cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From seb...@apache.org
Subject [3/3] git commit: updated refs/heads/ldapplugin to a90affe
Date Thu, 11 Jul 2013 14:04:35 GMT
Add LDAP Plugin Implementation


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a90affe4
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a90affe4
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a90affe4

Branch: refs/heads/ldapplugin
Commit: a90affe4b34e9c2307b72f2ba6767cb93a617085
Parents: 92884d1
Author: Ian Duffy <ian@ianduffy.ie>
Authored: Thu Jul 11 14:29:10 2013 +0100
Committer: Sebastien Goasguen <runseb@gmail.com>
Committed: Thu Jul 11 10:04:16 2013 -0400

----------------------------------------------------------------------
 .../configuration/ConfigurationService.java     |   8 -
 .../org/apache/cloudstack/api/ApiConstants.java |  11 -
 .../cloudstack/api/ResponseGenerator.java       |   3 -
 .../api/command/admin/ldap/LDAPConfigCmd.java   | 205 ------
 .../api/command/admin/ldap/LDAPRemoveCmd.java   |  71 ---
 .../api/response/LDAPConfigResponse.java        | 105 ----
 .../api/response/LDAPRemoveResponse.java        |  26 -
 client/tomcatconf/applicationContext.xml.in     |   7 +-
 client/tomcatconf/commands.properties.in        |   9 +-
 client/tomcatconf/componentContext.xml.in       |   4 +-
 client/tomcatconf/nonossComponentContext.xml.in |   4 +-
 .../tomcatconf/simulatorComponentContext.xml.in |   4 +-
 .../ratelimit/ApiRateLimitServiceImpl.java      |   1 -
 plugins/user-authenticators/ldap/pom.xml        | 149 ++++-
 .../server/auth/LDAPUserAuthenticator.java      | 173 -----
 .../api/command/LdapAddConfigurationCmd.java    |  84 +++
 .../api/command/LdapDeleteConfigurationCmd.java |  74 +++
 .../api/command/LdapListAllUsersCmd.java        |  73 +++
 .../api/command/LdapListConfigurationCmd.java   |  96 +++
 .../api/command/LdapUserSearchCmd.java          |  86 +++
 .../api/response/LdapConfigurationResponse.java |  46 ++
 .../api/response/LdapUserResponse.java          |  68 ++
 .../cloudstack/ldap/LdapAuthenticator.java      |  53 ++
 .../cloudstack/ldap/LdapConfiguration.java      | 102 +++
 .../cloudstack/ldap/LdapConfigurationVO.java    |  58 ++
 .../cloudstack/ldap/LdapContextFactory.java     |  89 +++
 .../org/apache/cloudstack/ldap/LdapManager.java |  30 +
 .../apache/cloudstack/ldap/LdapManagerImpl.java | 185 ++++++
 .../org/apache/cloudstack/ldap/LdapUser.java    |  53 ++
 .../apache/cloudstack/ldap/LdapUserManager.java |  81 +++
 .../org/apache/cloudstack/ldap/LdapUtils.java   |  46 ++
 .../ldap/NoLdapUserMatchingQueryException.java  |  16 +
 .../ldap/NoSuchLdapUserException.java           |  15 +
 .../ldap/dao/LdapConfigurationDao.java          |  14 +
 .../ldap/dao/LdapConfigurationDaoImpl.java      |  50 ++
 .../ldap/BasicNamingEnumerationImpl.groovy      |  40 ++
 .../ldap/LdapAddConfigurationCmdSpec.groovy     |  73 +++
 .../ldap/LdapAuthenticatorSpec.groovy           |  74 +++
 .../ldap/LdapConfigurationDaoImplSpec.groovy    |  13 +
 .../ldap/LdapConfigurationResponseSpec.groovy   |  33 +
 .../ldap/LdapConfigurationSpec.groovy           | 167 +++++
 .../cloudstack/ldap/LdapConfigurationVO.groovy  |  36 ++
 .../ldap/LdapContextFactorySpec.groovy          | 117 ++++
 .../ldap/LdapDeleteConfigurationCmdSpec.groovy  |  62 ++
 .../ldap/LdapListAllUsersCmdSpec.groovy         |  56 ++
 .../ldap/LdapListConfigurationCmdSpec.groovy    |  85 +++
 .../cloudstack/ldap/LdapManagerImplSpec.groovy  | 301 +++++++++
 .../ldap/LdapSearchUserCmdSpec.groovy           |  66 ++
 .../cloudstack/ldap/LdapUserManagerSpec.groovy  | 179 ++++++
 .../cloudstack/ldap/LdapUserResponseSpec.groovy |  42 ++
 .../apache/cloudstack/ldap/LdapUserSpec.groovy  |  54 ++
 .../apache/cloudstack/ldap/LdapUtilsSpec.groovy |  52 ++
 .../NoLdapUserMatchingQueryExceptionSpec.groovy |  14 +
 .../ldap/NoSuchLdapUserExceptionSpec.groovy     |  14 +
 server/src/com/cloud/api/ApiResponseHelper.java |  15 -
 server/src/com/cloud/configuration/Config.java  |  13 +-
 .../configuration/ConfigurationManagerImpl.java | 172 -----
 .../com/cloud/server/ManagementServerImpl.java  |   4 -
 .../cloud/vpc/MockConfigurationManagerImpl.java |  31 -
 setup/db/db/schema-410to420.sql                 |  15 +
 tools/apidoc/gen_toc.py                         |   2 +-
 ui/scripts/globalSettings.js                    | 625 +++++++++----------
 62 files changed, 3265 insertions(+), 1189 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/com/cloud/configuration/ConfigurationService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/configuration/ConfigurationService.java b/api/src/com/cloud/configuration/ConfigurationService.java
index 381fcad..cc6e47f 100644
--- a/api/src/com/cloud/configuration/ConfigurationService.java
+++ b/api/src/com/cloud/configuration/ConfigurationService.java
@@ -26,8 +26,6 @@ import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.exception.ResourceAllocationException;
 import org.apache.cloudstack.api.command.admin.config.UpdateCfgCmd;
-import org.apache.cloudstack.api.command.admin.ldap.LDAPConfigCmd;
-import org.apache.cloudstack.api.command.admin.ldap.LDAPRemoveCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdateNetworkOfferingCmd;
@@ -272,12 +270,6 @@ public interface ConfigurationService {
 
     DiskOffering getDiskOffering(long diskOfferingId);
 
-    boolean updateLDAP(LDAPConfigCmd cmd) throws NamingException;
-
-	boolean removeLDAP(LDAPRemoveCmd cmd);
-
-    LDAPConfigCmd listLDAPConfig(LDAPConfigCmd cmd);
-
     /**
      * @param offering
      * @return

