You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/01/26 12:03:16 UTC

[cloudstack] branch 4.11 updated: CLOUDSTACK-10239: Fallback to default provider if needed (#2430)

This is an automated email from the ASF dual-hosted git repository.

rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/4.11 by this push:
     new 6aadbc5  CLOUDSTACK-10239: Fallback to default provider if needed (#2430)
6aadbc5 is described below

commit 6aadbc521950964b86d2912c874800cead1b7496
Author: dahn <da...@gmail.com>
AuthorDate: Fri Jan 26 12:03:11 2018 +0000

    CLOUDSTACK-10239: Fallback to default provider if needed (#2430)
    
    Fallback to default provider if needed.
---
 .../apache/cloudstack/api/command/LinkDomainToLdapCmd.java    |  4 ++--
 .../src/org/apache/cloudstack/ldap/LdapContextFactory.java    | 11 +++++++----
 .../ldap/src/org/apache/cloudstack/ldap/LdapManager.java      |  1 -
 .../ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java  |  7 ++++---
 .../cloudstack/api/command/LdapCreateAccountCmdTest.java      |  4 ++--
 5 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
index 0014095..a64193a 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
@@ -54,11 +54,11 @@ public class LinkDomainToLdapCmd extends BaseCmd {
     @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, required = true, description = "type of the ldap name. GROUP or OU")
     private String type;
 
-    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP")
+    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
     private String ldapDomain;
 
     @Deprecated
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP")
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
     private String name;
 
     @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
index b141f05..70f7a56 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
@@ -25,6 +25,7 @@ import javax.naming.NamingException;
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 public class LdapContextFactory {
@@ -40,12 +41,10 @@ public class LdapContextFactory {
         _ldapConfiguration = ldapConfiguration;
     }
 
-    // TODO add optional domain (optional only for backwards compatibility)
     public LdapContext createBindContext(Long domainId) throws NamingException, IOException {
         return createBindContext(null, domainId);
     }
 
-    // TODO add optional domain (optional only for backwards compatibility)
     public LdapContext createBindContext(final String providerUrl, Long domainId) throws NamingException, IOException {
         final String bindPrincipal = _ldapConfiguration.getBindPrincipal(domainId);
         final String bindPassword = _ldapConfiguration.getBindPassword(domainId);
@@ -80,9 +79,13 @@ public class LdapContextFactory {
 
     private Hashtable<String, String> getEnvironment(final String principal, final String password, final String providerUrl, final boolean isSystemContext, Long domainId) {
         final String factory = _ldapConfiguration.getFactory();
-        final String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl;
+        String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl;
+        if (StringUtils.isEmpty(url) && domainId != null) {
+            //try a default ldap implementation
+            url = _ldapConfiguration.getProviderUrl(null);
+        }
 
-        final Hashtable<String, String> environment = new Hashtable<String, String>();
+        final Hashtable<String, String> environment = new Hashtable<>();
 
         environment.put(Context.INITIAL_CONTEXT_FACTORY, factory);
         environment.put(Context.PROVIDER_URL, url);
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
index 002242c..2dceae1 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
@@ -52,7 +52,6 @@ public interface LdapManager extends PluggableService {
     @Deprecated
     LdapConfigurationResponse deleteConfiguration(String hostname, int port, Long domainId) throws InvalidParameterValueException;
 
-    // TODO username is only unique withing domain scope (add domain id to call)
     LdapUser getUser(final String username, Long domainId) throws NoLdapUserMatchingQueryException;
 
     LdapUser getUser(String username, String type, String name, Long domainId) throws NoLdapUserMatchingQueryException;
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
index b82231c..547c10b 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -313,7 +313,7 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
 
     @Override
     public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) {
-        Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not configure an ldap server and an ldap group/ou to a domain");
+        Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not link a domain unless a basedn is configured for it.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
         return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),cmd.getLdapDomain(),cmd.getAccountType());
     }
@@ -356,8 +356,9 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
         return _ldapTrustMapDao.findGroupInDomain(domainId, group);
     }
 
-    @Override public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
-        Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not configure an ldap server and an ldap group/ou to a domain");
+    @Override
+    public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
+        Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured");
         Validate.notNull(cmd.getDomainId(), "domainId cannot be null.");
         Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
diff --git a/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java b/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java
index a4eccbf..55d7f62 100644
--- a/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java
+++ b/plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java
@@ -62,10 +62,10 @@ public class LdapCreateAccountCmdTest implements LdapConfigurationChanger {
     }
 
     @Test(expected = ServerApiException.class)
-    public void failedCreationDueToANullResponseFromCloudstackAccountCreater() throws Exception {
+    public void failedCreationDueToANullResponseFromCloudstackAccountCreator() throws Exception {
         // We have an LdapManager, AccountService and LdapCreateAccountCmd
         LdapUser mrMurphy = new LdapUser("rmurphy", "rmurphy@cloudstack.org", "Ryan", "Murphy", "cn=rmurphy,ou=engineering,dc=cloudstack,dc=org", "engineering", false, null);
-        when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy);
+        when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy).thenReturn(mrMurphy);
         ldapCreateAccountCmd.execute();
         fail("An exception should have been thrown: " + ServerApiException.class);
     }

-- 
To stop receiving notification emails like this one, please contact
rohit@apache.org.