diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java index b8e08e52928..d5ccdafeaa9 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapAddConfigurationCmd.java @@ -2,8 +2,6 @@ package org.apache.cloudstack.api.command; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseCmd; @@ -11,70 +9,74 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.LdapConfigurationResponse; import org.apache.cloudstack.ldap.LdapManager; +import org.apache.log4j.Logger; import com.cloud.exception.InvalidParameterValueException; import com.cloud.user.Account; @APICommand(name = "addLdapConfiguration", description = "Add a new Ldap Configuration", responseObject = LdapConfigurationResponse.class, since = "4.2.0") public class LdapAddConfigurationCmd extends BaseCmd { - public static final Logger s_logger = Logger.getLogger(LdapAddConfigurationCmd.class.getName()); - private static final String s_name = "ldapconfigurationresponse"; + public static final Logger s_logger = Logger + .getLogger(LdapAddConfigurationCmd.class.getName()); + private static final String s_name = "ldapconfigurationresponse"; - @Inject - private LdapManager _ldapManager; + @Inject + private LdapManager _ldapManager; - @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname") - private String hostname; + @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname") + private String hostname; - @Parameter(name = "port", type = CommandType.INTEGER, required = true, description = "Port") - private int port; + @Parameter(name = "port", type = CommandType.INTEGER, required = true, description = "Port") + private int port; - public LdapAddConfigurationCmd() { - super(); - } + public LdapAddConfigurationCmd() { + super(); + } - public LdapAddConfigurationCmd(final LdapManager ldapManager) { - super(); - _ldapManager = ldapManager; - } + public LdapAddConfigurationCmd(final LdapManager ldapManager) { + super(); + _ldapManager = ldapManager; + } - @Override - public void execute() throws ServerApiException { - try { - final LdapConfigurationResponse response = _ldapManager.addConfiguration(hostname, port); - response.setObjectName("LdapAddConfiguration"); - response.setResponseName(getCommandName()); - setResponseObject(response); - } catch (final InvalidParameterValueException e) { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString()); - } + @Override + public void execute() throws ServerApiException { + try { + final LdapConfigurationResponse response = _ldapManager + .addConfiguration(hostname, port); + response.setObjectName("LdapAddConfiguration"); + response.setResponseName(getCommandName()); + setResponseObject(response); + } catch (final InvalidParameterValueException e) { + throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, + e.toString()); + } - } + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } - public String getHostname() { - return hostname; - } + public String getHostname() { + return hostname; + } - public int getPort() { - return port; - } + public int getPort() { + return port; + } - public void setHostname(final String hostname) { - this.hostname = hostname; - } + public void setHostname(final String hostname) { + this.hostname = hostname; + } - public void setPort(final int port) { - this.port = port; - } + public void setPort(final int port) { + this.port = port; + } } diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java index 82c6e4a8fa4..47e5bf41ce2 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java @@ -23,9 +23,6 @@ import java.util.Map; import javax.inject.Inject; import javax.naming.NamingException; -import org.apache.log4j.Logger; -import org.bouncycastle.util.encoders.Base64; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -37,6 +34,8 @@ import org.apache.cloudstack.api.response.DomainResponse; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.ldap.LdapManager; import org.apache.cloudstack.ldap.LdapUser; +import org.apache.log4j.Logger; +import org.bouncycastle.util.encoders.Base64; import com.cloud.user.Account; import com.cloud.user.AccountService; @@ -44,105 +43,121 @@ import com.cloud.user.UserAccount; @APICommand(name = "ldapCreateAccount", description = "Creates an account from an LDAP user", responseObject = AccountResponse.class, since = "4.2.0") public class LdapCreateAccount extends BaseCmd { - public static final Logger s_logger = Logger.getLogger(LdapCreateAccount.class.getName()); - private static final String s_name = "createaccountresponse"; + public static final Logger s_logger = Logger + .getLogger(LdapCreateAccount.class.getName()); + private static final String s_name = "createaccountresponse"; - @Inject - private LdapManager _ldapManager; + @Inject + private LdapManager _ldapManager; - @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Creates the user under the specified account. If no account is specified, the username will be used as the account