    domain.getId(), domain.getNetworkDomain(), details, UUID.randomUUID().toString(), UUID.randomUUID().toString());
+                    domain.getId(), domain.getNetworkDomain(), details, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
        } else {
 //            check if the user exists. if yes, call update
            UserAccount csuser = _accountService.getActiveUserAccount(user.getUsername(), domain.getId());
            if(csuser == null) {
                s_logger.debug("No user exists with name: " + user.getUsername() + " creating a user in the account: " + accountName);
                _accountService.createUser(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, domain.getId(),
-                                           UUID.randomUUID().toString());
+                                           UUID.randomUUID().toString(), User.Source.LDAP);
            } else {
                s_logger.debug("account with name: " + accountName + " exist and user with name: " + user.getUsername() + " exists in the account. Updating the account.");
                _accountService.updateUser(csuser.getId(), user.getFirstname(), user.getLastname(), user.getEmail(), null, null, null, null, null);
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapImportUsersCmdSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapImportUsersCmdSpec.groovy
@ -21,6 +21,7 @@ import com.cloud.domain.DomainVO
 import com.cloud.user.AccountService
 import com.cloud.user.AccountVO
 import com.cloud.user.DomainService
+import com.cloud.user.User
 import com.cloud.user.UserAccountVO
 import com.cloud.user.UserVO
 import org.apache.cloudstack.api.command.LdapCreateAccountCmd
@ -214,8 +215,8 @@ class LdapImportUsersCmdSpec extends spock.lang.Specification {
        def accountService = Mock(AccountService)
        1 * accountService.getActiveAccountByName('ACCOUNT', 0) >>  Mock(AccountVO)

-        1 * accountService.createUser('rmurphy', _ , 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 0, _) >> Mock(UserVO)
-        0 * accountService.createUserAccount('rmurphy', _, 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 2, 0, 'DOMAIN', null, _, _)
+        1 * accountService.createUser('rmurphy', _ , 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 0, _, User.Source.LDAP) >> Mock(UserVO)
+        0 * accountService.createUserAccount('rmurphy', _, 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 2, 0, 'DOMAIN', null, _, _, User.Source.LDAP)
        0 * accountService.updateUser(_,'Ryan', 'Murphy', 'rmurphy@test.com', null, null, null, null, null);

        def ldapImportUsersCmd = new LdapImportUsersCmd(ldapManager, domainService, accountService)
@ -272,8 +273,8 @@ class LdapImportUsersCmdSpec extends spock.lang.Specification {

        def accountService = Mock(AccountService)
        1 * accountService.getActiveAccountByName('ACCOUNT', 0) >>  null
-        0 * accountService.createUser('rmurphy', _ , 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 0, _)
-        1 * accountService.createUserAccount('rmurphy', _, 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 2, 0, 'DOMAIN', null, _, _)
+        0 * accountService.createUser('rmurphy', _ , 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 0, _, User.Source.LDAP)
+        1 * accountService.createUserAccount('rmurphy', _, 'Ryan', 'Murphy', 'rmurphy@test.com', null, 'ACCOUNT', 2, 0, 'DOMAIN', null, _, _, User.Source.LDAP)
        0 * accountService.updateUser(_,'Ryan', 'Murphy', 'rmurphy@test.com', null, null, null, null, null);

        def ldapImportUsersCmd = new LdapImportUsersCmd(ldapManager, domainService, accountService)
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@ -987,6 +987,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        return success;
    }

+    public UserAccount createUserAccount(final String userName, final String password, final String firstName, final String lastName, final String email, final String timezone,
+            String accountName, final short accountType, Long domainId, final String networkDomain, final Map<String, String> details, String accountUUID, final String userUUID) {
+
+        return createUserAccount(userName, password, firstName, lastName, email, timezone, accountName, accountType, domainId, networkDomain, details, accountUUID, userUUID,
+                User.Source.UNKNOWN);
+    }
+
    // ///////////////////////////////////////////////////
    // ////////////// API commands /////////////////////
    // ///////////////////////////////////////////////////
@ -999,7 +1006,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
    })
    public UserAccount createUserAccount(final String userName, final String password, final String firstName, final String lastName, final String email,
        final String timezone, String accountName, final short accountType, Long domainId, final String networkDomain, final Map<String, String> details,
-        String accountUUID, final String userUUID) {
+        String accountUUID, final String userUUID, final User.Source source) {

        if (accountName == null) {
            accountName = userName;
@ -1056,7 +1063,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
                long accountId = account.getId();