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index e2857b8..93fbff3 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -527,15 +527,4 @@ public class ApiConstants {
     public enum VMDetails {
         all, group, nics, stats, secgrp, tmpl, servoff, iso, volume, min, affgrp;
     }
-
-    public enum LDAPParams {
-        hostname, port, usessl, queryfilter, searchbase, dn, passwd, truststore, truststorepass;
-
-        @Override
-        public String toString() {
-            return "ldap." + name();
-        }
-    }
-
-
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/ResponseGenerator.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
index d8d07cb..372fc9d 100644
--- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java
+++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
@@ -129,7 +129,6 @@ import org.apache.cloudstack.api.response.IpForwardingRuleResponse;
 import org.apache.cloudstack.api.response.IsolationMethodResponse;
 import org.apache.cloudstack.api.response.LBHealthCheckResponse;
 import org.apache.cloudstack.api.response.LBStickinessResponse;
-import org.apache.cloudstack.api.response.LDAPConfigResponse;
 import org.apache.cloudstack.api.response.LoadBalancerResponse;
 import org.apache.cloudstack.api.response.NetworkACLItemResponse;
 import org.apache.cloudstack.api.response.NetworkACLResponse;
@@ -363,8 +362,6 @@ public interface ResponseGenerator {
 
     VirtualRouterProviderResponse createVirtualRouterProviderResponse(VirtualRouterProvider result);
 
-    LDAPConfigResponse createLDAPConfigResponse(String hostname, Integer port, Boolean useSSL, String queryFilter, String baseSearch, String dn);
-
     StorageNetworkIpRangeResponse createStorageNetworkIpRangeResponse(StorageNetworkIpRange result);
 
