cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aprat...@apache.org
Subject [2/2] git commit: updated refs/heads/ldapplugin to 7f7035d
Date Mon, 12 Aug 2013 09:25:17 GMT
Update unit tests, add filter to list all users, update ssl

Signed-off-by: Abhinandan Prateek <aprateek@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7f7035d5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7f7035d5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7f7035d5

Branch: refs/heads/ldapplugin
Commit: 7f7035d51670ab7ec3dcd655f7dce31b024d391d
Parents: 25e8e9b
Author: Ian Duffy <ian@ianduffy.ie>
Authored: Mon Aug 12 10:01:14 2013 +0100
Committer: Abhinandan Prateek <aprateek@apache.org>
Committed: Mon Aug 12 14:49:55 2013 +0530

----------------------------------------------------------------------
 client/tomcatconf/commands.properties.in        |   3 +-
 docs/en-US/LDAP-for-user-authentication.xml     |  31 +-
 .../example-activedirectory-configuration.xml   |   4 +-
 docs/en-US/example-openldap-configuration.xml   |   4 +-
 .../api/command/LdapCreateAccount.java          | 163 -------
 .../api/command/LdapCreateAccountCmd.java       | 167 +++++++
 .../api/command/LdapListAllUsersCmd.java        |  91 ----
 .../api/command/LdapListUsersCmd.java           | 123 +++++
 .../apache/cloudstack/ldap/LdapManagerImpl.java |   8 +-
 .../ldap/BasicNamingEnumerationImpl.groovy      |  70 ++-
 .../ldap/LdapAddConfigurationCmdSpec.groovy     | 119 ++---
 .../ldap/LdapAuthenticatorSpec.groovy           |  70 +--
 .../ldap/LdapConfigurationDaoImplSpec.groovy    |   5 +-
 .../ldap/LdapConfigurationResponseSpec.groovy   |  29 +-
 .../ldap/LdapConfigurationSpec.groovy           | 226 +++++-----
 .../ldap/LdapConfigurationVOSpec.groovy         |   1 +
 .../ldap/LdapContextFactorySpec.groovy          |  99 ++--
 .../ldap/LdapCreateAccountCmdSpec.groovy        |  97 ++--
 .../ldap/LdapDeleteConfigurationCmdSpec.groovy  |  45 +-
 .../ldap/LdapListAllUsersCmdSpec.groovy         |  66 ---
 .../ldap/LdapListConfigurationCmdSpec.groovy    |  85 ++--
 .../cloudstack/ldap/LdapListUsersCmdSpec.groovy | 123 +++++
 .../cloudstack/ldap/LdapManagerImplSpec.groovy  | 447 ++++++++++---------
 .../ldap/LdapSearchUserCmdSpec.groovy           |  48 +-
 .../cloudstack/ldap/LdapUserManagerSpec.groovy  | 149 ++++---
 .../cloudstack/ldap/LdapUserResponseSpec.groovy |  49 +-
 .../apache/cloudstack/ldap/LdapUserSpec.groovy  |  51 +--
 .../apache/cloudstack/ldap/LdapUtilsSpec.groovy |  30 +-
 .../NoLdapUserMatchingQueryExceptionSpec.groovy |   1 +
 .../ldap/NoSuchLdapUserExceptionSpec.groovy     |   1 +
 ui/scripts/ui-custom/accountsWizard.js          |   2 +-
 31 files changed, 1302 insertions(+), 1105 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 0e00e3c..7cd1509 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -666,9 +666,8 @@ listDedicatedClusters=1
 listDedicatedHosts=1
 
 ### LDAP
-searchLdap=3
 listLdapConfigurations=15
 addLdapConfiguration=3
 deleteLdapConfiguration=3
-listAllLdapUsers=3
+listLdapUsers=3
 ldapCreateAccount=3

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/docs/en-US/LDAP-for-user-authentication.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/LDAP-for-user-authentication.xml b/docs/en-US/LDAP-for-user-authentication.xml
index 61f204c..772d1c5 100644
--- a/docs/en-US/LDAP-for-user-authentication.xml
+++ b/docs/en-US/LDAP-for-user-authentication.xml
@@ -24,19 +24,28 @@
 <section id="LDAP-for-user-authentication">
     <title>Using an LDAP Server for User Authentication</title>
     <para>You can use an external LDAP server such as Microsoft Active Directory or OpenLDAP to authenticate &PRODUCT; end-users.</para>
-    <para>To set up LDAP authentication in &PRODUCT;, open the global settings page and set:</para>
+    <para>In order to do this you must:</para>
     <itemizedlist>
-        <listitem><para>ldap.basedn - The base directory you want to search within for uses</para></listitem>
-        <listitem><para>ldap.bind.password - The password you wish to use to bind, this can be blank if the server supports anonymous binding</para></listitem>
-        <listitem><para>ldap.bind.principal - The account you wish to use to bind, this can be blank if the server supports anonymous binding</para></listitem>
-        <listitem><para>ldap.email.attribute - The attribute within your LDAP server that holds a value for users email address</para></listitem>
-        <listitem><para>ldap.realname.attribute - The attribute within your LDAP server that holds a value users realname</para></listitem>
-        <listitem><para>ldap.user.object - The object class that identifies a user</para></listitem>
-        <listitem><para>ldap.username.attribute - The attribute within your LDAP server that has a value that will match the cloudstack accounts username field</para></listitem>
+	<listitem><para>Set your LDAP configuration within &PRODUCT;</para></listitem>
+	<listitem><para>Create &PRODUCT; accounts for LDAP users</para></listitem>
     </itemizedlist>
-    <para>Finally you can add LDAP servers from Global Settings -> Select View -> LDAP Configuration. This requires a hostname and port</para>
+    <para>To set up LDAP authentication in &PRODUCT;, open the global settings page and search for LDAP</para>
+    <para>Set ldap.basedn to match your sever's base directory.</para>
+    <para>Review the defaults for the following, ensure that they match your schema.</para>
+    <itemizedlist>
+	<listitem><para>ldap.email.attribute</para></listitem>
+	<listitem><para>ldap.firstname.attribute</para></listitem>
+	<listitem><para>ldap.lastname.attribute</para></listitem>
+	<listitem><para>ldap.username.attribute</para></listitem>
+	<listitem><para>ldap.user.object</para></listitem>
+    </itemizedlist>
+    <para>Optionally you can set the following:</para>
+    <itemizedlist>
+	<listitem><para>If you do not want to use anonymous binding you can set ldap.bind.principle and ldap.bind.password as credentials for your LDAP server that will grant &PRODUCT; permission to perform a search on the LDAP server.</para></listitem>
+	<listitem><para>For SSL support set ldap.truststore to a path on the file system where your trusted store is located. Along with this set ldap.truststore.password as the password that unlocks the truststore.</para></listitem>
+	<listitem><para>If you wish to filter down the user set that is granted access to &PRODUCT; via the LDAP attribute memberof you can do so using ldap.search.group.principle.</para></listitem>
+    </itemizedlist>
+    <para>Finally, you can add your LDAP server. To do so select LDAP Configuration from the views section within global settings. Click on "Configure LDAP" and fill in your server's hostname and port.</para>
     <xi:include href="example-activedirectory-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
     <xi:include href="example-openldap-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-    <!-- Support for SSL has been removed but will be back shortly. -->
-    <!-- <xi:include href="SSL-keystore-path-and-password.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
     </section>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/docs/en-US/example-activedirectory-configuration.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/example-activedirectory-configuration.xml b/docs/en-US/example-activedirectory-configuration.xml
index 98ab5da..5a8178d 100644
--- a/docs/en-US/example-activedirectory-configuration.xml
+++ b/docs/en-US/example-activedirectory-configuration.xml
@@ -24,14 +24,14 @@
 