name.") - private String accountName; + @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Creates the user under the specified account. If no account is specified, the username will be used as the account name.") + private String accountName; - @Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account. Specify 0 for user, 1 for root admin, and 2 for domain admin") - private Short accountType; + @Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.SHORT, required = true, description = "Type of the account. Specify 0 for user, 1 for root admin, and 2 for domain admin") + private Short accountType; - @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, - description = "Creates the user under the specified domain.") - private Long domainId; + @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "Creates the user under the specified domain.") + private Long domainId; - @Parameter(name = ApiConstants.TIMEZONE, type = CommandType.STRING, description = "Specifies a timezone for this command. For more information on the timezone parameter, see Time Zone Format.") - private String timezone; + @Parameter(name = ApiConstants.TIMEZONE, type = CommandType.STRING, description = "Specifies a timezone for this command. For more information on the timezone parameter, see Time Zone Format.") + private String timezone; - @Parameter(name = ApiConstants.USERNAME, type = CommandType.STRING, required = true, description = "Unique username.") - private String username; + @Parameter(name = ApiConstants.USERNAME, type = CommandType.STRING, required = true, description = "Unique username.") + private String username; - @Parameter(name = ApiConstants.NETWORK_DOMAIN, type = CommandType.STRING, description = "Network domain for the account's networks") - private String networkDomain; + @Parameter(name = ApiConstants.NETWORK_DOMAIN, type = CommandType.STRING, description = "Network domain for the account's networks") + private String networkDomain; - @Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "details for account used to store specific parameters") - private Map details; + @Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "details for account used to store specific parameters") + private Map details; - @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.STRING, description = "Account UUID, required for adding account from external provisioning system") - private String accountUUID; + @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.STRING, description = "Account UUID, required for adding account from external provisioning system") + private String accountUUID; - @Parameter(name = ApiConstants.USER_ID, type = CommandType.STRING, description = "User UUID, required for adding account from external provisioning system") - private String userUUID; + @Parameter(name = ApiConstants.USER_ID, type = CommandType.STRING, description = "User UUID, required for adding account from external provisioning system") + private String userUUID; - public LdapCreateAccount() { - super(); - } + public LdapCreateAccount() { + super(); + } - public LdapCreateAccount(final LdapManager ldapManager, final AccountService accountService) { - super(); - _ldapManager = ldapManager; - _accountService = accountService; - } + public LdapCreateAccount(final LdapManager ldapManager, + final AccountService accountService) { + super(); + _ldapManager = ldapManager; + _accountService = accountService; + } - @Override - public void execute() throws ServerApiException { - updateCallContext(); - try { - LdapUser user = _ldapManager.getUser(username); - validateUser(user); - UserAccount userAccount = _accountService.createUserAccount(username, generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, - accountName, accountType, domainId, networkDomain, details, accountUUID, userUUID); - if (userAccount != null) { - AccountResponse response = _responseGenerator.createUserAccountResponse(userAccount); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create a user account"); - } - } catch (NamingException e) { - throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, "No LDAP user exists with the username of " + username); - } - } + @Override + public void execute() throws ServerApiException { + updateCallContext(); + try { + LdapUser user = _ldapManager.getUser(username); + validateUser(user); + UserAccount userAccount = _accountService.createUserAccount( + username, generatePassword(), user.getFirstname(), + user.getLastname(), user.getEmail(), timezone, accountName, + accountType, domainId, networkDomain, details, accountUUID, + userUUID); + if (userAccount != null) { + AccountResponse response = _responseGenerator + .createUserAccountResponse(userAccount); + response.setResponseName(getCommandName()); + setResponseObject(response); + } else { + throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, + "Failed to create a user