     RegionResponse createRegionResponse(Region region);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPConfigCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPConfigCmd.java b/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPConfigCmd.java
deleted file mode 100644
index 38f58ec..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPConfigCmd.java
+++ /dev/null
@@ -1,205 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.ldap;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.naming.NamingException;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.LDAPConfigResponse;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.log4j.Logger;
-
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.user.Account;
-
-@APICommand(name = "ldapConfig", description="Configure the LDAP context for this site.", responseObject=LDAPConfigResponse.class, since="3.0.0")
-public class LDAPConfigCmd extends BaseCmd  {
-    public static final Logger s_logger = Logger.getLogger(LDAPConfigCmd.class.getName());
-
-    private static final String s_name = "ldapconfigresponse";
-
-    /////////////////////////////////////////////////////
-    //////////////// API parameters /////////////////////
-    /////////////////////////////////////////////////////
-    @Parameter(name=ApiConstants.LIST_ALL, type=CommandType.BOOLEAN,  description="If true return current LDAP configuration")
-    private Boolean listAll;
-    
-    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING,  description="Hostname or ip address of the ldap server eg: my.ldap.com")
-    private String hostname;
-
-    @Parameter(name=ApiConstants.PORT, type=CommandType.INTEGER, description="Specify the LDAP port if required, default is 389.")
-    private Integer port=0;
-
-    @Parameter(name=ApiConstants.USE_SSL, type=CommandType.BOOLEAN, description="Check Use SSL if the external LDAP server is configured for LDAP over SSL.")
-    private Boolean useSSL;
-
-    @Parameter(name=ApiConstants.SEARCH_BASE, type=CommandType.STRING,  description="The search base defines the starting point for the search in the directory tree Example:  dc=cloud,dc=com.")
-    private String searchBase;
-
-    @Parameter(name=ApiConstants.QUERY_FILTER, type=CommandType.STRING,  description="You specify a query filter here, which narrows down the users, who can be part of this domain.")
-    private String queryFilter;
-
-    @Parameter(name=ApiConstants.BIND_DN, type=CommandType.STRING, description="Specify the distinguished name of a user with the search permission on the directory.")
-    private String bindDN;
-
-    @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, description="Enter the password.")
-    private String bindPassword;
-
-    @Parameter(name=ApiConstants.TRUST_STORE, type=CommandType.STRING, description="Enter the path to trust certificates store.")
-    private String trustStore;
-
-    @Parameter(name=ApiConstants.TRUST_STORE_PASSWORD, type=CommandType.STRING, description="Enter the password for trust store.")
-    private String trustStorePassword;
-
-    /////////////////////////////////////////////////////
-    /////////////////// Accessors ///////////////////////
-    /////////////////////////////////////////////////////
-
-    public Boolean getListAll() {
-    	return listAll == null ? Boolean.FALSE : listAll;
-    }
-    
-    public String getBindPassword() {
-        return bindPassword;
-    }
-
-    public String getBindDN() {
-        return bindDN;
-    }
-
-    public void setBindDN(String bdn) {
-        this.bindDN=bdn;
-    }
-
-    public String getQueryFilter() {
-        return queryFilter;
-    }
-
-    public void setQueryFilter(String queryFilter) {
-        this.queryFilter=queryFilter;
-    }
-    public String getSearchBase() {
-        return searchBase;
-    }
-
-    public void setSearchBase(String searchBase) {
-        this.searchBase=searchBase;
-    }
-
-    public Boolean getUseSSL() {
-        return useSSL == null ? Boolean.FALSE : useSSL;
-    }
-
-    public void setUseSSL(Boolean useSSL) {
-        this.useSSL=useSSL;
-    }
-
-    public String getHostname() {
-        return hostname;
-    }
-
-    public void setHostname(String hostname) {
-        this.hostname=hostname;
-    }
-
-    public Integer getPort() {
-        return port <= 0 ? 389 : port;
-    }
-
-    public void setPort(Integer port) {
-        this.port=port;
-    }
-
-    public String getTrustStore() {
-        return trustStore;
-    }
-
-    public void setTrustStore(String trustStore) {
-        this.trustStore=trustStore;
-    }
-
-    public String getTrustStorePassword() {
-        return trustStorePassword;
-    }
-
-
-    /////////////////////////////////////////////////////
-    /////////////// API Implementation///////////////////
-    /////////////////////////////////////////////////////
-
-
-    @Override
-    public void execute() throws ResourceUnavailableException,
-            InsufficientCapacityException, ServerApiException,
-            ConcurrentOperationException, ResourceAllocationException {
-          try {
-              if (getListAll()){
-                  // return the existing conf
-                  LDAPConfigCmd cmd = _configService.listLDAPConfig(this);
-                  ListResponse<LDAPConfigResponse> response = new ListResponse<LDAPConfigResponse>();
-                  List<LDAPConfigResponse> responses = new ArrayList<LDAPConfigResponse>();
-
-                  if(!cmd.getHostname().equals("")) {
-                  	responses.add(_responseGenerator.createLDAPConfigResponse(cmd.getHostname(), cmd.getPort(), cmd.getUseSSL(), cmd.getQueryFilter(), cmd.getSearchBase(), cmd.getBindDN()));
-                  }
-                  
-                  response.setResponses(responses);
-                  response.setResponseName(getCommandName());
-                  this.setResponseObject(response);
-              }
-              else if (getHostname()==null || getSearchBase() == null || getQueryFilter() == null) {
-                  throw new InvalidParameterValueException("You need to provide hostname, searchbase and queryfilter to configure your LDAP server");
-              }
-              else {
-                  boolean result = _configService.updateLDAP(this);
-                  if (result){
-                      LDAPConfigResponse lr = _responseGenerator.createLDAPConfigResponse(getHostname(), getPort(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
-                      lr.setResponseName(getCommandName());
-                      this.setResponseObject(lr);
-                  }
-              }
-          }
-          catch (NamingException ne){
-              ne.printStackTrace();
-          }
-
-    }
-
-    @Override
-    public String getCommandName() {
-        return s_name;
-    }
-
-    @Override
-    public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
-    }
-
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPRemoveCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPRemoveCmd.java b/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPRemoveCmd.java
deleted file mode 100644
index 5159fba..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/ldap/LDAPRemoveCmd.java
+++ /dev/null
@@ -1,71 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.ldap;
-
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.response.LDAPConfigResponse;
-import org.apache.cloudstack.api.response.LDAPRemoveResponse;
-import org.apache.log4j.Logger;
-
-import com.cloud.user.Account;
-
-@APICommand(name = "ldapRemove", description="Remove the LDAP context for this site.", responseObject=LDAPConfigResponse.class, since="3.0.1")
-public class LDAPRemoveCmd extends BaseCmd  {
-    public static final Logger s_logger = Logger.getLogger(LDAPRemoveCmd.class.getName());
-
-    private static final String s_name = "ldapremoveresponse";
-
-    /////////////////////////////////////////////////////
-    //////////////// API parameters /////////////////////
-    /////////////////////////////////////////////////////
-
-
-    /////////////////////////////////////////////////////
-    /////////////////// Accessors ///////////////////////
-    /////////////////////////////////////////////////////
-
-
-    /////////////////////////////////////////////////////
-    /////////////// API Implementation///////////////////
-    /////////////////////////////////////////////////////
-
-
-    @Override
-    public void execute(){
-          boolean result = _configService.removeLDAP(this);
-          if (result){
-              LDAPRemoveResponse lr = new LDAPRemoveResponse();
-              lr.setObjectName("ldapremove");
-              lr.setResponseName(getCommandName());
-              this.setResponseObject(lr);
-          }
-    }
-
-    @Override
-    public String getCommandName() {
-        return s_name;
-    }
-
-    @Override
-    public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/response/LDAPConfigResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/LDAPConfigResponse.java b/api/src/org/apache/cloudstack/api/response/LDAPConfigResponse.java
deleted file mode 100644
index bbeec63..0000000
--- a/api/src/org/apache/cloudstack/api/response/LDAPConfigResponse.java
+++ /dev/null
@@ -1,105 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-
-import com.cloud.serializer.Param;
-import com.google.gson.annotations.SerializedName;
-
-public class LDAPConfigResponse  extends BaseResponse {
-
-    @SerializedName(ApiConstants.HOST_NAME) @Param(description="Hostname or ip address of the ldap server eg: my.ldap.com")
-    private String hostname;
-
-    @SerializedName(ApiConstants.PORT) @Param(description="Specify the LDAP port if required, default is 389")
-    private String port;
-
-    @SerializedName(ApiConstants.USE_SSL) @Param(description="Check Use SSL if the external LDAP server is configured for LDAP over SSL")
-    private String useSSL;
-
-    @SerializedName(ApiConstants.SEARCH_BASE) @Param(description="The search base defines the starting point for the search in the directory tree Example:  dc=cloud,dc=com")
-    private String searchBase;
-
-    @SerializedName(ApiConstants.QUERY_FILTER) @Param(description="You specify a query filter here, which narrows down the users, who can be part of this domain")
-    private String queryFilter;
-
-    @SerializedName(ApiConstants.BIND_DN) @Param(description="Specify the distinguished name of a user with the search permission on the directory")
-    private String bindDN;
-
-    @SerializedName(ApiConstants.BIND_PASSWORD) @Param(description="DN password")
-    private String bindPassword;
-
-    public String getHostname() {
-        return hostname;
-    }
-
-    public void setHostname(String hostname) {
-        this.hostname = hostname;
-    }
-
-    public String getPort() {
-        return port;
-    }
-
-    public void setPort(String port) {
-        this.port = port;
-    }
-
-    public String getUseSSL() {
-        return useSSL;
-    }
-
-    public void setUseSSL(String useSSL) {
-        this.useSSL = useSSL;
-    }
-
-    public String getSearchBase() {
-        return searchBase;
-    }
-
-    public void setSearchBase(String searchBase) {
-        this.searchBase = searchBase;
-    }
-
-    public String getQueryFilter() {
-        return queryFilter;
-    }
-
-    public void setQueryFilter(String queryFilter) {
-        this.queryFilter = queryFilter;
-    }
-
-    public String getBindDN() {
-        return bindDN;
-    }
-
-    public void setBindDN(String bindDN) {
-        this.bindDN = bindDN;
-    }
-
-    public String getBindPassword() {
-        return bindPassword;
-    }
-
-    public void setBindPassword(String bindPassword) {
-        this.bindPassword = bindPassword;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/api/src/org/apache/cloudstack/api/response/LDAPRemoveResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/LDAPRemoveResponse.java b/api/src/org/apache/cloudstack/api/response/LDAPRemoveResponse.java
deleted file mode 100644
index 0feec5b..0000000
--- a/api/src/org/apache/cloudstack/api/response/LDAPRemoveResponse.java
+++ /dev/null
@@ -1,26 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import org.apache.cloudstack.api.BaseResponse;
-
-public class LDAPRemoveResponse extends BaseResponse {
-
-    public LDAPRemoveResponse(){
-        super();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/client/tomcatconf/applicationContext.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/applicationContext.xml.in b/client/tomcatconf/applicationContext.xml.in
index 610fdfd..4b6bd34 100644
--- a/client/tomcatconf/applicationContext.xml.in
+++ b/client/tomcatconf/applicationContext.xml.in
@@ -393,7 +393,7 @@
   <bean id="MD5UserAuthenticator" class="com.cloud.server.auth.MD5UserAuthenticator">
     <property name="name" value="MD5"/>
   </bean>
-  <bean id="LDAPUserAuthenticator" class="com.cloud.server.auth.LDAPUserAuthenticator">
+  <bean id="LdapAuthenticator" class="org.apache.cloudstack.ldap.LdapAuthenticator">
     <property name="name" value="LDAP"/>
   </bean>
   <bean id="SHA256SaltedUserAuthenticator" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator">
@@ -402,6 +402,11 @@
   <bean id="PlainTextUserAuthenticator" class="com.cloud.server.auth.PlainTextUserAuthenticator">
     <property name="name" value="PLAINTEXT"/>
   </bean>
+  <bean id="LdapManager" class="org.apache.cloudstack.ldap.LdapManagerImpl" />
+  <bean id="LdapUserManager" class="org.apache.cloudstack.ldap.LdapUserManager" />
+  <bean id="LdapContextFactory" class="org.apache.cloudstack.ldap.LdapContextFactory" />
+  <bean id="LdapConfigurationDao" class="org.apache.cloudstack.ldap.dao.LdapConfigurationDaoImpl" />
+  <bean id="LdapConfiguration" class="org.apache.cloudstack.ldap.LdapConfiguration" />
 