                // create the first user for the account
-                UserVO user = createUser(accountId, userName, password, firstName, lastName, email, timezone, userUUID);
+                UserVO user = createUser(accountId, userName, password, firstName, lastName, email, timezone, userUUID, source);

                if (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
                    // set registration token
@ -1088,8 +1095,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
    public UserVO createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId,
-        String userUUID) {
-
+                             String userUUID, User.Source source) {
        // default domain to ROOT if not specified
        if (domainId == null) {
            domainId = Domain.ROOT_DOMAIN;
@ -1117,10 +1123,17 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
            throw new CloudRuntimeException("The user " + userName + " already exists in domain " + domainId);
        }
        UserVO user = null;
-        user = createUser(account.getId(), userName, password, firstName, lastName, email, timeZone, userUUID);
+        user = createUser(account.getId(), userName, password, firstName, lastName, email, timeZone, userUUID, source);
        return user;
    }

+    @Override
+    public UserVO createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId,
+        String userUUID) {
+
+        return createUser(userName, password, firstName,lastName, email, timeZone, accountName, domainId, userUUID, User.Source.UNKNOWN);
+    }
+
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_USER_UPDATE, eventDescription = "updating User")
    public UserAccount updateUser(Long userId, String firstName, String lastName, String email, String userName, String password, String apiKey, String secretKey, String timeZone) {
@ -1963,7 +1976,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        });
    }

-    protected UserVO createUser(long accountId, String userName, String password, String firstName, String lastName, String email, String timezone, String userUUID) {
+    protected UserVO createUser(long accountId, String userName, String password, String firstName, String lastName, String email, String timezone, String userUUID,
+                                User.Source source) {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Creating user: " + userName + ", accountId: " + accountId + " timezone:" + timezone);
        }
@ -1982,7 +1996,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        if (userUUID == null) {
            userUUID =  UUID.randomUUID().toString();
        }
-        UserVO user = _userDao.persist(new UserVO(accountId, userName, encodedPassword, firstName, lastName, email, timezone, userUUID));
+        UserVO user = _userDao.persist(new UserVO(accountId, userName, encodedPassword, firstName, lastName, email, timezone, userUUID, source));
        CallContext.current().putContextParameter(User.class, user.getUuid());
        return user;
    }
@ -2126,10 +2140,21 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId);
        }
+        UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
+        if (userAccount == null) {
+            s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
+            return null;
+        }

        boolean authenticated = false;
        HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion = new HashSet<ActionOnFailedAuthentication>();
+        User.Source userSource = userAccount.getSource();
        for (UserAuthenticator authenticator : _userAuthenticators) {
+            if(userSource != User.Source.UNKNOWN) {
+                if(!authenticator.getName().equalsIgnoreCase(userSource.name())){
+                    continue;
+                }
+            }
            Pair<Boolean, ActionOnFailedAuthentication> result = authenticator.authenticate(username, password, domainId, requestParameters);
            if (result.first()) {
                authenticated = true;
@ -2142,11 +2167,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        boolean updateIncorrectLoginCount = actionsOnFailedAuthenticaion.contains(ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);

        if (authenticated) {
-            UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
-            if (userAccount == null) {
-                s_logger.warn("Unable to find an authenticated user with username " + username + " in domain " + domainId);
-                return null;
-            }

            Domain domain = _domainMgr.getDomain(domainId);
            String domainName = null;
@ -2172,7 +2192,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
                s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
            }