 <section id="example-activedirectory-configuration">
     <title>Example LDAP Configuration for Active Directory</title>
-    <para>This shows the configuration settings required for using ActiveDirectory</para>
+    <para>This shows the configuration settings required for using ActiveDirectory.</para>
     <itemizedlist>
         <listitem><para>samAccountName - Logon name</para></listitem>
         <listitem><para>mail - Email Address</para></listitem>
         <listitem><para>cn - Real name</para></listitem>
     </itemizedlist>
     <para>Along with this the ldap.user.object name needs to be modified, by default ActiveDirectory uses the value "user" for this.</para>
-    <para>Map the following attributes accordingly as shown below within the cloudstack ldap configuration:</para>
+    <para>Map the following attributes accordingly as shown below:</para>
     <mediaobject>
         <imageobject>
             <imagedata fileref="./images/add-ldap-configuration-ad.png"/>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/docs/en-US/example-openldap-configuration.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/example-openldap-configuration.xml b/docs/en-US/example-openldap-configuration.xml
index 2b28032..aa57a00 100644
--- a/docs/en-US/example-openldap-configuration.xml
+++ b/docs/en-US/example-openldap-configuration.xml
@@ -24,8 +24,8 @@
 
 <section id="example-openldap-configuration">
     <title>Example LDAP Configuration for OpenLdap</title>
-    <para>This shows the configuration settings required for using OpenLDAP</para>
-    <para>The default values supplied are suited for OpenLDAP</para>
+    <para>This shows the configuration settings required for using OpenLDAP.</para>
+    <para>The default values supplied are suited for OpenLDAP.</para>
     <itemizedlist>
         <listitem><para>uid - Logon name</para></listitem>
         <listitem><para>mail - Email Address</para></listitem>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java
deleted file mode 100644
index 87944b0..0000000
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java
+++ /dev/null
@@ -1,163 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Map;
-
-import javax.inject.Inject;
-import javax.naming.NamingException;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.ldap.LdapManager;
-import org.apache.cloudstack.ldap.LdapUser;
-import org.apache.log4j.Logger;
-import org.bouncycastle.util.encoders.Base64;
-
-import com.cloud.user.Account;
-import com.cloud.user.AccountService;
-import com.cloud.user.UserAccount;
-
-@APICommand(name = "ldapCreateAccount", description = "Creates an account from an LDAP user", responseObject = AccountResponse.class, since = "4.2.0")
-public class LdapCreateAccount extends BaseCmd {
-	public static final Logger s_logger = Logger
-			.getLogger(LdapCreateAccount.class.getName());
-	private static final String s_name = "createaccountresponse";
-
-	@Inject
-	private LdapManager _ldapManager;
-
-	@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Creates the user under the specified account. If no account is specified, the username will be used as the account name.")
-	private String accountName;
-
-	@Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account.  Specify 0 for user, 1 for root admin, and 2 for domain admin")
-	private Short accountType;
-
-	@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "Creates the user under the specified domain.")
-	private Long domainId;
-
-	@Parameter(name = ApiConstants.TIMEZONE, type = CommandType.STRING, description = "Specifies a timezone for this command. For more information on the timezone parameter, see Time Zone Format.")
-	private String timezone;
-
-	@Parameter(name = ApiConstants.USERNAME, type = CommandType.STRING, required = true, description = "Unique username.")
-	private String username;
-
-	@Parameter(name = ApiConstants.NETWORK_DOMAIN, type = CommandType.STRING, description = "Network domain for the account's networks")
-	private String networkDomain;
-
-	@Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "details for account used to store specific parameters")
-	private Map<String, String> details;
-
-	@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.STRING, description = "Account UUID, required for adding account from external provisioning system")
-	private String accountUUID;
-
-	@Parameter(name = ApiConstants.USER_ID, type = CommandType.STRING, description = "User UUID, required for adding account from external provisioning system")
-	private String userUUID;
-
-	public LdapCreateAccount() {
-		super();
-	}
-
-	public LdapCreateAccount(final LdapManager ldapManager,
-			final AccountService accountService) {
-		super();
-		_ldapManager = ldapManager;
-		_accountService = accountService;
-	}
-
-	@Override
-	public void execute() throws ServerApiException {
-		updateCallContext();
-		try {
-			final LdapUser user = _ldapManager.getUser(username);
-			validateUser(user);
-			final UserAccount userAccount = _accountService.createUserAccount(
-					username, generatePassword(), user.getFirstname(),
-					user.getLastname(), user.getEmail(), timezone, accountName,
-					accountType, domainId, networkDomain, details, accountUUID,
-					userUUID);
-			if (userAccount != null) {
-				final AccountResponse response = _responseGenerator
-						.createUserAccountResponse(userAccount);
-				response.setResponseName(getCommandName());
-				setResponseObject(response);
-			} else {
-				throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
-						"Failed to create a user account");
-			}
-		} catch (final NamingException e) {
-			throw new ServerApiException(
-					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR,
-					"No LDAP user exists with the username of " + username);
-		}
-	}
-
-	private String generatePassword() throws ServerApiException {
-		try {
-			final SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
-			final byte bytes[] = new byte[20];
-			randomGen.nextBytes(bytes);
-			return Base64.encode(bytes).toString();
-		} catch (final NoSuchAlgorithmException e) {
-			throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
-					"Failed to generate random password");
-		}
-	}
-
-	@Override
-	public String getCommandName() {
-		return s_name;
-	}
-
-	@Override
-	public long getEntityOwnerId() {
-		return Account.ACCOUNT_ID_SYSTEM;
-	}
-
-	private void updateCallContext() {
-		CallContext.current().setEventDetails(
-				"Account Name: " + accountName + ", Domain Id:" + domainId);
-	}
-
-	private boolean validateUser(final LdapUser user) throws ServerApiException {
-		if (user.getEmail() == null) {
-			throw new ServerApiException(
-					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
-							+ " has no email address set within LDAP");
-		}
-		if (user.getFirstname() == null) {
-			throw new ServerApiException(
-					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
-							+ " has no firstname set within LDAP");
-		}
-		if (user.getLastname() == null) {
-			throw new ServerApiException(
-					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
-							+ " has no lastname set within LDAP");
-		}
-		return true;
-	}
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
new file mode 100644
index 0000000..981e72e
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
@@ -0,0 +1,167 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Map;
+
+import javax.inject.Inject;
+import javax.naming.NamingException;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.log4j.Logger;
+import org.bouncycastle.util.encoders.Base64;
+
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+import com.cloud.user.UserAccount;
+
+@APICommand(name = "ldapCreateAccount", description = "Creates an account from an LDAP user", responseObject = AccountResponse.class, since = "4.2.0")
+public class LdapCreateAccountCmd extends BaseCmd {
+	public static final Logger s_logger = Logger
+			.getLogger(LdapCreateAccountCmd.class.getName());
+	private static final String s_name = "createaccountresponse";
+
+	@Inject
+	private LdapManager _ldapManager;
+
+	@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Creates the user under the specified account. If no account is specified, the username will be used as the account name.")
+	private String accountName;
+
+	@Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account.  Specify 0 for user, 1 for root admin, and 2 for domain admin")
+	private Short accountType;
+
+	@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "Creates the user under the specified domain.")
+	private Long domainId;
+
+	@Parameter(name = ApiConstants.TIMEZONE, type = CommandType.STRING, description = "Specifies a timezone for this command. For more information on the timezone parameter, see Time Zone Format.")
+	private String timezone;
+
+	@Parameter(name = ApiConstants.USERNAME, type = CommandType.STRING, required = true, description = "Unique username.")
+	private String username;
+
+	@Parameter(name = ApiConstants.NETWORK_DOMAIN, type = CommandType.STRING, description = "Network domain for the account's networks")
+	private String networkDomain;
+
+	@Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "details for account used to store specific parameters")
+	private Map<String, String> details;
+
+	@Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.STRING, description = "Account UUID, required for adding account from external provisioning system")
+	private String accountUUID;
+
+	@Parameter(name = ApiConstants.USER_ID, type = CommandType.STRING, description = "User UUID, required for adding account from external provisioning system")
+	private String userUUID;
+
+	public LdapCreateAccountCmd() {
+		super();
+	}
+
+	public LdapCreateAccountCmd(final LdapManager ldapManager,
+			final AccountService accountService) {
+		super();
+		_ldapManager = ldapManager;
+		_accountService = accountService;
+	}
+
+	UserAccount createCloudstackUserAccount(final LdapUser user) {
+		return _accountService.createUserAccount(username, generatePassword(),
+				user.getFirstname(), user.getLastname(), user.getEmail(),
+				timezone, accountName, accountType, domainId, networkDomain,
+				details, accountUUID, userUUID);
+	}
+
+	@Override
+	public void execute() throws ServerApiException {
+		final CallContext callContext = getCurrentContext();
+		callContext.setEventDetails("Account Name: " + accountName
+				+ ", Domain Id:" + domainId);
+		try {
+			final LdapUser user = _ldapManager.getUser(username);
+			validateUser(user);
+			final UserAccount userAccount = createCloudstackUserAccount(user);
+			if (userAccount != null) {
+				final AccountResponse response = _responseGenerator
+						.createUserAccountResponse(userAccount);
+				response.setResponseName(getCommandName());
+				setResponseObject(response);
+			} else {
+				throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
+						"Failed to create a user account");
+			}
+		} catch (final NamingException e) {
+			throw new ServerApiException(
+					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR,
+					"No LDAP user exists with the username of " + username);
+		}
+	}
+
+	private String generatePassword() throws ServerApiException {
+		try {
+			final SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
+			final byte bytes[] = new byte[20];
+			randomGen.nextBytes(bytes);
+			return Base64.encode(bytes).toString();
+		} catch (final NoSuchAlgorithmException e) {
+			throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
+					"Failed to generate random password");
+		}
+	}
+
+	@Override
+	public String getCommandName() {
+		return s_name;
+	}
+
+	CallContext getCurrentContext() {
+		return CallContext.current();
+	}
+
+	@Override
+	public long getEntityOwnerId() {
+		return Account.ACCOUNT_ID_SYSTEM;
+	}
+
+	private boolean validateUser(final LdapUser user) throws ServerApiException {
+		if (user.getEmail() == null) {
+			throw new ServerApiException(
+					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
+							+ " has no email address set within LDAP");
+		}
+		if (user.getFirstname() == null) {
+			throw new ServerApiException(
+					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
+							+ " has no firstname set within LDAP");
+		}
+		if (user.getLastname() == null) {
+			throw new ServerApiException(
+					ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username
+							+ " has no lastname set within LDAP");
+		}
+		return true;
+	}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
deleted file mode 100644
index c371cff..0000000
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java
+++ /dev/null
@@ -1,91 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.inject.Inject;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.LdapUserResponse;
-import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.ldap.LdapManager;
-import org.apache.cloudstack.ldap.LdapUser;
-import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
-import org.apache.log4j.Logger;
-
-import com.cloud.user.Account;
-
-@APICommand(name = "listAllLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0")
-public class LdapListAllUsersCmd extends BaseListCmd {
-
-	public static final Logger s_logger = Logger
-			.getLogger(LdapListAllUsersCmd.class.getName());
-	private static final String s_name = "ldapuserresponse";
-	@Inject
-	private LdapManager _ldapManager;
-
-	public LdapListAllUsersCmd() {
-		super();
-	}
-
-	public LdapListAllUsersCmd(final LdapManager ldapManager) {
-		super();
-		_ldapManager = ldapManager;
-	}
-
-	private List<LdapUserResponse> createLdapUserResponse(
-			final List<LdapUser> users) {
-		final List<LdapUserResponse> ldapResponses = new ArrayList<LdapUserResponse>();
-		for (final LdapUser user : users) {
-			final LdapUserResponse ldapResponse = _ldapManager
-					.createLdapUserResponse(user);
-			ldapResponse.setObjectName("LdapUser");
-			ldapResponses.add(ldapResponse);
-		}
-		return ldapResponses;
-	}
-
-	@Override
-	public void execute() throws ServerApiException {
-		List<LdapUserResponse> ldapResponses = null;
-		final ListResponse<LdapUserResponse> response = new ListResponse<LdapUserResponse>();
-		try {
-			final List<LdapUser> users = _ldapManager.getUsers();
-			ldapResponses = createLdapUserResponse(users);
-		} catch (final NoLdapUserMatchingQueryException ex) {
-			ldapResponses = new ArrayList<LdapUserResponse>();
-		} finally {
-			response.setResponses(ldapResponses);
-			response.setResponseName(getCommandName());
-			setResponseObject(response);
-		}
-	}
-
-	@Override
-	public String getCommandName() {
-		return s_name;
-	}
-
-	@Override
-	public long getEntityOwnerId() {
-		return Account.ACCOUNT_ID_SYSTEM;
-	}
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java
new file mode 100644
index 0000000..18e36f5
--- /dev/null
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java
@@ -0,0 +1,123 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.user.ListUsersCmd;
+import org.apache.cloudstack.api.response.LdapUserResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.UserResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
+import org.apache.cloudstack.query.QueryService;
+import org.apache.log4j.Logger;
+
+import com.cloud.user.Account;
+
+@APICommand(name = "listLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0")
+public class LdapListUsersCmd extends BaseListCmd {
+
+	public static final Logger s_logger = Logger
+			.getLogger(LdapListUsersCmd.class.getName());
+	private static final String s_name = "ldapuserresponse";
+	@Inject
+	private LdapManager _ldapManager;
+
+	@Inject
+	private QueryService _queryService;
+
+	@Parameter(name = "listtype", type = CommandType.STRING, required = false, description = "Determines whether all ldap users are returned or just non-cloudstack users")
+	private String listType;
+
+	public LdapListUsersCmd() {
+		super();
+	}
+
+	public LdapListUsersCmd(final LdapManager ldapManager,
+			final QueryService queryService) {
+		super();
+		_ldapManager = ldapManager;
+		_queryService = queryService;
+	}
+
+	private List<LdapUserResponse> createLdapUserResponse(
+			final List<LdapUser> users) {
+		final List<LdapUserResponse> ldapResponses = new ArrayList<LdapUserResponse>();
+		for (final LdapUser user : users) {
+			if (getListType().equals("all") || !isACloudstackUser(user)) {
+				final LdapUserResponse ldapResponse = _ldapManager
+						.createLdapUserResponse(user);
+				ldapResponse.setObjectName("LdapUser");
+				ldapResponses.add(ldapResponse);
+			}
+		}
+		return ldapResponses;
+	}
+
+	@Override
+	public void execute() throws ServerApiException {
+		List<LdapUserResponse> ldapResponses = null;
+		final ListResponse<LdapUserResponse> response = new ListResponse<LdapUserResponse>();
+		try {
+			final List<LdapUser> users = _ldapManager.getUsers();
+			ldapResponses = createLdapUserResponse(users);
+		} catch (final NoLdapUserMatchingQueryException ex) {
+			ldapResponses = new ArrayList<LdapUserResponse>();
+		} finally {
+			response.setResponses(ldapResponses);
+			response.setResponseName(getCommandName());
+			setResponseObject(response);
+		}
+	}
+
+	@Override
+	public String getCommandName() {
+		return s_name;
+	}
+
+	@Override
+	public long getEntityOwnerId() {
+		return Account.ACCOUNT_ID_SYSTEM;
+	}
+
+	private String getListType() {
+		return listType == null ? "all" : listType;
+	}
+
+	private boolean isACloudstackUser(final LdapUser ldapUser) {
+		final ListResponse<UserResponse> response = _queryService
+				.searchForUsers(new ListUsersCmd());
+		final List<UserResponse> cloudstackUsers = response.getResponses();
+		if (cloudstackUsers != null && cloudstackUsers.size() != 0) {
+			for (final UserResponse cloudstackUser : response.getResponses()) {
+				if (ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
index d358ae3..87406ad 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -26,10 +26,10 @@ import javax.naming.directory.DirContext;
 