   <!--
       Network Elements

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index f4b41a7..dce938f 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -210,8 +210,6 @@ scaleSystemVm=1
 #### configuration commands
 updateConfiguration=1
 listConfigurations=1
-ldapConfig=1
-ldapRemove=1
 listCapabilities=15
 listDeploymentPlanners=1
 
@@ -668,3 +666,10 @@ listDedicatedZones=1
 listDedicatedPods=1
 listDedicatedClusters=1
 listDedicatedHosts=1
+
+### LDAP
+searchLdap=1
+listLdapConfigurations=1
+addLdapConfiguration=1
+deleteLdapConfiguration=1
+listAllLdapUsers=1

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/client/tomcatconf/componentContext.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/componentContext.xml.in b/client/tomcatconf/componentContext.xml.in
index 1fbec61..39eab5e 100644
--- a/client/tomcatconf/componentContext.xml.in
+++ b/client/tomcatconf/componentContext.xml.in
@@ -127,7 +127,7 @@
       <list>
           <ref bean="SHA256SaltedUserAuthenticator"/>
           <ref bean="MD5UserAuthenticator"/>
-          <ref bean="LDAPUserAuthenticator"/>
+          <ref bean="LdapAuthenticator"/>
           <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>
@@ -137,7 +137,7 @@
       <list>
           <ref bean="SHA256SaltedUserAuthenticator"/>
           <ref bean="MD5UserAuthenticator"/>
-          <ref bean="LDAPUserAuthenticator"/>
+          <ref bean="LdapAuthenticator"/>
           <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/client/tomcatconf/nonossComponentContext.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/nonossComponentContext.xml.in b/client/tomcatconf/nonossComponentContext.xml.in
index ffa6281..8371e37 100644
--- a/client/tomcatconf/nonossComponentContext.xml.in
+++ b/client/tomcatconf/nonossComponentContext.xml.in
@@ -223,7 +223,7 @@
       <list>
           <ref bean="SHA256SaltedUserAuthenticator"/>
           <ref bean="MD5UserAuthenticator"/>
-          <ref bean="LDAPUserAuthenticator"/>
+          <ref bean="LdapAuthenticator"/>
           <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>
@@ -233,7 +233,7 @@
       <list>
           <ref bean="SHA256SaltedUserAuthenticator"/>
           <ref bean="MD5UserAuthenticator"/>
-          <ref bean="LDAPUserAuthenticator"/>
+          <ref bean="LdapAuthenticator"/>
           <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/client/tomcatconf/simulatorComponentContext.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/simulatorComponentContext.xml.in b/client/tomcatconf/simulatorComponentContext.xml.in
index 7225e84..099bdb6 100644
--- a/client/tomcatconf/simulatorComponentContext.xml.in
+++ b/client/tomcatconf/simulatorComponentContext.xml.in
@@ -73,7 +73,7 @@
       <list>
         <ref bean="SHA256SaltedUserAuthenticator"/>
         <ref bean="MD5UserAuthenticator"/>
-        <ref bean="LDAPUserAuthenticator"/>
+        <ref bean="LdapAuthenticator"/>
         <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>
@@ -83,7 +83,7 @@
       <list>
         <ref bean="SHA256SaltedUserAuthenticator"/>
         <ref bean="MD5UserAuthenticator"/>
-        <ref bean="LDAPUserAuthenticator"/>
+        <ref bean="LdapAuthenticator"/>
         <ref bean="PlainTextUserAuthenticator"/>
       </list>
     </property>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
----------------------------------------------------------------------
diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
index 7d1b43a..5566511 100644
--- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
+++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
@@ -29,7 +29,6 @@ import net.sf.ehcache.CacheManager;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.APIChecker;
-import org.apache.cloudstack.api.ApiConstants.LDAPParams;
 import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd;
 import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd;
 import org.apache.cloudstack.api.response.ApiLimitResponse;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index 5c45f11..8ea67fe 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -1,29 +1,126 @@
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+	license agreements. See the NOTICE file distributed with this work for additional 
+	information regarding copyright ownership. The ASF licenses this file to 
+	you under the Apache License, Version 2.0 (the "License"); you may not use 
+	this file except in compliance with the License. You may obtain a copy of 
+	the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+	by applicable law or agreed to in writing, software distributed under the 
+	License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+	OF ANY KIND, either express or implied. See the License for the specific 
+	language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<artifactId>cloud-plugin-user-authenticator-ldap</artifactId>
+	<name>Apache CloudStack Plugin - User Authenticator LDAP</name>
+	<parent>
+		<groupId>org.apache.cloudstack</groupId>
+		<artifactId>cloudstack-plugins</artifactId>
+		<version>4.2.0-SNAPSHOT</version>
+		<relativePath>../../pom.xml</relativePath>
+	</parent>
 