-            UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
            if (userAccount != null) {
                if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
                    if (!isInternalAccount(userAccount.getId())) {
--- a/server/test/com/cloud/api/dispatch/CommandCreationWorkerTest.java
+++ b/server/test/com/cloud/api/dispatch/CommandCreationWorkerTest.java
@ -22,6 +22,7 @@ import java.util.UUID;

 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
+import com.cloud.user.User;
 import com.cloud.user.UserVO;
 import org.apache.cloudstack.context.CallContext;
 import org.junit.Test;
@ -42,7 +43,7 @@ public class CommandCreationWorkerTest {
        final BaseAsyncCreateCmd asyncCreateCmd = mock(BaseAsyncCreateCmd.class);
        final Map<String, String> params = new HashMap<String, String>();
        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short) 0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);

        // Execute
--- a/server/test/com/cloud/api/dispatch/ParamGenericValidationWorkerTest.java
+++ b/server/test/com/cloud/api/dispatch/ParamGenericValidationWorkerTest.java
@ -106,7 +106,7 @@ public class ParamGenericValidationWorkerTest {
        params.put("addedParam", "");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short) 0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
        // Execute
        try {
@ -130,7 +130,7 @@ public class ParamGenericValidationWorkerTest {
        params.put(unknownParamKey, "");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short) 0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);

        // Execute
@ -172,7 +172,7 @@ public class ParamGenericValidationWorkerTest {
        final Account account = mock(Account.class);
        ((FakeCmdWithRoleAdmin)cmd).account = account;
        when(account.getType()).thenReturn(type);
-        User user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        User user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);

        final Map<String, String> params = new HashMap<String, String>();
--- a/server/test/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/test/com/cloud/configuration/ConfigurationManagerTest.java
@ -32,6 +32,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.UUID;

+import com.cloud.user.User;
 import org.apache.log4j.Logger;
 import org.junit.After;
 import org.junit.Assert;
@ -138,7 +139,7 @@ public class ConfigurationManagerTest {
        when(configurationMgr._accountDao.findActiveAccount(anyString(), anyLong())).thenReturn(account);
        when(configurationMgr._accountMgr.getActiveAccountById(anyLong())).thenReturn(account);

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);

        when(configurationMgr._publicIpAddressDao.countIPs(anyLong(), anyLong(), anyBoolean())).thenReturn(1);
--- a/server/test/com/cloud/network/DedicateGuestVlanRangesTest.java
+++ b/server/test/com/cloud/network/DedicateGuestVlanRangesTest.java
@ -29,6 +29,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;

+import com.cloud.user.User;
 import junit.framework.Assert;

 import org.apache.log4j.Logger;
@ -100,7 +101,7 @@ public class DedicateGuestVlanRangesTest {
        when(networkService._accountMgr.getAccount(anyLong())).thenReturn(account);
        when(networkService._accountDao.findActiveAccount(anyString(), anyLong())).thenReturn(account);

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);

--- a/server/test/com/cloud/network/lb/AssignLoadBalancerTest.java
+++ b/server/test/com/cloud/network/lb/AssignLoadBalancerTest.java
@ -32,6 +32,7 @@ import com.cloud.network.rules.RulesManagerImpl;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountVO;
+import com.cloud.user.User;
 import com.cloud.user.UserVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
@ -137,7 +138,7 @@ public class AssignLoadBalancerTest {
        AccountVO account = new AccountVO(accountName, domainId, "networkDomain", Account.ACCOUNT_TYPE_NORMAL, "uuid");
        DomainVO domain = new DomainVO("rootDomain", 5L, 5L, "networkDomain");

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);

--- a/server/test/com/cloud/storage/VolumeApiServiceImplTest.java
+++ b/server/test/com/cloud/storage/VolumeApiServiceImplTest.java
@ -27,6 +27,7 @@ import java.util.UUID;

 import javax.inject.Inject;

+import com.cloud.user.User;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@ -105,7 +106,7 @@ public class VolumeApiServiceImplTest {

        // mock caller context
        AccountVO account = new AccountVO("admin", 1L, "networkDomain", Account.ACCOUNT_TYPE_NORMAL, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
        // mock async context
        AsyncJobExecutionContext context = new AsyncJobExecutionContext();
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@ -336,8 +336,22 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
    }