 import org.apache.cloudstack.api.LdapValidator;
 import org.apache.cloudstack.api.command.LdapAddConfigurationCmd;
-import org.apache.cloudstack.api.command.LdapCreateAccount;
+import org.apache.cloudstack.api.command.LdapCreateAccountCmd;
 import org.apache.cloudstack.api.command.LdapDeleteConfigurationCmd;
-import org.apache.cloudstack.api.command.LdapListAllUsersCmd;
 import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
+import org.apache.cloudstack.api.command.LdapListUsersCmd;
 import org.apache.cloudstack.api.command.LdapUserSearchCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
@@ -159,11 +159,11 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
 	public List<Class<?>> getCommands() {
 		final List<Class<?>> cmdList = new ArrayList<Class<?>>();
 		cmdList.add(LdapUserSearchCmd.class);
-		cmdList.add(LdapListAllUsersCmd.class);
+		cmdList.add(LdapListUsersCmd.class);
 		cmdList.add(LdapAddConfigurationCmd.class);
 		cmdList.add(LdapDeleteConfigurationCmd.class);
 		cmdList.add(LdapListConfigurationCmd.class);
-		cmdList.add(LdapCreateAccount.class);
+		cmdList.add(LdapCreateAccountCmd.class);
 		return cmdList;
 	}
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy
index 67d5272..3210160 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy
@@ -16,43 +16,41 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
-import java.util.LinkedList;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.SearchResult;
+import javax.naming.NamingEnumeration
+import javax.naming.NamingException
+import javax.naming.directory.SearchResult
 