-  http://www.apache.org/licenses/LICENSE-2.0
+	<build>
+		<plugins>
+			<!-- Mandatory plugins for using Spock -->
+			<plugin>
+				<groupId>org.codehaus.gmaven</groupId>
+				<artifactId>gmaven-plugin</artifactId>
+				<version>1.3</version>
+				<configuration>
+					<providerSelection>1.7</providerSelection>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<goal>compile</goal>
+							<goal>testCompile</goal>
+						</goals>
+						<configuration>
+							<sources>
+								<fileset>
+									<directory>test/groovy</directory>
+									<includes>
+										<include>**/*.groovy</include>
+									</includes>
+								</fileset>
+							</sources>
+						</configuration>
+					</execution>
+				</executions>
+				<dependencies>
+					<dependency>
+						<groupId>org.codehaus.gmaven.runtime</groupId>
+						<artifactId>gmaven-runtime-1.7</artifactId>
+						<version>1.3</version>
+						<exclusions>
+							<exclusion>
+								<groupId>org.codehaus.groovy</groupId>
+								<artifactId>groovy-all</artifactId>
+							</exclusion>
+						</exclusions>
+					</dependency>
+					<dependency>
+						<groupId>org.codehaus.groovy</groupId>
+						<artifactId>groovy-all</artifactId>
+						<version>2.0.5</version>
+					</dependency>
+				</dependencies>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<includes>
+						<include>**/*Spec*</include>
+					</includes>
+				</configuration>
+			</plugin>
+		</plugins>
+		<pluginManagement>
+		  <plugins>
+		    <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
+		    <plugin>
+		      <groupId>org.eclipse.m2e</groupId>
+		      <artifactId>lifecycle-mapping</artifactId>
+		      <version>1.0.0</version>
+		      <configuration>
+		        <lifecycleMappingMetadata>
+		          <pluginExecutions>
+		            <pluginExecution>
+		              <pluginExecutionFilter>
+		                <groupId>org.codehaus.gmaven</groupId>
+		                <artifactId>gmaven-plugin</artifactId>
+		                <versionRange>[1.3,)</versionRange>
+		                <goals>
+		                  <goal>testCompile</goal>
+		                </goals>
+		              </pluginExecutionFilter>
+		              <action>
+		                <ignore></ignore>
+		              </action>
+		            </pluginExecution>
+		          </pluginExecutions>
+		        </lifecycleMappingMetadata>
+		      </configuration>
+		    </plugin>
+		  </plugins>
+		</pluginManagement>
+	</build>
 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <artifactId>cloud-plugin-user-authenticator-ldap</artifactId>
-  <name>Apache CloudStack Plugin - User Authenticator LDAP</name>
-  <parent>
-    <groupId>org.apache.cloudstack</groupId>
-    <artifactId>cloudstack-plugins</artifactId>
-    <version>4.2.0-SNAPSHOT</version>
-    <relativePath>../../pom.xml</relativePath>
-  </parent>
+	<dependencies>
+		<!-- Mandatory dependencies for using Spock -->
+		<dependency>
+			<groupId>org.spockframework</groupId>
+			<artifactId>spock-core</artifactId>
+			<version>0.7-groovy-2.0</version>
+		</dependency>
+
+		<!-- Optional dependencies for using Spock -->
+		<dependency> <!-- enables mocking of classes (in addition to interfaces) -->
+			<groupId>cglib</groupId>
+			<artifactId>cglib-nodep</artifactId>
+			<version>2.2</version>
+		</dependency>
+	</dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java b/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java
deleted file mode 100644
index d928a5b..0000000
--- a/plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java
+++ /dev/null
@@ -1,173 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements.  See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License.  You may obtain a copy of the License at
-//
-//    http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-package com.cloud.server.auth;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Hashtable;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-
-import org.apache.cloudstack.api.ApiConstants.LDAPParams;
-import org.apache.log4j.Logger;
-import org.bouncycastle.util.encoders.Base64;
-
-import com.cloud.configuration.dao.ConfigurationDao;
-import com.cloud.user.UserAccount;
-import com.cloud.user.dao.UserAccountDao;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-@Local(value={UserAuthenticator.class})
-public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
-    public static final Logger s_logger = Logger.getLogger(LDAPUserAuthenticator.class);
-
-    @Inject private ConfigurationDao _configDao;
-    @Inject private UserAccountDao _userAccountDao;
-
-    @Override
-    public boolean authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters ) {
-        if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Retrieving user: " + username);
-        }
-        UserAccount user = _userAccountDao.getUserAccount(username, domainId);
-        if (user == null) {
-            s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
-            return false;
-        }
-
-        String url = _configDao.getValue(LDAPParams.hostname.toString());
-        if (url==null){
-            s_logger.debug("LDAP authenticator is not configured.");
-            return false;
-        }
-        String port = _configDao.getValue(LDAPParams.port.toString());
-        String queryFilter = _configDao.getValue(LDAPParams.queryfilter.toString());
-        String searchBase = _configDao.getValue(LDAPParams.searchbase.toString());
-        Boolean useSSL = Boolean.valueOf(_configDao.getValue(LDAPParams.usessl.toString()));
-        String bindDN = _configDao.getValue(LDAPParams.dn.toString());
-        String bindPasswd = _configDao.getValue(LDAPParams.passwd.toString());
-        String trustStore = _configDao.getValue(LDAPParams.truststore.toString());
-        String trustStorePassword = _configDao.getValue(LDAPParams.truststorepass.toString());
-
-        try {
-            // get all params
-            Hashtable<String, String> env = new Hashtable<String, String>(11);
-            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
-            String protocol = "ldap://" ;
-            if (useSSL){
-                env.put(Context.SECURITY_PROTOCOL, "ssl");
-                protocol="ldaps://" ;
-                System.setProperty("javax.net.ssl.trustStore", trustStore);
-                System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
-            }
-            env.put(Context.PROVIDER_URL, protocol + url  + ":" + port);
-
-            if (bindDN != null && bindPasswd != null){
-                env.put(Context.SECURITY_PRINCIPAL, bindDN);
-                env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
-            }
-            else {
-                // Use anonymous authentication
-                env.put(Context.SECURITY_AUTHENTICATION, "none");
-            }
-            // Create the initial context
-            DirContext ctx = new InitialDirContext(env);
-            // use this context to search
-
-            // substitute the queryFilter with this user info
-            queryFilter = queryFilter.replaceAll("\\%u", username);
-            queryFilter = queryFilter.replaceAll("\\%n", user.getFirstname() + " " + user.getLastname());
-            queryFilter = queryFilter.replaceAll("\\%e", user.getEmail());
-
-
-            SearchControls sc = new SearchControls();
-            String[] searchFilter = { "dn" };
-            sc.setReturningAttributes(new String[0]); //return no attributes
-            sc.setReturningAttributes(searchFilter);
-            sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            sc.setCountLimit(1);
-
-            // Search for objects with those matching attributes
-            NamingEnumeration<SearchResult> answer = ctx.search(searchBase, queryFilter,  sc);
-            SearchResult sr = answer.next();
-            String cn = sr.getName();
-            answer.close();
-            ctx.close();
-
-            s_logger.info("DN from LDAP =" + cn);
-
-            // check the password
-            env = new Hashtable<String, String>(11);
-            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
-            protocol = "ldap://" ;
-            if (useSSL){
-                env.put(Context.SECURITY_PROTOCOL, "ssl");
-                protocol="ldaps://" ;
-            }
-            env.put(Context.PROVIDER_URL, protocol + url  + ":" + port);
-            env.put(Context.SECURITY_PRINCIPAL, cn + "," + searchBase);
