From 22d6718fe3f83d6c3c47734669fe9cde3e6d1a88 Mon Sep 17 00:00:00 2001 From: Frank Maximus Date: Wed, 24 Jan 2018 23:35:27 +0100 Subject: [PATCH 1/2] CLOUDSTACK-10255: Fix agent logrotate (#2429) Renamed cloudstack-agent.logrotate to cloudstack-agent.logrotate.in, so Ant will run the filterchain while copying. This made the ant run copy block of cloudstack-agent.logrotate unnecessary, so this is removed. --- ...dstack-agent.logrotate => cloudstack-agent.logrotate.in} | 0 agent/pom.xml | 6 ------ 2 files changed, 6 deletions(-) rename agent/conf/{cloudstack-agent.logrotate => cloudstack-agent.logrotate.in} (100%) diff --git a/agent/conf/cloudstack-agent.logrotate b/agent/conf/cloudstack-agent.logrotate.in similarity index 100% rename from agent/conf/cloudstack-agent.logrotate rename to agent/conf/cloudstack-agent.logrotate.in diff --git a/agent/pom.xml b/agent/pom.xml index 3ee1c5dbacb..0505752660a 100644 --- a/agent/pom.xml +++ b/agent/pom.xml @@ -93,12 +93,6 @@ - - - - - From 6aadbc521950964b86d2912c874800cead1b7496 Mon Sep 17 00:00:00 2001 From: dahn Date: Fri, 26 Jan 2018 12:03:11 +0000 Subject: [PATCH 2/2] CLOUDSTACK-10239: Fallback to default provider if needed (#2430) Fallback to default provider if needed. --- .../cloudstack/api/command/LinkDomainToLdapCmd.java | 4 ++-- .../apache/cloudstack/ldap/LdapContextFactory.java | 11 +++++++---- .../src/org/apache/cloudstack/ldap/LdapManager.java | 1 - .../org/apache/cloudstack/ldap/LdapManagerImpl.java | 7 ++++--- .../api/command/LdapCreateAccountCmdTest.java | 4 ++-- 5 files changed, 15 insertions(+), 12 deletions(-) diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java index 00140952051..a64193aaf55 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java @@ -54,11 +54,11 @@ public class LinkDomainToLdapCmd extends BaseCmd { @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, required = true, description = "type of the ldap name. GROUP or OU") private String type; - @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP") + @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP") private String ldapDomain; @Deprecated - @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP") + @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP") private String name; @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ") diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java index b141f053008..70f7a564111 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java @@ -25,6 +25,7 @@ import javax.naming.NamingException; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; public class LdapContextFactory { @@ -40,12 +41,10 @@ public class LdapContextFactory { _ldapConfiguration = ldapConfiguration; } - // TODO add optional domain (optional only for backwards compatibility) public LdapContext createBindContext(Long domainId) throws NamingException, IOException { return createBindContext(null, domainId); } - // TODO add optional domain (optional only for backwards compatibility) public LdapContext createBindContext(final String providerUrl, Long domainId) throws NamingException, IOException { final String bindPrincipal = _ldapConfiguration.getBindPrincipal(domainId); final String bindPassword = _ldapConfiguration.getBindPassword(domainId); @@ -80,9 +79,13 @@ public class LdapContextFactory { private Hashtable getEnvironment(final String principal, final String password, final String providerUrl, final boolean isSystemContext, Long domainId) { final String factory = _ldapConfiguration.getFactory(); - final String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl; + String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl; + if (StringUtils.isEmpty(url) && domainId != null) { + //try a default ldap implementation + url = _ldapConfiguration.getProviderUrl(null); + } - final Hashtable environment = new Hashtable(); + final Hashtable environment = new Hashtable<>(); environment.put(Context.INITIAL_CONTEXT_FACTORY, factory); environment.put(Context.PROVIDER_URL, url); diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java index 002242c8f02..2dceae1db32 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java @@ -52,7 +52,6 @@ public interface LdapManager extends PluggableService { @Deprecated LdapConfigurationResponse deleteConfiguration(String hostname, int port, Long domainId) throws InvalidParameterValueException; - // TODO username is only unique withing domain scope (add domain id to call) LdapUser getUser(final String username, Long domainId) throws NoLdapUserMatchingQueryException; LdapUser getUser(String username, String type, String name, Long domainId) throws NoLdapUserMatchingQueryException; diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java index b82231c99d7..547c10b7b1d 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java @@ -313,7 +313,7 @@ public class LdapManagerImpl implements LdapManager, LdapValidator { @Override public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) { - Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not configure an ldap server and an ldap group/ou to a domain"); + Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not link a domain unless a basedn is configured for it."); Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name"); return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),cmd.getLdapDomain(),cmd.getAccountType()); } @@ -356,8 +356,9 @@ public class LdapManagerImpl implements LdapManager, LdapValidator { return _ldapTrustMapDao.findGroupInDomain(domainId, group); } - @Override public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) { - Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not configure an ldap server and an ldap group/ou to a domain"); + @Override + public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) { + Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured"); Validate.notNull(cmd.getDomainId(), "domainId cannot be null."); Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty."); Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name"); diff --git a/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java b/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java index a4eccbf0856..55d7f624b53 100644 --- a/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java +++ b/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java @@ -62,10 +62,10 @@ public class LdapCreateAccountCmdTest implements LdapConfigurationChanger { } @Test(expected = ServerApiException.class) - public void failedCreationDueToANullResponseFromCloudstackAccountCreater() throws Exception { + public void failedCreationDueToANullResponseFromCloudstackAccountCreator() throws Exception { // We have an LdapManager, AccountService and LdapCreateAccountCmd LdapUser mrMurphy = new LdapUser("rmurphy", "rmurphy@cloudstack.org", "Ryan", "Murphy", "cn=rmurphy,ou=engineering,dc=cloudstack,dc=org", "engineering", false, null); - when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy); + when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy).thenReturn(mrMurphy); ldapCreateAccountCmd.execute(); fail("An exception should have been thrown: " + ServerApiException.class); }