Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Date: Fri, 4 Sep 2015 08:38:46 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.12861469.1441259666000.255948.1441355926270@Atlassian.JIRA>
In-Reply-To: <JIRA.12861469.1441259666000@Atlassian.JIRA>
References: <JIRA.12861469.1441259666000@Atlassian.JIRA>
 <JIRA.12861469.1441259666524@arcas>
Subject: [jira] [Commented] (CLOUDSTACK-8796) the api calll linkdomaintoldap
 should fail if admin is given and an account isnt created
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730518#comment-14730518 ] 

ASF GitHub Bot commented on CLOUDSTACK-8796:
--------------------------------------------

Github user karuturi commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/755#discussion_r38731619
  
    --- Diff: plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java ---
    @@ -52,21 +58,71 @@ public LdapAuthenticator(final LdapManager ldapManager, final UserAccountDao use
                 return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
             }
     
    -        final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
    +        boolean result = false;
    +        ActionOnFailedAuthentication action = null;
     
    -        if (user == null) {
    -            s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
    -            return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
    -        } else if (_ldapManager.isLdapEnabled()) {
    -            boolean result = _ldapManager.canAuthenticate(username, password);
    -            ActionOnFailedAuthentication action = null;
    -            if (result == false) {
    +        if (_ldapManager.isLdapEnabled()) {
    +            final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
    +            LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
    +            if(ldapTrustMapVO != null) {
    +                try {
    +                    LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType().toString(), ldapTrustMapVO.getName());
    +                    if(!ldapUser.isDisabled()) {
    +                        result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
    +                        if(result) {
    +                            if(user == null) {
    +                                // import user to cloudstack
    +                                createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
    --- End diff --
    
    There is no bug here. Its how the current authenticators work. the api output will be improved based on the outcome of CLOUDSTACK-8796


> the api calll linkdomaintoldap should fail if admin is given and an account isnt created
> ----------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8796
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8796
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.0
>            Reporter: Rajani Karuturi
>
> The api call doesnt fail if it cannot created the admin account supplied in the api. It completes the domain linking and will not return admin in response. a successful call would return admin in the response and a failed doesnt. 
> This may need to be changed to fail the api if admin is given and an account cannot be created.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)