-            env.put(Context.SECURITY_CREDENTIALS, password);
-            // Create the initial context
-            ctx = new InitialDirContext(env);
-            ctx.close();
-
-        } catch (NamingException ne) {
-            s_logger.warn("Authentication Failed ! " + ne.getMessage() + (ne.getCause() != null ? ("; Caused by:" + ne.getCause().getMessage()) : ""));
-            return false;
-        }
-        catch (Exception e){
-            e.printStackTrace();
-            s_logger.warn("Unknown error encountered " + e.getMessage());
-            return false;
-        }
-
-        // authenticate
-        return true;
-    }
-
-    @Override
-    public boolean configure(String name, Map<String, Object> params)
-            throws ConfigurationException {
-        if (name == null) {
-            name = "LDAP";
-        }
-	super.configure(name, params);
-        return true;
-    }
-
-    @Override
-    public String encode(String password) {
-        // Password is not used, so set to a random string
-        try {
-            SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
-            byte bytes[] = new byte[20];
-            randomGen.nextBytes(bytes);
-            return Base64.encode(bytes).toString();
-        } catch (NoSuchAlgorithmException e) {
-            throw new CloudRuntimeException("Failed to generate random password",e);
-        }	
-    }
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java
new file mode 100644
index 0000000..62736b1
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java
@@ -0,0 +1,84 @@
+package org.apache.cloudstack.api.command;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LdapConfigurationResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+
+@APICommand(name = "addLdapConfiguration", description = "Add a new Ldap Configuration", responseObject = LdapConfigurationResponse.class, since = "4.2.0")
+public class LdapAddConfigurationCmd extends BaseCmd {
+    public static final Logger s_logger = Logger.getLogger(LdapAddConfigurationCmd.class.getName());
+    private static final String s_name = "ldapconfigurationresponse";
+
+    @Inject
+    private LdapManager _ldapManager;
+
+    @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname")
+    private String hostname;
+
+    @Parameter(name = "port", type = CommandType.INTEGER, required = true, description = "Port")
+    private int port;
+
+    public LdapAddConfigurationCmd() {
+        super();
+    }
+
+    public LdapAddConfigurationCmd(final LdapManager ldapManager) {
+        super();
+        _ldapManager = ldapManager;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException,
+            ConcurrentOperationException, ResourceAllocationException {
+        try {
+            final LdapConfigurationResponse response = _ldapManager.addConfiguration(getHostname(), getPort());
+            response.setObjectName("LdapAddConfiguration");
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (final InvalidParameterValueException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
+        }
+
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return 0;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setHostname(final String hostname) {
+        this.hostname = hostname;
+    }
+
+    public void setPort(final int port) {
+        this.port = port;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java
new file mode 100644
index 0000000..364b260
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java
@@ -0,0 +1,74 @@
+package org.apache.cloudstack.api.command;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LdapConfigurationResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+
+@APICommand(name = "deleteLdapConfiguration", description = "Remove an Ldap Configuration", responseObject = LdapConfigurationResponse.class, since = "4.2.0")
+public class LdapDeleteConfigurationCmd extends BaseCmd {
+    public static final Logger s_logger = Logger.getLogger(LdapDeleteConfigurationCmd.class.getName());
+    private static final String s_name = "ldapconfigurationresponse";
+
+    @Inject
+    private LdapManager _ldapManager;
+
+    @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname")
+    private String hostname;
+
+    public LdapDeleteConfigurationCmd() {
+        super();
+    }
+
+    public LdapDeleteConfigurationCmd(final LdapManager ldapManager) {
+        super();
+        _ldapManager = ldapManager;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException,
+            ConcurrentOperationException, ResourceAllocationException {
+
+        try {
+            final LdapConfigurationResponse response = _ldapManager.deleteConfiguration(getHostname());
+            response.setObjectName("LdapDeleteConfiguration");
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (final InvalidParameterValueException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
+        }
+
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return 0;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public void setHostname(final String hostname) {
+        this.hostname = hostname;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
new file mode 100644
index 0000000..f261f74
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
@@ -0,0 +1,73 @@
+package org.apache.cloudstack.api.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LdapUserResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+
+@APICommand(name = "listAllLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0")
+public class LdapListAllUsersCmd extends BaseListCmd {
+
+    public static final Logger s_logger = Logger.getLogger(LdapListAllUsersCmd.class.getName());
+    private static final String s_name = "ldapuserresponse";
+    @Inject
+    private LdapManager _ldapManager;
+
+    public LdapListAllUsersCmd() {
+        super();
+    }
+
+    public LdapListAllUsersCmd(final LdapManager ldapManager) {
+        super();
+        _ldapManager = ldapManager;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException,
+            ConcurrentOperationException, ResourceAllocationException {
+        try {
+            final List<LdapUser> users = _ldapManager.getUsers();
+            final ListResponse<LdapUserResponse> response = new ListResponse<LdapUserResponse>();
+            final List<LdapUserResponse> ldapResponses = new ArrayList<LdapUserResponse>();
+
+            for (final LdapUser user : users) {
+                final LdapUserResponse ldapResponse = _ldapManager.createLdapUserResponse(user);
+                ldapResponse.setObjectName("LdapUser");
+                ldapResponses.add(ldapResponse);
+            }
+
+            response.setResponses(ldapResponses);
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (final NoLdapUserMatchingQueryException ex) {
+            throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return 0;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java
new file mode 100644
index 0000000..d3239e6
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java
@@ -0,0 +1,96 @@
+package org.apache.cloudstack.api.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LdapConfigurationResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.ldap.LdapConfigurationVO;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.utils.Pair;
+
+@APICommand(name = "listLdapConfigurations", responseObject = LdapConfigurationResponse.class, description = "Lists all LDAP configurations", since = "4.2.0")
+public class LdapListConfigurationCmd extends BaseListCmd {
+    public static final Logger s_logger = Logger.getLogger(LdapListConfigurationCmd.class.getName());
+
+    private static final String s_name = "ldapconfigurationresponse";
+
+    @Inject
+    private LdapManager _ldapManager;
+
+    @Parameter(name = "hostname", type = CommandType.STRING, required = false, description = "Hostname")
+    private String hostname;
+
+    @Parameter(name = "port", type = CommandType.INTEGER, required = false, description = "Port")
+    private int port;
+
+    public LdapListConfigurationCmd() {
+        super();
+    }
+
+    public LdapListConfigurationCmd(final LdapManager ldapManager) {
+        super();
+        _ldapManager = ldapManager;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException,
+            ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        final Pair<List<? extends LdapConfigurationVO>, Integer> result = _ldapManager.listConfigurations(this);
+        if (result.second() > 0) {