    @Override
-    public User createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId,
-        String userUUID) {
+    public UserAccount createUserAccount(String userName, String password, String firstName, String lastName, String email, String timezone, String accountName, short accountType,
+                                         Long domainId, String networkDomain, Map<String, String> details, String accountUUID, String userUUID, User.Source source) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public User createUser(String userName, String password, String firstName,
+            String lastName, String email, String timeZone, String accountName,
+            Long domainId, String userUUID) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override public User createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId,
+                                     String userUUID, User.Source source) {
        // TODO Auto-generated method stub
        return null;
    }
--- a/server/test/com/cloud/vm/UserVmManagerTest.java
+++ b/server/test/com/cloud/vm/UserVmManagerTest.java
@ -37,6 +37,7 @@ import java.util.List;
 import java.util.UUID;

 import com.cloud.storage.Storage;
+import com.cloud.user.User;
 import com.cloud.event.dao.UsageEventDao;
 import org.junit.Before;
 import org.junit.Test;
@ -209,7 +210,7 @@ public class UserVmManagerTest {
        when(_templateDao.findById(anyLong())).thenReturn(_templateMock);
        doReturn(VirtualMachine.State.Error).when(_vmMock).getState();
        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);
        try {
@ -239,7 +240,7 @@ public class UserVmManagerTest {
        when(_templateMock.getUuid()).thenReturn("e0552266-7060-11e2-bbaa-d55f5db67735");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        StoragePoolVO storagePool = new StoragePoolVO();

@ -276,7 +277,7 @@ public class UserVmManagerTest {
        when(_templateMock.getUuid()).thenReturn("e0552266-7060-11e2-bbaa-d55f5db67735");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        StoragePoolVO storagePool = new StoragePoolVO();

@ -321,7 +322,7 @@ public class UserVmManagerTest {
        when(_templateMock.getUuid()).thenReturn("b1a3626e-72e0-4697-8c7c-a110940cc55d");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        StoragePoolVO storagePool = new StoragePoolVO();

@ -368,7 +369,7 @@ public class UserVmManagerTest {
        when(_templateMock.getUuid()).thenReturn("b1a3626e-72e0-4697-8c7c-a110940cc55d");

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        StoragePoolVO storagePool = new StoragePoolVO();

@ -406,7 +407,7 @@ public class UserVmManagerTest {

       // UserContext.current().setEventDetails("Vm Id: "+getId());
        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, "uuid");
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        //AccountVO(String accountName, long domainId, String networkDomain, short type, int regionId)
        doReturn(VirtualMachine.State.Running).when(_vmInstance).getState();

@ -450,7 +451,7 @@ public class UserVmManagerTest {
        when(_offeringDao.findByIdIncludingRemoved(anyLong(), anyLong())).thenReturn((ServiceOfferingVO)so1);

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
        try {
            _userVmMgr.upgradeVirtualMachine(cmd);
@ -492,7 +493,7 @@ public class UserVmManagerTest {
        //when(_vmDao.findById(anyLong())).thenReturn(_vmMock);

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
        try {
            _userVmMgr.upgradeVirtualMachine(cmd);
@ -541,7 +542,7 @@ public class UserVmManagerTest {
        when(_vmDao.findById(anyLong())).thenReturn(_vmMock);

        Account account = new AccountVO("testaccount", 1L, "networkdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
        try {
            _userVmMgr.upgradeVirtualMachine(cmd);
@ -589,7 +590,7 @@ public class UserVmManagerTest {

        // caller is of type 0
        Account caller = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, caller);
        try {
@ -620,7 +621,7 @@ public class UserVmManagerTest {

        // caller is of type 0
        Account caller = new AccountVO("testaccount", 1, "networkdomain", (short)1, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        Account oldAccount = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());
        Account newAccount = new AccountVO("testaccount", 1, "networkdomain", (short)1, UUID.randomUUID().toString());
--- a/server/test/com/cloud/vpc/NetworkACLManagerTest.java
+++ b/server/test/com/cloud/vpc/NetworkACLManagerTest.java
@ -22,6 +22,7 @@ import java.util.UUID;

 import javax.inject.Inject;

