cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8796) the api calll linkdomaintoldap should fail if admin is given and an account isnt created
Date Fri, 04 Sep 2015 08:38:46 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730518#comment-14730518
] 

ASF GitHub Bot commented on CLOUDSTACK-8796:
--------------------------------------------

Github user karuturi commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/755#discussion_r38731619
  
    --- Diff: plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
---
    @@ -52,21 +58,71 @@ public LdapAuthenticator(final LdapManager ldapManager, final UserAccountDao
use
                 return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
             }
     
    -        final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
    +        boolean result = false;
    +        ActionOnFailedAuthentication action = null;
     
    -        if (user == null) {
    -            s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
    -            return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
    -        } else if (_ldapManager.isLdapEnabled()) {
    -            boolean result = _ldapManager.canAuthenticate(username, password);
    -            ActionOnFailedAuthentication action = null;
    -            if (result == false) {
    +        if (_ldapManager.isLdapEnabled()) {
    +            final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
    +            LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
    +            if(ldapTrustMapVO != null) {
    +                try {
    +                    LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType().toString(),
ldapTrustMapVO.getName());
    +                    if(!ldapUser.isDisabled()) {
    +                        result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(),
password);
    +                        if(result) {
    +                            if(user == null) {
    +                                // import user to cloudstack
    +                                createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
    --- End diff --
    
    There is no bug here. Its how the current authenticators work. the api output will be
improved based on the outcome of CLOUDSTACK-8796


> the api calll linkdomaintoldap should fail if admin is given and an account isnt created
> ----------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8796
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8796
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.0
>            Reporter: Rajani Karuturi
>
> The api call doesnt fail if it cannot created the admin account supplied in the api.
It completes the domain linking and will not return admin in response. a successful call would
return admin in the response and a failed doesnt. 
> This may need to be changed to fail the api if admin is given and an account cannot be
created.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message