+            final ListResponse<LdapConfigurationResponse> response = new ListResponse<LdapConfigurationResponse>();
+            final List<LdapConfigurationResponse> responses = new ArrayList<LdapConfigurationResponse>();
+            for (final LdapConfigurationVO resource : result.first()) {
+                final LdapConfigurationResponse configurationResponse = _ldapManager.createLdapConfigurationResponse(resource);
+                configurationResponse.setObjectName("LdapConfiguration");
+                responses.add(configurationResponse);
+            }
+            response.setResponses(responses, result.second());
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to find any LDAP Configurations");
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return 0;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setHostname(final String hostname) {
+        this.hostname = hostname;
+    }
+
+    public void setPort(final int port) {
+        this.port = port;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java
new file mode 100644
index 0000000..a8d3308
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java
@@ -0,0 +1,86 @@
+package org.apache.cloudstack.api.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LdapUserResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+
+@APICommand(name = "searchLdap", responseObject = LdapUserResponse.class, description = "Searches LDAP based on the username attribute", since = "4.2.0")
+public class LdapUserSearchCmd extends BaseListCmd {
+
+    public static final Logger s_logger = Logger.getLogger(LdapUserSearchCmd.class.getName());
+    private static final String s_name = "ldapuserresponse";
+    @Inject
+    private LdapManager _ldapManager;
+
+    @Parameter(name = "query", type = CommandType.STRING, entityType = LdapUserResponse.class, required = true, description = "query to search using")
+    private String query;
+
+    public LdapUserSearchCmd() {
+        super();
+    }
+
+    public LdapUserSearchCmd(final LdapManager ldapManager) {
+        super();
+        _ldapManager = ldapManager;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException,
+            ConcurrentOperationException, ResourceAllocationException {
+        try {
+            final List<LdapUser> users = _ldapManager.searchUsers(getQuery());
+
+            final ListResponse<LdapUserResponse> response = new ListResponse<LdapUserResponse>();
+            final List<LdapUserResponse> ldapUserResponses = new ArrayList<LdapUserResponse>();
+
+            for (final LdapUser user : users) {
+                final LdapUserResponse ldapUserResponse = _ldapManager.createLdapUserResponse(user);
+                ldapUserResponse.setObjectName("LdapUser");
+                ldapUserResponses.add(ldapUserResponse);
+            }
+
+            response.setResponses(ldapUserResponses);
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (final NoLdapUserMatchingQueryException e) {
+            throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, e.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return 0;
+    }
+
+    public String getQuery() {
+        return query;
+    }
+
+    public void setQuery(final String query) {
+        this.query = query;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
new file mode 100644
index 0000000..12c6ed9
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
@@ -0,0 +1,46 @@
+package org.apache.cloudstack.api.response;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.BaseResponse;
+
+import com.cloud.serializer.Param;
+
+public class LdapConfigurationResponse extends BaseResponse {
+    @SerializedName("hostname")
+    @Param(description = "hostname")
+    private String hostname;
+
+    @SerializedName("port")
+    @Param(description = "port")
+    private int port;
+
+    public LdapConfigurationResponse() {
+        super();
+    }
+
+    public LdapConfigurationResponse(final String hostname) {
+        this.hostname = hostname;
+    }
+
+    public LdapConfigurationResponse(final String hostname, final int port) {
+        this.hostname = hostname;
+        this.port = port;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setHostname(final String hostname) {
+        this.hostname = hostname;
+    }
+
+    public void setPort(final int port) {
+        this.port = port;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java
new file mode 100644
index 0000000..24d8b4d
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java
@@ -0,0 +1,68 @@
+package org.apache.cloudstack.api.response;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.api.BaseResponse;
+
+import com.cloud.serializer.Param;
+
+public class LdapUserResponse extends BaseResponse {
+    @SerializedName("email")
+    @Param(description = "The user's email")
+    private String email;
+
+    @SerializedName("principal")
+    @Param(description = "The user's principle")
+    private String principal;
+
+    @SerializedName("realname")
+    @Param(description = "The user's realname")
+    private String realname;
+
+    @SerializedName("username")
+    @Param(description = "The user's username")
+    private String username;
+
+    public LdapUserResponse() {
+        super();
+    }
+
+    public LdapUserResponse(final String username, final String email, final String realname, final String principal) {
+        this.username = username;
+        this.email = email;
+        this.realname = realname;
+        this.principal = principal;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getPrincipal() {
+        return principal;
+    }
+
+    public String getRealname() {
+        return realname;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setEmail(final String email) {
+        this.email = email;
+    }
+
+    public void setPrincipal(final String principal) {
+        this.principal = principal;
+    }
+
+    public void setRealname(final String realname) {
+        this.realname = realname;
+    }
+
+    public void setUsername(final String username) {
+        this.username = username;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
new file mode 100644
index 0000000..74a15b6
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
@@ -0,0 +1,53 @@
+package org.apache.cloudstack.ldap;
+
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
+
+import com.cloud.server.auth.DefaultUserAuthenticator;
+import com.cloud.user.UserAccount;
+import com.cloud.user.dao.UserAccountDao;
+
+public class LdapAuthenticator extends DefaultUserAuthenticator {
+    private static final Logger s_logger = Logger.getLogger(LdapAuthenticator.class.getName());
+
+    @Inject
+    private LdapManager _ldapManager;
+    @Inject
+    private UserAccountDao _userAccountDao;
+
+    public LdapAuthenticator() {
+        super();
+    }
+
+    public LdapAuthenticator(final LdapManager ldapManager, final UserAccountDao userAccountDao) {
+        super();
+        _ldapManager = ldapManager;
+        _userAccountDao = userAccountDao;
+    }
+
+    @Override
+    public boolean authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
+
+        final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
+
+        if (user == null) {
+            s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
+            return false;
+        } else if (_ldapManager.listConfigurations(new LdapListConfigurationCmd(_ldapManager)).second() > 0) {
+            return _ldapManager.canAuthenticate(username, password);
+        } else {
+            return false;
+        }
+    }
+
+    @Override
+    public String encode(final String password) {
+        return password;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
new file mode 100644
index 0000000..07d4879
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
@@ -0,0 +1,102 @@
+package org.apache.cloudstack.ldap;
+
+import java.util.List;
+
+import javax.inject.Inject;
+import javax.naming.directory.SearchControls;
+
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
+
+import com.cloud.configuration.dao.ConfigurationDao;
+import com.cloud.utils.Pair;
+
+public class LdapConfiguration {
+    private final static String factory = "com.sun.jndi.ldap.LdapCtxFactory";
+
+    private final static int scope = SearchControls.SUBTREE_SCOPE;
+
+    @Inject
+    private ConfigurationDao _configDao;
+
+    @Inject
+    private LdapManager _ldapManager;
+
+    public LdapConfiguration() {
+    }
+
+    public LdapConfiguration(final ConfigurationDao configDao, final LdapManager ldapManager) {
