apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

ldap: truststore per domain (#5816)

Browse Source 
Co-authored-by: Daan Hoogland <dahn@onecht.net>
This commit is contained in:
dahn 2022-01-03 16:31:51 +01:00 committed by GitHub
parent 4392cc4d48
commit e06a66ba14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LDAPConfigCmd.java
View File

@ -189,7 +189,7 @@ public class LDAPConfigCmd extends BaseCmd {
List<LDAPConfigResponse> responses = new ArrayList<LDAPConfigResponse>(); List<LDAPConfigResponse> responses = new ArrayList<LDAPConfigResponse>();
if (result.second() > 0) { if (result.second() > 0) {
boolean useSSlConfig = _ldapConfiguration.getSSLStatus(); boolean useSSlConfig = _ldapConfiguration.getSSLStatus(null);
String searchBaseConfig = _ldapConfiguration.getBaseDn(null); String searchBaseConfig = _ldapConfiguration.getBaseDn(null);
String bindDnConfig = _ldapConfiguration.getBindPrincipal(null); String bindDnConfig = _ldapConfiguration.getBindPrincipal(null);
for (LdapConfigurationVO ldapConfigurationVO : result.first()) { for (LdapConfigurationVO ldapConfigurationVO : result.first()) {

14
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
View File

@ -238,7 +238,7 @@ public class LdapConfiguration implements Configurable{
} }
public String getProviderUrl(final Long domainId) { public String getProviderUrl(final Long domainId) {
final String protocol = getSSLStatus() == true ? "ldaps://" : "ldap://"; final String protocol = getSSLStatus(domainId) == true ? "ldaps://" : "ldap://";
final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(null, 0, domainId); final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(null, 0, domainId);
final StringBuilder providerUrls = new StringBuilder(); final StringBuilder providerUrls = new StringBuilder();
String delim = ""; String delim = "";
@ -270,20 +270,20 @@ public class LdapConfiguration implements Configurable{
return ldapSearchGroupPrinciple.valueIn(domainId); return ldapSearchGroupPrinciple.valueIn(domainId);
} }
public boolean getSSLStatus() { public boolean getSSLStatus(Long domainId) {
boolean sslStatus = false; boolean sslStatus = false;
if (getTrustStore() != null && getTrustStorePassword() != null) { if (getTrustStore(domainId) != null && getTrustStorePassword(domainId) != null) {
sslStatus = true; sslStatus = true;
} }
return sslStatus; return sslStatus;
} }
public String getTrustStore() { public String getTrustStore(Long domainId) {
return ldapTrustStore.value(); return ldapTrustStore.valueIn(domainId);
} }
public String getTrustStorePassword() { public String getTrustStorePassword(Long domainId) {
return ldapTrustStorePassword.value(); return ldapTrustStorePassword.valueIn(domainId);
} }
public String getUsernameAttribute(final Long domainId) { public String getUsernameAttribute(final Long domainId) {

10
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
View File

@ -66,14 +66,14 @@ public class LdapContextFactory {
return createInitialDirContext(principal, password, false, domainId); return createInitialDirContext(principal, password, false, domainId);
} }
private void enableSSL(final Hashtable<String, String> environment) { private void enableSSL(final Hashtable<String, String> environment, Long domainId) {
final boolean sslStatus = _ldapConfiguration.getSSLStatus(); final boolean sslStatus = _ldapConfiguration.getSSLStatus(domainId);
if (sslStatus) { if (sslStatus) {
s_logger.info("LDAP SSL enabled."); s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl"); environment.put(Context.SECURITY_PROTOCOL, "ssl");
System.setProperty("javax.net.ssl.trustStore", _ldapConfiguration.getTrustStore()); System.setProperty("javax.net.ssl.trustStore", _ldapConfiguration.getTrustStore(domainId));
System.setProperty("javax.net.ssl.trustStorePassword", _ldapConfiguration.getTrustStorePassword()); System.setProperty("javax.net.ssl.trustStorePassword", _ldapConfiguration.getTrustStorePassword(domainId));
} }
} }
@ -92,7 +92,7 @@ public class LdapContextFactory {
environment.put("com.sun.jndi.ldap.read.timeout", _ldapConfiguration.getReadTimeout(domainId).toString()); environment.put("com.sun.jndi.ldap.read.timeout", _ldapConfiguration.getReadTimeout(domainId).toString());
environment.put("com.sun.jndi.ldap.connect.pool", "true"); environment.put("com.sun.jndi.ldap.connect.pool", "true");
enableSSL(environment); enableSSL(environment, domainId);
setAuthentication(environment, isSystemContext, domainId); setAuthentication(environment, isSystemContext, domainId);
if (principal != null) { if (principal != null) {

6
plugins/user-authenticators/ldap/src/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
View File

@ -49,9 +49,9 @@ class LdapContextFactorySpec extends spock.lang.Specification {
ldapConfiguration.getFirstnameAttribute() >> "givenname" ldapConfiguration.getFirstnameAttribute() >> "givenname"
ldapConfiguration.getLastnameAttribute() >> "sn" ldapConfiguration.getLastnameAttribute() >> "sn"
ldapConfiguration.getBaseDn(_) >> "dc=cloudstack,dc=org" ldapConfiguration.getBaseDn(_) >> "dc=cloudstack,dc=org"
ldapConfiguration.getSSLStatus() >> true ldapConfiguration.getSSLStatus(domainId) >> true
ldapConfiguration.getTrustStore() >> "/tmp/ldap.ts" ldapConfiguration.getTrustStore(domainId) >> "/tmp/ldap.ts"
ldapConfiguration.getTrustStorePassword() >> "password" ldapConfiguration.getTrustStorePassword(domainId) >> "password"
ldapConfiguration.getReadTimeout(_) >> 1000 ldapConfiguration.getReadTimeout(_) >> 1000
ldapConfiguration.getLdapPageSize() >> 1 ldapConfiguration.getLdapPageSize() >> 1

4
plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/LdapConfigurationTest.java
View File

@ -78,7 +78,7 @@ public class LdapConfigurationTest {
ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStore", "/tmp/ldap.ts"); ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStore", "/tmp/ldap.ts");
ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStorePassword", "password"); ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStorePassword", "password");
assertTrue("A request is made to get the status of SSL should result in true", ldapConfiguration.getSSLStatus()); assertTrue("A request is made to get the status of SSL should result in true", ldapConfiguration.getSSLStatus(null));
} }
@Test public void getSearchGroupPrincipleReturnsSuccessfully() throws Exception { @Test public void getSearchGroupPrincipleReturnsSuccessfully() throws Exception {
@ -93,7 +93,7 @@ public class LdapConfigurationTest {
// We have a ConfigDao with a value for truststore password // We have a ConfigDao with a value for truststore password
ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStorePassword", "password"); ldapTestConfigTool.overrideConfigValue(ldapConfiguration, "ldapTrustStorePassword", "password");
String result = ldapConfiguration.getTrustStorePassword(); String result = ldapConfiguration.getTrustStorePassword(null);
assertEquals("The result is password", "password", result); assertEquals("The result is password", "password", result);
} }