cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raj...@apache.org
Subject [06/17] git commit: updated refs/heads/master to 5881035
Date Sat, 05 Sep 2015 04:02:46 GMT
CLOUDSTACK-8647 added nested group enabled config in ldap

querying the nested groups only when nested groups are enabled


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/59291864
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/59291864
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/59291864

Branch: refs/heads/master
Commit: 59291864fc893935294fc9a8ac60c6c537a7caff
Parents: 0dc9ccd
Author: Rajani Karuturi <rajanikaruturi@gmail.com>
Authored: Tue Aug 11 14:27:55 2015 +0530
Committer: Rajani Karuturi <rajani.karuturi@citrix.com>
Committed: Thu Aug 27 17:30:21 2015 +0530

----------------------------------------------------------------------
 .../cloudstack/ldap/ADLdapUserManagerImpl.java  |  9 ++++--
 .../cloudstack/ldap/LdapAuthenticator.java      | 32 ++++++++++++++------
 .../cloudstack/ldap/LdapConfiguration.java      |  9 +++++-
 .../src/com/cloud/user/AccountManagerImpl.java  |  4 +--
 4 files changed, 38 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/59291864/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
index 89a2781..5570084 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
@@ -33,6 +33,7 @@ import org.apache.log4j.Logger;
 public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements LdapUserManager
{
     public static final Logger s_logger = Logger.getLogger(ADLdapUserManagerImpl.class.getName());
     private static final String MICROSOFT_AD_NESTED_MEMBERS_FILTER = "memberOf:1.2.840.113556.1.4.1941:";
+    private static final String MICROSOFT_AD_MEMBERS_FILTER = "memberOf";
 
     @Override
     public List<LdapUser> getUsersInGroup(String groupName, LdapContext context) throws
NamingException {
@@ -66,7 +67,7 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements
Ld
 
         final StringBuilder memberOfFilter = new StringBuilder();
         String groupCnName =  _ldapConfiguration.getCommonNameAttribute() + "=" +groupName
+ "," +  _ldapConfiguration.getBaseDn();
-        memberOfFilter.append("(" + MICROSOFT_AD_NESTED_MEMBERS_FILTER + "=");
+        memberOfFilter.append("(").append(getMemberOfAttribute()).append("=");
         memberOfFilter.append(groupCnName);
         memberOfFilter.append(")");
 
@@ -94,6 +95,10 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements
Ld
     }
 
     protected String getMemberOfAttribute() {
-        return MICROSOFT_AD_NESTED_MEMBERS_FILTER;
+        if(_ldapConfiguration.isNestedGroupsEnabled()) {
+            return MICROSOFT_AD_NESTED_MEMBERS_FILTER;
+        } else {
+            return MICROSOFT_AD_MEMBERS_FILTER;
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/59291864/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
index a04868e..7599dad 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
@@ -17,7 +17,8 @@
 package org.apache.cloudstack.ldap;
 
 import com.cloud.server.auth.DefaultUserAuthenticator;
-import com.cloud.user.AccountService;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
 import com.cloud.user.User;
 import com.cloud.user.UserAccount;
 import com.cloud.user.dao.UserAccountDao;
@@ -37,7 +38,7 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
     @Inject
     private UserAccountDao _userAccountDao;
     @Inject
-    public AccountService _accountService;
+    private AccountManager _accountManager;
 
     public LdapAuthenticator() {
         super();
@@ -68,13 +69,17 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
                     LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType(),
ldapTrustMapVO.getName());
                     if(!ldapUser.isDisabled()) {
                         result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
-                        if(result && (user == null)) {
-                            // import user to cloudstack
-                            createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
+                        if(result) {
+                            if(user == null) {
+                                // import user to cloudstack
+                                createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
+                            } else {
+                                enableUserInCloudStack(user);
+                            }
                         }
                     } else {
                         //disable user in cloudstack
-                        disableUserInCloudStack(ldapUser, domainId);
+                        disableUserInCloudStack(user);
                     }
                 } catch (NoLdapUserMatchingQueryException e) {
                     s_logger.debug(e.getMessage());
@@ -103,15 +108,22 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
         return new Pair<Boolean, ActionOnFailedAuthentication>(result, action);
     }
 
+    private void enableUserInCloudStack(UserAccount user) {
+        if(user != null && (user.getState().equalsIgnoreCase(Account.State.disabled.toString())))
{
+            _accountManager.enableUser(user.getId());
+        }
+    }
+
     private void createCloudStackUserAccount(LdapUser user, long domainId, short accountType)
{
         String username = user.getUsername();
-        _accountService.createUserAccount(username, "", user.getFirstname(), user.getLastname(),
user.getEmail(), null, username, accountType, domainId, username, null,
+        _accountManager.createUserAccount(username, "", user.getFirstname(), user.getLastname(),
user.getEmail(), null, username, accountType, domainId, username, null,
                                           UUID.randomUUID().toString(), UUID.randomUUID().toString(),
User.Source.LDAP);
     }
 
-    private void disableUserInCloudStack(LdapUser ldapUser, long domainId) {
-        final UserAccount user = _userAccountDao.getUserAccount(ldapUser.getUsername(), domainId);
-        _accountService.lockUser(user.getId());
+    private void disableUserInCloudStack(UserAccount user) {
+        if (user != null) {
+            _accountManager.disableUser(user.getId());
+        }
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/59291864/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
index 9501901..56b39a8 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
@@ -39,6 +39,9 @@ public class LdapConfiguration implements Configurable{
     private static final ConfigKey<String> ldapProvider = new ConfigKey<String>(String.class,
"ldap.provider", "Advanced", "openldap", "ldap provider ex:openldap, microsoftad",
                                                                                 true, ConfigKey.Scope.Global,
null);
 
+    private static final ConfigKey<Boolean> ldapEnableNestedGroups = new ConfigKey<Boolean>(Boolean.class,
"ldap.nested.groups.enable", "Advanced", "true",
+                                                                                        
   "if true, nested groups will also be queried", true, ConfigKey.Scope.Global, null);
+
     private final static int scope = SearchControls.SUBTREE_SCOPE;
 
     @Inject
@@ -183,6 +186,10 @@ public class LdapConfiguration implements Configurable{
         return provider;
     }
 
+    public boolean isNestedGroupsEnabled() {
+        return ldapEnableNestedGroups.value();
+    }
+
     @Override
     public String getConfigComponentName() {
         return LdapConfiguration.class.getSimpleName();
@@ -190,6 +197,6 @@ public class LdapConfiguration implements Configurable{
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {ldapReadTimeout, ldapPageSize, ldapProvider};
+        return new ConfigKey<?>[] {ldapReadTimeout, ldapPageSize, ldapProvider, ldapEnableNestedGroups};
     }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/59291864/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 634c299..edc8ad8 100644
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2173,9 +2173,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
             if (domain != null) {
                 domainName = domain.getName();
             }
-            if (userAccount == null) {
-                _userAccountDao.getUserAccount(username, domainId);
-            }
+            userAccount = _userAccountDao.getUserAccount(username, domainId);
 
             if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())
||
                 !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString()))
{


Mime
View raw message