+        _configDao = configDao;
+        _ldapManager = ldapManager;
+    }
+
+    public String getAuthentication() {
+        if ((getBindPrincipal() == null) && (getBindPassword() == null)) {
+            return "none";
+        } else {
+            return "simple";
+        }
+    }
+
+    public String getBaseDn() {
+        return _configDao.getValue("ldap.basedn");
+    }
+
+    public String getBindPassword() {
+        return _configDao.getValue("ldap.bind.password");
+    }
+
+    public String getBindPrincipal() {
+        return _configDao.getValue("ldap.bind.principal");
+    }
+
+    public String getEmailAttribute() {
+        final String emailAttribute = _configDao.getValue("ldap.email.attribute");
+        return emailAttribute == null ? "mail" : emailAttribute;
+    }
+
+    public String getFactory() {
+        return factory;
+    }
+
+    public String getProviderUrl() {
+        final Pair<List<? extends LdapConfigurationVO>, Integer> result = _ldapManager
+                .listConfigurations(new LdapListConfigurationCmd(_ldapManager));
+        if (result.second() > 0) {
+            final StringBuilder providerUrls = new StringBuilder();
+            String delim = "";
+            for (final LdapConfigurationVO resource : result.first()) {
+                final String providerUrl = "ldap://" + resource.getHostname() + ":" + resource.getPort();
+                providerUrls.append(delim).append(providerUrl);
+                delim = " ";
+            }
+            return providerUrls.toString();
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to get Ldap Configuration(s)");
+        }
+    }
+
+    public String getRealnameAttribute() {
+        final String realnameAttribute = _configDao.getValue("ldap.realname.attribute");
+        return realnameAttribute == null ? "cn" : realnameAttribute;
+    }
+
+    public String[] getReturnAttributes() {
+        return new String[] {getUsernameAttribute(), getEmailAttribute(), getRealnameAttribute()};
+    }
+
+    public int getScope() {
+        return scope;
+    }
+
+    public String getUsernameAttribute() {
+        final String usernameAttribute = _configDao.getValue("ldap.username.attribute");
+        return usernameAttribute == null ? "uid" : usernameAttribute;
+    }
+
+    public String getUserObject() {
+        final String userObject = _configDao.getValue("ldap.user.object");
+        return userObject == null ? "inetOrgPerson" : userObject;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
new file mode 100644
index 0000000..e7fe0a9
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
@@ -0,0 +1,58 @@
+package org.apache.cloudstack.ldap;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = "ldap_configuration")
+public class LdapConfigurationVO implements InternalIdentity {
+    @Column(name = "hostname")
+    private String hostname;
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private Long id;
+
+    @Column(name = "port")
+    private int port;
+
+    public LdapConfigurationVO() {
+    }
+
+    public LdapConfigurationVO(final String hostname, final int port) {
+        this.hostname = hostname;
+        this.port = port;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setHostname(final String hostname) {
+        this.hostname = hostname;
+    }
+
+    public void setId(final long id) {
+        this.id = id;
+    }
+
+    public void setPort(final int port) {
+        this.port = port;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
new file mode 100644
index 0000000..918fd20
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
@@ -0,0 +1,89 @@
+package org.apache.cloudstack.ldap;
+
+import java.util.Hashtable;
+
+import javax.inject.Inject;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+
+import org.apache.log4j.Logger;
+
+public class LdapContextFactory {
+    private static final Logger s_logger = Logger.getLogger(LdapContextFactory.class.getName());
+
+    @Inject
+    private LdapConfiguration _ldapConfiguration;
+
+    public LdapContextFactory() {
+    }
+
+    public LdapContextFactory(final LdapConfiguration ldapConfiguration) {
+        _ldapConfiguration = ldapConfiguration;
+    }
+
+    public LdapContext createBindContext() throws NamingException {
+        return createBindContext(null);
+    }
+
+    public LdapContext createBindContext(final String providerUrl) throws NamingException {
+        final String bindPrincipal = _ldapConfiguration.getBindPrincipal();
+        final String bindPassword = _ldapConfiguration.getBindPassword();
+        return createInitialDirContext(bindPrincipal, bindPassword, providerUrl, true);
+    }
+
+    private LdapContext createInitialDirContext(final String principal, final String password, final boolean isSystemContext)
+            throws NamingException {
+        return createInitialDirContext(principal, password, null, isSystemContext);
+    }
+
+    private LdapContext createInitialDirContext(final String principal, final String password, final String providerUrl, final boolean isSystemContext)
+            throws NamingException {
+        return new InitialLdapContext(getEnvironment(principal, password, providerUrl, isSystemContext), null);
+    }
+
+    public LdapContext createUserContext(final String principal, final String password) throws NamingException {
+        return createInitialDirContext(principal, password, false);
+    }
+
+    private Hashtable<String, String> getEnvironment(final String principal, final String password, final String providerUrl, final boolean isSystemContext) {
+        final String factory = _ldapConfiguration.getFactory();
+        final String url = providerUrl == null ? _ldapConfiguration.getProviderUrl() : providerUrl;
+        final String authentication = _ldapConfiguration.getAuthentication();
+
+        final Hashtable<String, String> environment = new Hashtable<String, String>();
+
+        environment.put(Context.INITIAL_CONTEXT_FACTORY, factory);
+        environment.put(Context.PROVIDER_URL, url);
+        environment.put("com.sun.jndi.ldap.read.timeout", "1000");
+        environment.put("com.sun.jndi.ldap.connect.pool", "true");
+
+        if ("none".equals(authentication) && !isSystemContext) {
+            environment.put(Context.SECURITY_AUTHENTICATION, "simple");
+        } else {
+            environment.put(Context.SECURITY_AUTHENTICATION, authentication);
+        }
+
+        if (principal != null) {
+            environment.put(Context.SECURITY_PRINCIPAL, principal);
+        }
+
+        if (password != null) {
+            environment.put(Context.SECURITY_CREDENTIALS, password);
+        }
+
+        return environment;
+    }
+
+    public void testConnection(final String providerUrl) throws NamingException {
+        try {
+            createBindContext(providerUrl);
+            s_logger.info("LDAP Connection was successful");
+        } catch (final NamingException e) {
+            s_logger.warn("LDAP Connection failed");
+            s_logger.error(e.getMessage(), e);
+            throw e;
+        }
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a90affe4/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
new file mode 100644
index 0000000..980beb7
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java
@@ -0,0 +1,30 @@
+package org.apache.cloudstack.ldap;
+
+import java.util.List;
+
+import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
+import org.apache.cloudstack.api.response.LdapConfigurationResponse;
+import org.apache.cloudstack.api.response.LdapUserResponse;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.PluggableService;
+
+public interface LdapManager extends PluggableService {
+
+    LdapConfigurationResponse addConfiguration(String hostname, int port) throws InvalidParameterValueException;
+
+    boolean canAuthenticate(String username, String password);
+
+    LdapConfigurationResponse createLdapConfigurationResponse(LdapConfigurationVO configuration);
+
+    LdapUserResponse createLdapUserResponse(LdapUser user);
+
+    LdapConfigurationResponse deleteConfiguration(String hostname) throws InvalidParameterValueException;
+
+    List<LdapUser> getUsers() throws NoLdapUserMatchingQueryException;
+
+    Pair<List<? extends LdapConfigurationVO>, Integer> listConfigurations(LdapListConfigurationCmd cmd);
+
+    List<LdapUser> searchUsers(String query) throws NoLdapUserMatchingQueryException;
+}
\ No newline at end of file


Mime
View raw message