incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <>
Subject RE: [REVIEW] MS LDAP Auth patch - UI CSS and Architecture help needed
Date Sun, 28 Oct 2012 23:20:38 GMT
No takers :( ? 

I guess most people don't run evil empire AD. 

-----Original Message-----
From: Musayev, Ilya [] 
Sent: Friday, October 26, 2012 3:46 PM
Subject: [REVIEW] MS LDAP Auth patch - UI CSS and Architecture help needed

Below is a proof of concept code to get the Microsoft Active Directory LDAP Authentication
to work with CS3 and CS4. I've been using it in my environment - so its tested and works well.

Problem Description:
                When user enter password in login page, the password is encrypted via MD5
through javascript function that checks if md5HashedLogin  is set to true. If so, MD5 encoded
password is passed into JSP for further verification against an MD5 stored password in local
MySQL DB. Since MySQL DB password is also MD5 encrypted, it will result in successful authentication.
                If end-user enabled AD LDAP Authentication via API, MS AD does not support
MD5 hashed passwords. I tried altering settings in LDAP/MD5 settings in components.xml, but
it has not helped because the password is encrypted on user session level.

Solution Details:
                A very simple and somewhat elegant solution is to add a checkbox on login
page that would either set off or on md5hashedLogin bolean logic via javascript function.
Example if box checked or unchecked - do - md5HashedLogin = !md5HashedLogin - on each event.
This solution allows for both local and external authentication mechanism to function.

Review Needed:

1)      What is your thought on including this patch into CS 4.0 and backporting to 3.0?

2)      Can someone who has non MS LDAP env test this solution to see if it breaks anything.

CSS Help:
                While I was trying to make it look nice, CSS is not my strongest skill and
after sometime of fiddling with it, I had to shift my focus on another more urgent task. I
also figured for UI guru this will be a 1 minute fix. if your CSS skills are better than mine
(that's almost everyone on this list), please help make it a little more user appealing.

Implementation Details:

There are probably 10 lines of code total to add in 3 files, index.jsp, cloudstack3.css and
sharedFunctions.js. The patch was generated with "diff -u" which should work with linux patch
command, but if not - it will take less than 1 minute to make these changes by hand.

Please let me know what your thoughts are on this patch once we agree, I will make it proper
as per developer guidelines.

--- /usr/share/cloud/management/webapps/client/index.jsp.orig1        2012-10-25 13:50:49.244834323
+++ /usr/share/cloud/management/webapps/client/index.jsp 2012-10-26 
+++ 15:04:17.836817297 -0400
@@ -58,6 +58,10 @@
               <label for="password"><fmt:message key="label.password"/></label>
               <input type="password" name="password" class="required" />
+                 <div class="field">
+                  MS AD LDAP AUTH
+                  <input type="checkbox" name="ldap_auth" id="ldap_auth" value="0" onclick="my_ldap_auth();"/>
+                 </div>
             <!-- Domain -->
             <div class="field domain">
               <label for="domain"><fmt:message key="label.domain"/></label>

--- /usr/share/cloud/management/webapps/client/css/cloudstack3.css.orig      2012-10-26 15:16:47.532831544
+++ /usr/share/cloud/management/webapps/client/css/cloudstack3.css            2012-10-25 13:09:23.683813597
@@ -352,6 +352,11 @@
   text-shadow: 0px 1px 2px #000000;
+.login .fields input[type=checkbox] {
+  display: block;
.login .fields input[type=submit]:hover {
   background-position: -563px -772px;

--- /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js.orig        2012-10-26
15:19:22.334833312 -0400
+++ /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js              2012-10-23
11:07:51.373793431 -0400
@@ -40,6 +40,13 @@
var md5Hashed = true;
var md5HashedLogin = true;
+//AD auth support by setting the md5HashedLogin to false function 
+my_ldap_auth() {
+             md5HashedLogin = !md5HashedLogin; }
//page size for API call (e.g."listXXXXXXX&pagesize=N" ) var pageSize = 20;

View raw message