 class BasicNamingEnumerationImpl implements NamingEnumeration {
 
-    private LinkedList<String> items = new LinkedList<SearchResult>();
-
-    public void add(SearchResult item) {
-	items.add(item)
-    }
-
-    @Override
-    public void close() throws NamingException {
-    }
-
-    @Override
-    public boolean hasMore() throws NamingException {
-        return hasMoreElements();
-    }
-
-    @Override
-    public boolean hasMoreElements() {
-	return items.size != 0;
-    }
-
-    @Override
-    public Object next() throws NamingException {
-        return nextElement();
-    }
-
-    @Override
-    public Object nextElement() {
-	SearchResult result = items.getFirst();
-	items.removeFirst();
-	return result;
-    }
+	private LinkedList<String> items = new LinkedList<SearchResult>();
+
+	public void add(SearchResult item) {
+		items.add(item)
+	}
+
+	@Override
+	public void close() throws NamingException {
+	}
+
+	@Override
+	public boolean hasMore() throws NamingException {
+		return hasMoreElements();
+	}
+
+	@Override
+	public boolean hasMoreElements() {
+		return items.size != 0;
+	}
+
+	@Override
+	public Object next() throws NamingException {
+		return nextElement();
+	}
+
+	@Override
+	public Object nextElement() {
+		SearchResult result = items.getFirst();
+		items.removeFirst();
+		return result;
+	}
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAddConfigurationCmdSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAddConfigurationCmdSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAddConfigurationCmdSpec.groovy
index 18df10d..b7e2f45 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAddConfigurationCmdSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAddConfigurationCmdSpec.groovy
@@ -16,69 +16,74 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import com.cloud.exception.InvalidParameterValueException
+import org.apache.cloudstack.api.ServerApiException
+import org.apache.cloudstack.api.command.LdapAddConfigurationCmd
+import org.apache.cloudstack.api.response.LdapConfigurationResponse
+import org.apache.cloudstack.ldap.LdapManager
 
 class LdapAddConfigurationCmdSpec extends spock.lang.Specification {
 
-    def "Test failed response from execute"() {
-	given: "We have an LDAP manager, no configuration and a LdapAddConfigurationCmd"
-	def ldapManager = Mock(LdapManager)
-	ldapManager.addConfiguration(_, _) >> { throw new InvalidParameterValueException() }
-	def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "LdapAddCofnigurationCmd is executed"
-	ldapAddConfigurationCmd.execute()
-	then: "an exception is thrown"
-	thrown ServerApiException
-    }
+	def "Test failed response from execute"() {
+		given: "We have an LDAP manager, no configuration and a LdapAddConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		ldapManager.addConfiguration(_, _) >> { throw new InvalidParameterValueException() }
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "LdapAddCofnigurationCmd is executed"
+		ldapAddConfigurationCmd.execute()
+		then: "an exception is thrown"
+		thrown ServerApiException
+	}
 
-    def "Test getEntityOwnerId is 1"() {
-	given: "We have an LdapManager and LdapConfigurationCmd"
-	def ldapManager = Mock(LdapManager)
-	def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "Get Entity Owner Id is called"
-	long ownerId = ldapAddConfigurationCmd.getEntityOwnerId()
-	then: "1 is returned"
-	ownerId == 1
-    }
+	def "Test getEntityOwnerId is 1"() {
+		given: "We have an LdapManager and LdapConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "Get Entity Owner Id is called"
+		long ownerId = ldapAddConfigurationCmd.getEntityOwnerId()
+		then: "1 is returned"
+		ownerId == 1
+	}
 
-    def "Test successful response from execute"() {
-	given: "We have an LDAP Manager that has a configuration and a LdapAddConfigurationCmd"
-	def ldapManager = Mock(LdapManager)
-        ldapManager.addConfiguration(_, _) >> new LdapConfigurationResponse("localhost", 389)
-        def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "LdapAddConfigurationCmd is executed"
-        ldapAddConfigurationCmd.execute()
-	then: "the responseObject should have the hostname localhost and port 389"
-        ldapAddConfigurationCmd.responseObject.hostname == "localhost"
-	ldapAddConfigurationCmd.responseObject.port == 389
-    }
+	def "Test successful response from execute"() {
+		given: "We have an LDAP Manager that has a configuration and a LdapAddConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		ldapManager.addConfiguration(_, _) >> new LdapConfigurationResponse("localhost", 389)
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "LdapAddConfigurationCmd is executed"
+		ldapAddConfigurationCmd.execute()
+		then: "the responseObject should have the hostname localhost and port 389"
+		ldapAddConfigurationCmd.responseObject.hostname == "localhost"
+		ldapAddConfigurationCmd.responseObject.port == 389
+	}
 
-    def "Test successful return of getCommandName"() {
-	given: "We have an LdapManager and LdapConfigurationCmd"
-	def ldapManager = Mock(LdapManager)
-	def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "Get Command Name is called"
-	String commandName = ldapAddConfigurationCmd.getCommandName()
-	then: "ldapconfigurationresponse is returned"
-	commandName == "ldapconfigurationresponse"
-    }
+	def "Test successful return of getCommandName"() {
+		given: "We have an LdapManager and LdapConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "Get Command Name is called"
+		String commandName = ldapAddConfigurationCmd.getCommandName()
+		then: "ldapconfigurationresponse is returned"
+		commandName == "ldapconfigurationresponse"
+	}
 
-    def "Test successful setting of hostname"() {
-	given: "We have an LdapManager and LdapAddConfigurationCmd"
-        def ldapManager = Mock(LdapManager)
-        def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "The hostname is set"
-        ldapAddConfigurationCmd.setHostname("localhost")
-	then: "Get hostname returns the set hostname"
-        ldapAddConfigurationCmd.getHostname() == "localhost"
-    }
+	def "Test successful setting of hostname"() {
+		given: "We have an LdapManager and LdapAddConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "The hostname is set"
+		ldapAddConfigurationCmd.setHostname("localhost")
+		then: "Get hostname returns the set hostname"
+		ldapAddConfigurationCmd.getHostname() == "localhost"
+	}
 
-    def "Test successful setting of port"() {
-	given: "We have an LdapManager and LdapAddConfigurationCmd"
-        def ldapManager = Mock(LdapManager)
-        def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
-	when: "The port is set"
-        ldapAddConfigurationCmd.setPort(389)
-	then: "Get port returns the port"
-	ldapAddConfigurationCmd.getPort() == 389
-    }
+	def "Test successful setting of port"() {
+		given: "We have an LdapManager and LdapAddConfigurationCmd"
+		def ldapManager = Mock(LdapManager)
+		def ldapAddConfigurationCmd = new LdapAddConfigurationCmd(ldapManager)
+		when: "The port is set"
+		ldapAddConfigurationCmd.setPort(389)
+		then: "Get port returns the port"
+		ldapAddConfigurationCmd.getPort() == 389
+	}
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
index a055fbc..416c133 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
@@ -16,51 +16,57 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import com.cloud.user.UserAccountVO
+import com.cloud.user.dao.UserAccountDao
+import com.cloud.utils.Pair
+import org.apache.cloudstack.ldap.LdapAuthenticator
+import org.apache.cloudstack.ldap.LdapConfigurationVO
+import org.apache.cloudstack.ldap.LdapManager
 
 class LdapAuthenticatorSpec extends spock.lang.Specification {
 
     def "Test a failed authentication due to user not being found within cloudstack"() {
-	given: "We have an LdapManager, userAccountDao and ldapAuthenticator and the user doesn't exist within cloudstack."
+		given: "We have an LdapManager, userAccountDao and ldapAuthenticator and the user doesn't exist within cloudstack."
         LdapManager ldapManager = Mock(LdapManager)
         UserAccountDao userAccountDao = Mock(UserAccountDao)
         userAccountDao.getUserAccount(_, _) >> null
         def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
-	when: "A user authentications"
+		when: "A user authentications"
         def result = ldapAuthenticator.authenticate("rmurphy", "password", 0, null)
-	then: "their authentication fails"
-	result == false
+		then: "their authentication fails"
+		result == false
     }
 
     def "Test failed authentication due to ldap bind being unsuccessful"() {
-	given: "We have an LdapManager, LdapConfiguration, userAccountDao and LdapAuthenticator"
-	def ldapManager = Mock(LdapManager)
-	ldapManager.isLdapEnabled() >> true
-	ldapManager.canAuthenticate(_, _) >> false
+		given: "We have an LdapManager, LdapConfiguration, userAccountDao and LdapAuthenticator"
+		def ldapManager = Mock(LdapManager)
+		ldapManager.isLdapEnabled() >> true
+		ldapManager.canAuthenticate(_, _) >> false
 