+import com.cloud.user.User;
 import junit.framework.TestCase;

 import org.apache.cloudstack.context.CallContext;
@ -110,7 +111,7 @@ public class NetworkACLManagerTest extends TestCase {
    public void setUp() {
        ComponentContext.initComponentsLifeCycle();
        Account account = new AccountVO("testaccount", 1, "testdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);
        acl = Mockito.mock(NetworkACLVO.class);
--- a/server/test/com/cloud/vpc/NetworkACLServiceTest.java
+++ b/server/test/com/cloud/vpc/NetworkACLServiceTest.java
@ -20,6 +20,7 @@ import java.util.UUID;

 import javax.inject.Inject;

+import com.cloud.user.User;
 import junit.framework.TestCase;

 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@ -103,7 +104,7 @@ public class NetworkACLServiceTest extends TestCase {
    public void setUp() {
        ComponentContext.initComponentsLifeCycle();
        Account account = new AccountVO("testaccount", 1, "testdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);

--- a/server/test/org/apache/cloudstack/affinity/AffinityApiUnitTest.java
+++ b/server/test/org/apache/cloudstack/affinity/AffinityApiUnitTest.java
@ -33,6 +33,11 @@ import javax.inject.Inject;
 import javax.naming.ConfigurationException;

 import com.cloud.utils.db.EntityManager;
+import com.cloud.event.ActionEventUtils;
+import com.cloud.user.User;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
+import org.apache.cloudstack.test.utils.SpringUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
@ -53,17 +58,13 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.support.AnnotationConfigContextLoader;

 import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
-import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.test.utils.SpringUtils;

 import com.cloud.dc.dao.DedicatedResourceDao;
 import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.ActionEventUtils;
 import com.cloud.event.EventVO;
 import com.cloud.event.dao.EventDao;
 import com.cloud.exception.InvalidParameterValueException;
@ -137,7 +138,7 @@ public class AffinityApiUnitTest {
        acct.setAccountName("user");
        acct.setDomainId(domainId);

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, acct);

--- a/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
+++ b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
@ -32,6 +32,7 @@ import java.util.List;
 import java.util.UUID;

 import org.apache.cloudstack.api.command.user.loadbalancer.DeleteSslCertCmd;
+import com.cloud.user.User;
 import org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.junit.After;
@ -60,7 +61,7 @@ public class CertServiceTest {
    @Before
    public void setUp() {
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());
-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
    }

--- a/server/test/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImplTest.java
+++ b/server/test/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImplTest.java
@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;

+import com.cloud.user.User;
 import junit.framework.Assert;
 import junit.framework.TestCase;

@ -70,7 +71,7 @@ public class GlobalLoadBalancingRulesServiceImplTest extends TestCase {
    public void setUp() {
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());

-        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);

        CallContext.register(user, account);
    }
--- a/setup/db/db/schema-450to451.sql
+++ b/setup/db/db/schema-450to451.sql
@ -24,3 +24,4 @@ UPDATE IGNORE `cloud`.`configuration` SET `value`='PBKDF2,SHA256SALT,MD5,LDAP,SA
 UPDATE IGNORE `cloud`.`configuration` SET `default_value`='PBKDF2,SHA256SALT,MD5,LDAP,SAML2,PLAINTEXT' WHERE name='user.password.encoders.order';
 UPDATE IGNORE `cloud`.`configuration` SET `value`='PBKDF2,SHA256SALT,MD5,LDAP,SAML2,PLAINTEXT' WHERE name='user.password.encoders.order';
 UPDATE IGNORE `cloud`.`configuration` SET `value`="MD5,LDAP,PLAINTEXT" WHERE `name`="user.password.encoders.exclude";
+ALTER TABLE `cloud`.`user` ADD COLUMN `source` varchar(40) NOT NULL DEFAULT 'UNKNOWN';