-	UserAccountDao userAccountDao = Mock(UserAccountDao)
-	userAccountDao.getUserAccount(_, _) >> new UserAccountVO()
-	def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
+		UserAccountDao userAccountDao = Mock(UserAccountDao)
+		userAccountDao.getUserAccount(_, _) >> new UserAccountVO()
+		def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
 
-	when: "The user authenticates with an incorrect password"
-	def result = ldapAuthenticator.authenticate("rmurphy", "password", 0, null)
+		when: "The user authenticates with an incorrect password"
+		def result = ldapAuthenticator.authenticate("rmurphy", "password", 0, null)
 
-	then: "their authentication fails"
-	result == false
+		then: "their authentication fails"
+		result == false
     }
 
     def "Test failed authentication due to ldap not being configured"() {
-	given: "We have an LdapManager, A configured LDAP server, a userAccountDao and LdapAuthenticator"
-	def ldapManager = Mock(LdapManager)
+		given: "We have an LdapManager, A configured LDAP server, a userAccountDao and LdapAuthenticator"
+		def ldapManager = Mock(LdapManager)
 		ldapManager.isLdapEnabled() >> false
 
-	UserAccountDao userAccountDao = Mock(UserAccountDao)
-	userAccountDao.getUserAccount(_, _) >> new UserAccountVO()
+		UserAccountDao userAccountDao = Mock(UserAccountDao)
+		userAccountDao.getUserAccount(_, _) >> new UserAccountVO()
 
-	def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
-	when: "The user authenticates"
-	def result = ldapAuthenticator.authenticate("rmurphy", "password", 0, null)
-	then: "their authentication fails"
-	result == false
+		def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
+		when: "The user authenticates"
+		def result = ldapAuthenticator.authenticate("rmurphy", "password", 0, null)
+		then: "their authentication fails"
+		result == false
     }
 
 	def "Test successful authentication"() {
@@ -81,13 +87,13 @@ class LdapAuthenticatorSpec extends spock.lang.Specification {
 	}
 
     def "Test that encode doesn't change the input"() {
-	given: "We have an LdapManager, userAccountDao and LdapAuthenticator"
-	LdapManager ldapManager = Mock(LdapManager)
-        UserAccountDao userAccountDao = Mock(UserAccountDao)
-        def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
-	when: "a users password is encoded"
-        def result = ldapAuthenticator.encode("password")
-	then: "it doesn't change"
-        result == "password"
+		given: "We have an LdapManager, userAccountDao and LdapAuthenticator"
+		LdapManager ldapManager = Mock(LdapManager)
+	    UserAccountDao userAccountDao = Mock(UserAccountDao)
+	    def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
+		when: "a users password is encoded"
+	    def result = ldapAuthenticator.encode("password")
+		then: "it doesn't change"
+	    result == "password"
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationDaoImplSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationDaoImplSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationDaoImplSpec.groovy
index 02de0f5..1448909 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationDaoImplSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationDaoImplSpec.groovy
@@ -16,12 +16,13 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import org.apache.cloudstack.ldap.dao.LdapConfigurationDaoImpl
 
 class LdapConfigurationDaoImplSpec extends spock.lang.Specification {
     def "Test setting up of a LdapConfigurationDao"() {
-	given: "We have an LdapConfigurationDao implementation"
+		given: "We have an LdapConfigurationDao implementation"
         def ldapConfigurationDaoImpl = new LdapConfigurationDaoImpl();
-	expect: "that hostnameSearch and listAllConfigurationsSearch is configured"
+		expect: "that hostnameSearch and listAllConfigurationsSearch is configured"
         ldapConfigurationDaoImpl.hostnameSearch != null;
         ldapConfigurationDaoImpl.listAllConfigurationsSearch != null
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationResponseSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationResponseSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationResponseSpec.groovy
index cc9de9b..6f7a370 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationResponseSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationResponseSpec.groovy
@@ -16,33 +16,34 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import org.apache.cloudstack.api.response.LdapConfigurationResponse
 
 class LdapConfigurationResponseSpec extends spock.lang.Specification {
     def "Testing succcessful setting of LdapConfigurationResponse hostname"() {
-	given: "We have a LdapConfigurationResponse"
+		given: "We have a LdapConfigurationResponse"
         LdapConfigurationResponse response = new LdapConfigurationResponse();
-	when: "The hostname is set"
+		when: "The hostname is set"
         response.setHostname("localhost");
-	then: "Get hostname should return the set value"
-	response.getHostname() == "localhost";
+		then: "Get hostname should return the set value"
+		response.getHostname() == "localhost";
     }
 
     def "Testing successful setting of LdapConfigurationResponse hostname and port via constructor"() {
-	given: "We have a LdapConfiguration response"
-	LdapConfigurationResponse response
-	when: "both hostname and port are set by constructor"
+		given: "We have a LdapConfiguration response"
+		LdapConfigurationResponse response
+		when: "both hostname and port are set by constructor"
         response = new LdapConfigurationResponse("localhost", 389)
-	then: "Get hostname and port should return the set values."
+		then: "Get hostname and port should return the set values."
         response.getHostname() == "localhost"
         response.getPort() == 389
     }
 
     def "Testing successful setting of LdapConfigurationResponse port"() {
-	given: "We have a LdapConfigurationResponse"
-	LdapConfigurationResponse response = new LdapConfigurationResponse()
-	when: "The port is set"
-	response.setPort(389)
-	then: "Get port should return the set value"
-	response.getPort() == 389
+		given: "We have a LdapConfigurationResponse"
+		LdapConfigurationResponse response = new LdapConfigurationResponse()
+		when: "The port is set"
+		response.setPort(389)
+		then: "Get port should return the set value"
+		response.getPort() == 389
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationSpec.groovy
index c8555a9..bb86625 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationSpec.groovy
@@ -16,31 +16,25 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import com.cloud.configuration.dao.ConfigurationDao
+import com.cloud.utils.Pair
+import org.apache.cloudstack.api.ServerApiException
+import org.apache.cloudstack.ldap.LdapConfiguration
+import org.apache.cloudstack.ldap.LdapConfigurationVO
+import org.apache.cloudstack.ldap.LdapManager
+
+import javax.naming.directory.SearchControls
 
 class LdapConfigurationSpec extends spock.lang.Specification {
-    def "Test that get search group principle returns successfully"() {
-		given: "We have a ConfigDao with a value for ldap.search.group.principle and an LdapConfiguration"
+    def "Test that getAuthentication returns none"() {
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
 		def configDao = Mock(ConfigurationDao)
-		configDao.getValue("ldap.search.group.principle") >> "cn=cloudstack,cn=users,dc=cloudstack,dc=org"
 		def ldapManager = Mock(LdapManager)
-		LdapConfiguration ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-
-		when: "A request is made to get the search group principle"
-		String result = ldapConfiguration.getSearchGroupPrinciple();
-
-		then: "The result holds the same value configDao did"
-		result == "cn=cloudstack,cn=users,dc=cloudstack,dc=org"
-	}
-
-    def "Test that getAuthentication returns none"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
-	def ldapManager = Mock(LdapManager)
-	def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get authentication is called"
-	String authentication = ldapConfiguration.getAuthentication()
-	then: "none should be returned"
-	authentication == "none"
+		def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+		when: "Get authentication is called"
+		String authentication = ldapConfiguration.getAuthentication()
+		then: "none should be returned"
+		authentication == "none"
     }
 
     def "Test that getAuthentication returns simple"() {
@@ -50,113 +44,155 @@ class LdapConfigurationSpec extends spock.lang.Specification {
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
         configDao.getValue("ldap.bind.password") >> "password"
         configDao.getValue("ldap.bind.principal") >> "cn=rmurphy,dc=cloudstack,dc=org"
-	when: "Get authentication is called"
+		when: "Get authentication is called"
         String authentication = ldapConfiguration.getAuthentication()
-	then: "authentication should be set to simple"
-	authentication == "simple"
+		then: "authentication should be set to simple"
+		authentication == "simple"
     }
 
     def "Test that getBaseDn returns dc=cloudstack,dc=org"() {
-	given: "We have a ConfigDao, LdapManager and ldapConfiguration with a baseDn value set."
-	def configDao = Mock(ConfigurationDao)
-	configDao.getValue("ldap.basedn") >> "dc=cloudstack,dc=org"
-	def ldapManager = Mock(LdapManager)
-	def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get basedn is called"
-	String baseDn = ldapConfiguration.getBaseDn();
-	then: "The set baseDn should be returned"
-	baseDn == "dc=cloudstack,dc=org"
+		given: "We have a ConfigDao, LdapManager and ldapConfiguration with a baseDn value set."
+		def configDao = Mock(ConfigurationDao)
+		configDao.getValue("ldap.basedn") >> "dc=cloudstack,dc=org"
+		def ldapManager = Mock(LdapManager)
+		def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+		when: "Get basedn is called"
+		String baseDn = ldapConfiguration.getBaseDn();
+		then: "The set baseDn should be returned"
+		baseDn == "dc=cloudstack,dc=org"
     }
 
     def "Test that getEmailAttribute returns mail"() {
-	given: "Given that we have a ConfigDao, LdapManager and LdapConfiguration"
+		given: "Given that we have a ConfigDao, LdapManager and LdapConfiguration"
         def configDao = Mock(ConfigurationDao)
         configDao.getValue("ldap.email.attribute") >> "mail"
         def ldapManager = Mock(LdapManager)
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get Email Attribute is called"
+		when: "Get Email Attribute is called"
         String emailAttribute = ldapConfiguration.getEmailAttribute()
-	then: "mail should be returned"
-	emailAttribute == "mail"
+		then: "mail should be returned"
+		emailAttribute == "mail"
     }
 
     def "Test that getFactory returns com.sun.jndi.ldap.LdapCtxFactory"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
-	def ldapManager = Mock(LdapManager)
-	def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get Factory is scalled"
-	String factory = ldapConfiguration.getFactory();
-	then: "com.sun.jndi.ldap.LdapCtxFactory is returned"
-	factory == "com.sun.jndi.ldap.LdapCtxFactory"
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
+		def configDao = Mock(ConfigurationDao)
+		def ldapManager = Mock(LdapManager)
+		def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+		when: "Get Factory is scalled"
+		String factory = ldapConfiguration.getFactory();
+		then: "com.sun.jndi.ldap.LdapCtxFactory is returned"
+		factory == "com.sun.jndi.ldap.LdapCtxFactory"
     }
 
     def "Test that getFirstnameAttribute returns givenname"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
         def configDao = Mock(ConfigurationDao)
         configDao.getValue("ldap.firstname.attribute") >> "givenname"
         def ldapManager = Mock(LdapManager)
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get firstname attribute is called"
+		when: "Get firstname attribute is called"
         String firstname = ldapConfiguration.getFirstnameAttribute()
-	then: "givennam should be returned"
+		then: "givennam should be returned"
         firstname == "givenname"
     }
 
     def "Test that getLastnameAttribute returns givenname"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
         def configDao = Mock(ConfigurationDao)
         configDao.getValue("ldap.lastname.attribute") >> "sn"
         def ldapManager = Mock(LdapManager)
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get Lastname Attribute is scalled "
+		when: "Get Lastname Attribute is scalled "
         String lastname = ldapConfiguration.getLastnameAttribute()
-	then: "sn should be returned"
-	lastname == "sn"
+		then: "sn should be returned"
+		lastname == "sn"
     }
 
     def "Test that getReturnAttributes returns the correct data"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
+		def configDao = Mock(ConfigurationDao)
         configDao.getValue("ldap.firstname.attribute") >> "givenname"
         configDao.getValue("ldap.lastname.attribute") >> "sn"
         configDao.getValue("ldap.username.attribute") >> "uid"
         configDao.getValue("ldap.email.attribute") >> "mail"
         def ldapManager = Mock(LdapManager)
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get return attributes is called"
+		when: "Get return attributes is called"
         String[] returnAttributes = ldapConfiguration.getReturnAttributes()
-	then: "An array containing uid, mail, givenname and sn is returned"
+		then: "An array containing uid, mail, givenname and sn is returned"
         returnAttributes == ["uid", "mail", "givenname", "sn"]
     }
 
     def "Test that getScope returns SearchControls.SUBTREE_SCOPE"() {
-	given: "We have ConfigDao, LdapManager and LdapConfiguration"
+		given: "We have ConfigDao, LdapManager and LdapConfiguration"
         def configDao = Mock(ConfigurationDao)
         def ldapManager = Mock(LdapManager)
         def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get scope is called"
+		when: "Get scope is called"
         int scope = ldapConfiguration.getScope()
-	then: "SearchControls.SUBTRE_SCOPE should be returned"
-	scope == SearchControls.SUBTREE_SCOPE;
+		then: "SearchControls.SUBTRE_SCOPE should be returned"
+		scope == SearchControls.SUBTREE_SCOPE;
     }
 
-    def "Test that getSSLStatus can be true"() {
-		given: "We have a ConfigDao with values for truststore and truststore password set"
+    def "Test that getUsernameAttribute returns uid"() {
+		given: "We have ConfigDao, LdapManager and LdapConfiguration"
+		def configDao = Mock(ConfigurationDao)
+		configDao.getValue("ldap.username.attribute") >> "uid"
+		def ldapManager = Mock(LdapManager)
+		def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+		when: "Get Username Attribute is called"
+		String usernameAttribute = ldapConfiguration.getUsernameAttribute()
+		then: "uid should be returned"
+		usernameAttribute == "uid"
+    }
+
+    def "Test that getUserObject returns inetOrgPerson"() {
+		given: "We have a ConfigDao, LdapManager and LdapConfiguration"
+		def configDao = Mock(ConfigurationDao)
+		configDao.getValue("ldap.user.object") >> "inetOrgPerson"
+		def ldapManager = Mock(LdapManager)
+		def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+		when: "Get user object is called"
+		String userObject = ldapConfiguration.getUserObject()
+		then: "inetOrgPerson is returned"
+		userObject == "inetOrgPerson"
+    }
+
+    def "Test that providerUrl successfully returns a URL when a configuration is available"() {
+		given: "We have a ConfigDao, LdapManager, LdapConfiguration"
 		def configDao = Mock(ConfigurationDao)
-		configDao.getValue("ldap.truststore") >> "/tmp/ldap.ts"
-		configDao.getValue("ldap.truststore.password") >> "password"
 		def ldapManager = Mock(LdapManager)
+		List<LdapConfigurationVO> ldapConfigurationList = new ArrayList()
+		ldapConfigurationList.add(new LdapConfigurationVO("localhost", 389))
+		Pair<List<LdapConfigurationVO>, Integer> result = new Pair<List<LdapConfigurationVO>, Integer>();
+		result.set(ldapConfigurationList, ldapConfigurationList.size())
+		ldapManager.listConfigurations(_) >> result
+
 		LdapConfiguration ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
 
-		when: "A request is made to get the status of SSL"
-		boolean result = ldapConfiguration.getSSLStatus();
+		when: "A request is made to get the providerUrl"
+		String providerUrl = ldapConfiguration.getProviderUrl()
 
-		then: "The response should be true"
-		result == true
+		then: "The providerUrl should be given."
+		providerUrl == "ldap://localhost:389"
+    }
+
+	def "Test that get search group principle returns successfully"() {
+		given: "We have a ConfigDao with a value for ldap.search.group.principle and an LdapConfiguration"
+		def configDao = Mock(ConfigurationDao)
+		configDao.getValue("ldap.search.group.principle") >> "cn=cloudstack,cn=users,dc=cloudstack,dc=org"
+		def ldapManager = Mock(LdapManager)
+		LdapConfiguration ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+
+		when: "A request is made to get the search group principle"
+		String result = ldapConfiguration.getSearchGroupPrinciple();
+
+		then: "The result holds the same value configDao did"
+		result == "cn=cloudstack,cn=users,dc=cloudstack,dc=org"
 	}
 
-    def "Test that getTrustStorePassword resopnds"() {
+	def "Test that getTrustStorePassword resopnds"() {
 		given: "We have a ConfigDao with a value for truststore password"
 		def configDao = Mock(ConfigurationDao)
 		configDao.getValue("ldap.truststore.password") >> "password"
@@ -170,46 +206,18 @@ class LdapConfigurationSpec extends spock.lang.Specification {
 		result == "password";
 	}
 
-	def "Test that getUsernameAttribute returns uid"() {
-	given: "We have ConfigDao, LdapManager and LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
-	configDao.getValue("ldap.username.attribute") >> "uid"
-	def ldapManager = Mock(LdapManager)
-	def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get Username Attribute is called"
-	String usernameAttribute = ldapConfiguration.getUsernameAttribute()
-	then: "uid should be returned"
-	usernameAttribute == "uid"
-    }
-
-	def "Test that getUserObject returns inetOrgPerson"() {
-	given: "We have a ConfigDao, LdapManager and LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
-	configDao.getValue("ldap.user.object") >> "inetOrgPerson"
-	def ldapManager = Mock(LdapManager)
-	def ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
-	when: "Get user object is called"
-	String userObject = ldapConfiguration.getUserObject()
-	then: "inetOrgPerson is returned"
-	userObject == "inetOrgPerson"
-    }
-
-	def "Test that providerUrl successfully returns a URL when a configuration is available"() {
-	given: "We have a ConfigDao, LdapManager, LdapConfiguration"
-	def configDao = Mock(ConfigurationDao)
-	def ldapManager = Mock(LdapManager)
-	List<LdapConfigurationVO> ldapConfigurationList = new ArrayList()
-	ldapConfigurationList.add(new LdapConfigurationVO("localhost", 389))
-	Pair<List<LdapConfigurationVO>, Integer> result = new Pair<List<LdapConfigurationVO>, Integer>();
-	result.set(ldapConfigurationList, ldapConfigurationList.size())
-	ldapManager.listConfigurations(_) >> result
-
-	LdapConfiguration ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
+	def "Test that getSSLStatus can be true"() {
+		given: "We have a ConfigDao with values for truststore and truststore password set"
+		def configDao = Mock(ConfigurationDao)
+		configDao.getValue("ldap.truststore") >> "/tmp/ldap.ts"
+		configDao.getValue("ldap.truststore.password") >> "password"
+		def ldapManager = Mock(LdapManager)
+		LdapConfiguration ldapConfiguration = new LdapConfiguration(configDao, ldapManager)
 
-	when: "A request is made to get the providerUrl"
-	String providerUrl = ldapConfiguration.getProviderUrl()
+		when: "A request is made to get the status of SSL"
+		boolean result = ldapConfiguration.getSSLStatus();
 
-	then: "The providerUrl should be given."
-	providerUrl == "ldap://localhost:389"
-    }
+		then: "The response should be true"
+		result == true
+	}
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationVOSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationVOSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationVOSpec.groovy
index b5d007e..3e713fe 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationVOSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapConfigurationVOSpec.groovy
@@ -16,6 +16,7 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import org.apache.cloudstack.ldap.LdapConfigurationVO
 
 
 class LdapConfigurationVOSpec extends spock.lang.Specification {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
index 9d9ea65..0b8f284 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
@@ -16,7 +16,13 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
-import spock.lang.Shared;
+import org.apache.cloudstack.ldap.LdapConfiguration
+import org.apache.cloudstack.ldap.LdapContextFactory
+import spock.lang.Shared
+
+import javax.naming.NamingException
+import javax.naming.directory.SearchControls
+import javax.naming.ldap.LdapContext
 
 class LdapContextFactorySpec extends spock.lang.Specification {
     @Shared
@@ -44,75 +50,78 @@ class LdapContextFactorySpec extends spock.lang.Specification {
         ldapConfiguration.getFirstnameAttribute() >> "givenname"
         ldapConfiguration.getLastnameAttribute() >> "sn"
         ldapConfiguration.getBaseDn() >> "dc=cloudstack,dc=org"
+		ldapConfiguration.getSSLStatus() >> true
+		ldapConfiguration.getTrustStore() >> "/tmp/ldap.ts"
+		ldapConfiguration.getTrustStorePassword() >> "password"
 
         username = "rmurphy"
         principal = "cn=" + username + "," + ldapConfiguration.getBaseDn()
-	password = "password"
+		password = "password"
     }
 
     def "Test succcessfully creating a initial context"() {
-	given: "We have a LdapContextFactory"
-	def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
-	when: "A context attempts to bind and no Ldap server is avaiable"
-	ldapContextFactory.createInitialDirContext(null, null, true)
-	then: "An expection is thrown"
-	thrown NamingException
+		given: "We have a LdapContextFactory"
+		def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
+		when: "A context attempts to bind and no Ldap server is avaiable"
+		ldapContextFactory.createInitialDirContext(null, null, true)
+		then: "An expection is thrown"
+		thrown NamingException
     }
 
     def "Test successful failed connection"() {
-	given: "We have a LdapContextFactory"
-	def ldapContextFactory = Spy(LdapContextFactory, constructorArgs: [ldapConfiguration])
-	when: "Test connection is executed"
-	ldapContextFactory.testConnection(ldapConfiguration.getProviderUrl())
-	then: "An exception is thrown"
-	thrown NamingException
+		given: "We have a LdapContextFactory"
+		def ldapContextFactory = Spy(LdapContextFactory, constructorArgs: [ldapConfiguration])
+		when: "Test connection is executed"
+		ldapContextFactory.testConnection(ldapConfiguration.getProviderUrl())
+		then: "An exception is thrown"
+		thrown NamingException
     }
 
     def "Test successfully binding as a user"() {
-	given: "We have a LdapContextFactory"
-	def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
-	when: "A user attempts to bind and no LDAP server is avaiable"
-	ldapContextFactory.createUserContext(principal, password)
-	then: "An exception is thrown"
-	thrown NamingException
+		given: "We have a LdapContextFactory"
+		def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
+		when: "A user attempts to bind and no LDAP server is avaiable"
+		ldapContextFactory.createUserContext(principal, password)
+		then: "An exception is thrown"
+		thrown NamingException
     }
 
     def "Test successfully creating a environment with username and password"() {
-	given: "We have an LdapContextFactory"
+		given: "We have an LdapContextFactory"
         def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
 
-	when: "A request for an environment is made"
+		when: "A request for an environment is made"
         def result = ldapContextFactory.getEnvironment(null, null, null, true)
 
-	then: "The resulting values should be set"
+		then: "The resulting values should be set"
         result['java.naming.provider.url'] == ldapConfiguration.getProviderUrl()
         result['java.naming.factory.initial'] == ldapConfiguration.getFactory()
         result['java.naming.security.principal'] == null
         result['java.naming.security.authentication'] == ldapConfiguration.getAuthentication()
-	result['java.naming.security.credentials'] == null
+		result['java.naming.security.credentials'] == null
     }
 
     def "Test successfully creating a system environment with anon bind"() {
-	given: "We have an LdapContext Factory"
-	def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
-
-	when: "A request for an environment is made"
-	def result = ldapContextFactory.getEnvironment(principal, password, null, false)
-
-	then: "The resulting values should be set"
-	result['java.naming.provider.url'] == ldapConfiguration.getProviderUrl()
-	result['java.naming.factory.initial'] == ldapConfiguration.getFactory()
-	result['java.naming.security.principal'] == principal
-	result['java.naming.security.authentication'] == "simple"
-	result['java.naming.security.credentials'] == password
-    }
-
-    def "Test successully binding as system"() {
-	given: "We have a LdapContextFactory"
-        def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
-	when: "A bind context attempts to bind and no Ldap server is avaiable"
-        ldapContextFactory.createBindContext()
-	then: "An exception is thrown"
-	thrown NamingException
+		given: "We have an LdapContext Factory"
+		def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
+
+		when: "A request for an environment is made"
+		def result = ldapContextFactory.getEnvironment(principal, password, null, false)
+
+		then: "The resulting values should be set"
+		result['java.naming.provider.url'] == ldapConfiguration.getProviderUrl()
+		result['java.naming.factory.initial'] == ldapConfiguration.getFactory()
+		result['java.naming.security.principal'] == principal
+		result['java.naming.security.authentication'] == "simple"
+		result['java.naming.security.credentials'] == password
+	}
+
+	def "Test successully binding as system"() {
+		given: "We have a LdapContextFactory"
+	    def ldapContextFactory = new LdapContextFactory(ldapConfiguration)
+		when: "A bind context attempts to bind and no Ldap server is avaiable"
+	    ldapContextFactory.createBindContext()
+		then: "An exception is thrown"
+		thrown NamingException
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7035d5/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapCreateAccountCmdSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapCreateAccountCmdSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapCreateAccountCmdSpec.groovy
index d2b2332..cc849de 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapCreateAccountCmdSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapCreateAccountCmdSpec.groovy
@@ -16,30 +16,60 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
+import com.cloud.exception.InvalidParameterValueException
+import org.apache.cloudstack.api.ServerApiException
+import org.apache.cloudstack.api.command.LdapAddConfigurationCmd
+import org.apache.cloudstack.api.response.LdapConfigurationResponse
+
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import org.apache.cloudstack.api.command.LdapCreateAccountCmd;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.user.AccountService;
+import com.cloud.user.UserAccount;
+import com.cloud.user.UserAccountVO;
+
+import javax.naming.NamingException
 
 class LdapCreateAccountCmdSpec extends spock.lang.Specification {
-/*
+
     def "Test failure to retrive LDAP user"() {
-	given:
-	LdapManager ldapManager = Mock(LdapManager)
-	ldapManager.getUser(_) >> { throw new NamingException() }
-	AccountService accountService = Mock(AccountService)
-
-	def ldapCreateAccount = Spy(LdapCreateAccount, constructorArgs: [ldapManager, accountService])
-	ldapCreateAccount.updateCallContext() >> System.out.println("Hello World");
-	when:
-	ldapCreateAccount.execute()
-	then:
-	thrown ServerApiException
-    } */
+		given: "We have an LdapManager, AccountService and LdapCreateAccountCmd and LDAP user that doesn't exist"
+		LdapManager ldapManager = Mock(LdapManager)
+		ldapManager.getUser(_) >> { throw new NamingException() }
+		AccountService accountService = Mock(AccountService)
+		def ldapCreateAccountCmd = Spy(LdapCreateAccountCmd, constructorArgs: [ldapManager, accountService])
+		ldapCreateAccountCmd.getCurrentContext() >> Mock(CallContext)
+		CallContext context = ldapCreateAccountCmd.getCurrentContext()
+		when: "An an account is created"
+		ldapCreateAccountCmd.execute()
+		then: "It fails and an exception is thrown"
+		thrown ServerApiException
+    }
+
+	def "Test failed creation due to a null response from cloudstack account creater"() {
+		given: "We have an LdapManager, AccountService and LdapCreateAccountCmd"
+		LdapManager ldapManager = Mock(LdapManager)
+		ldapManager.getUser(_) >> new LdapUser("rmurphy", "rmurphy@cloudstack.org", "Ryan", "Murphy", "cn=rmurphy,dc=cloudstack,dc=org")
+		AccountService accountService = Mock(AccountService)
+		def ldapCreateAccountCmd = Spy(LdapCreateAccountCmd, constructorArgs: [ldapManager, accountService])
+		ldapCreateAccountCmd.getCurrentContext() >> Mock(CallContext)
+		ldapCreateAccountCmd.createCloudstackUserAccount(_) >> null
+		when: "Cloudstack fail to create the user"
+		ldapCreateAccountCmd.execute()
+		then: "An exception is thrown"
+		thrown ServerApiException
+	}
 
     def "Test command name"() {
-		given: "We have an LdapManager, AccountService and LdapCreateAccount"
+		given: "We have an LdapManager, AccountService and LdapCreateAccountCmd"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService)
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService)
 		when: "Get command name is called"
-		def result = ldapCreateAccount.getCommandName()
+		def result = ldapCreateAccountCmd.getCommandName()
 		then: "createaccountresponse is returned"
 		result == "createaccountresponse"
     }
@@ -49,20 +79,20 @@ class LdapCreateAccountCmdSpec extends spock.lang.Specification {
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
 
-		def ldapCreateAccount = Spy(LdapCreateAccount, constructorArgs: [ldapManager, accountService])
+		def ldapCreateAccountCmd = Spy(LdapCreateAccountCmd, constructorArgs: [ldapManager, accountService])
 		when: "Get entity owner id is called"
-		long ownerId = ldapCreateAccount.getEntityOwnerId()
+		long ownerId = ldapCreateAccountCmd.getEntityOwnerId()
 		then: "1 is returned"
 		ownerId == 1
     }
 
     def "Test password generation"() {
-		given: "We have an LdapManager, AccountService and LdapCreateAccount"
+		given: "We have an LdapManager, AccountService and LdapCreateAccountCmd"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService)
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService)
 		when: "A password is generated"
-		def result = ldapCreateAccount.generatePassword()
+		def result = ldapCreateAccountCmd.generatePassword()
 		then: "The result shouldn't be null or empty"
 		result != ""
 		result != null
@@ -72,9 +102,9 @@ class LdapCreateAccountCmdSpec extends spock.lang.Specification {
 		given: "We have an LdapManager, AccountService andL dapCreateAccount"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService);
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService);
 		when: "a user with an username, email, firstname and lastname is validated"
-		def result = ldapCreateAccount.validateUser(new LdapUser("username","email","firstname","lastname","principal"))
+		def result = ldapCreateAccountCmd.validateUser(new LdapUser("username","email","firstname","lastname","principal"))
 		then: "the result is true"
 		result == true
    }
@@ -83,9 +113,9 @@ class LdapCreateAccountCmdSpec extends spock.lang.Specification {
 		given: "We have an LdapManager, AccountService andL dapCreateAccount"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService)
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService)
 		when: "A user with no email address attempts to validate"
-		ldapCreateAccount.validateUser(new LdapUser("username",null,"firstname","lastname","principal"))
+		ldapCreateAccountCmd.validateUser(new LdapUser("username",null,"firstname","lastname","principal"))
 		then: "An exception is thrown"
 		thrown Exception
    }
@@ -94,20 +124,20 @@ class LdapCreateAccountCmdSpec extends spock.lang.Specification {
 		given: "We have an LdapManager, AccountService andL dapCreateAccount"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService)
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService)
 		when: "A user with no firstname attempts to validate"
-		ldapCreateAccount.validateUser(new LdapUser("username","email",null,"lastname","principal"))
+		ldapCreateAccountCmd.validateUser(new LdapUser("username","email",null,"lastname","principal"))
 		then: "An exception is thrown"
 		thrown Exception
    }
 
 	def "Test validate User empty lastname"() {
-		given: "We have an LdapManager, AccountService and LdapCreateAccount"
+		given: "We have an LdapManager, AccountService and LdapCreateAccountCmd"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-		def ldapCreateAccount = new LdapCreateAccount(ldapManager, accountService)
+		def ldapCreateAccountCmd = new LdapCreateAccountCmd(ldapManager, accountService)
 		when: "A user with no lastname attempts to validate"
-		ldapCreateAccount.validateUser(new LdapUser("username","email","firstname",null,"principal"))
+		ldapCreateAccountCmd.validateUser(new LdapUser("username","email","firstname",null,"principal"))
 		then: "An exception is thown"
 		thrown Exception
    }
@@ -116,12 +146,9 @@ class LdapCreateAccountCmdSpec extends spock.lang.Specification {
 		given: "We have an LdapManager, AccountService andL dapCreateAccount"
 		LdapManager ldapManager = Mock(LdapManager)
 		AccountService accountService = Mock(AccountService)
-
-		def ldapCreateAccount = Spy(LdapCreateAccount, constructorArgs: [ldapManager, accountService])
-
+		def ldapCreateAccountCmd = Spy(LdapCreateAccountCmd, constructorArgs: [ldapManager, accountService])
 		when: "Get command name is called"
-		def commandName = ldapCreateAccount.getCommandName()
-
+		def commandName = ldapCreateAccountCmd.getCommandName()
 		then: "createaccountresponse is returned"
 		commandName == "createaccountresponse"
     }


Mime
View raw message