account"); + } + } catch (NamingException e) { + throw new ServerApiException( + ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, + "No LDAP user exists with the username of " + username); + } + } - private void updateCallContext() { - CallContext.current().setEventDetails("Account Name: " + accountName + ", Domain Id:" + domainId); - } + private String generatePassword() throws ServerApiException { + try { + SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG"); + byte bytes[] = new byte[20]; + randomGen.nextBytes(bytes); + return Base64.encode(bytes).toString(); + } catch (NoSuchAlgorithmException e) { + throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, + "Failed to generate random password"); + } + } - private String generatePassword() throws ServerApiException { - try { - SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG"); - byte bytes[] = new byte[20]; - randomGen.nextBytes(bytes); - return Base64.encode(bytes).toString(); - } catch (NoSuchAlgorithmException e) { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to generate random password"); - } - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + private void updateCallContext() { + CallContext.current().setEventDetails( + "Account Name: " + accountName + ", Domain Id:" + domainId); + } - private boolean validateUser(LdapUser user) throws ServerApiException { - if (user.getEmail() == null) { - throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + " has no email address set within LDAP"); - } - if (user.getFirstname() == null) { - throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + " has no firstname set within LDAP"); - } - if (user.getLastname() == null) { - throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + " has no lastname set within LDAP"); - } - return true; - } + private boolean validateUser(LdapUser user) throws ServerApiException { + if (user.getEmail() == null) { + throw new ServerApiException( + ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + + " has no email address set within LDAP"); + } + if (user.getFirstname() == null) { + throw new ServerApiException( + ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + + " has no firstname set within LDAP"); + } + if (user.getLastname() == null) { + throw new ServerApiException( + ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, username + + " has no lastname set within LDAP"); + } + return true; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java index b45bce59e1e..d57c9a39985 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapDeleteConfigurationCmd.java @@ -18,8 +18,6 @@ package org.apache.cloudstack.api.command; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseCmd; @@ -27,50 +25,54 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.LdapConfigurationResponse; import org.apache.cloudstack.ldap.LdapManager; +import org.apache.log4j.Logger; import com.cloud.exception.InvalidParameterValueException; import com.cloud.user.Account; @APICommand(name = "deleteLdapConfiguration", description = "Remove an Ldap Configuration", responseObject = LdapConfigurationResponse.class, since = "4.2.0") public class LdapDeleteConfigurationCmd extends BaseCmd { - public static final Logger s_logger = Logger.getLogger(LdapDeleteConfigurationCmd.class.getName()); - private static final String s_name = "ldapconfigurationresponse"; + public static final Logger s_logger = Logger + .getLogger(LdapDeleteConfigurationCmd.class.getName()); + private static final String s_name = "ldapconfigurationresponse"; - @Inject - private LdapManager _ldapManager; + @Inject + private LdapManager _ldapManager; - @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname") - private String hostname; + @Parameter(name = "hostname", type = CommandType.STRING, required = true, description = "Hostname") + private String hostname; - public LdapDeleteConfigurationCmd() { - super(); - } + public LdapDeleteConfigurationCmd() { + super(); + } - public LdapDeleteConfigurationCmd(final LdapManager ldapManager) { - super(); - _ldapManager = ldapManager; - } + public LdapDeleteConfigurationCmd(final LdapManager ldapManager) { + super(); + _ldapManager = ldapManager; + } - @Override - public void execute() throws ServerApiException { - try { - final LdapConfigurationResponse response = _ldapManager.deleteConfiguration(hostname); - response.setObjectName("LdapDeleteConfiguration"); - response.setResponseName(getCommandName()); - setResponseObject(response); - } catch (final InvalidParameterValueException e) { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString()); - } + @Override + public void execute() throws ServerApiException { + try { + final LdapConfigurationResponse response = _ldapManager + .deleteConfiguration(hostname); + response.setObjectName("LdapDeleteConfiguration"); + response.setResponseName(getCommandName()); + setResponseObject(response); + } catch (final InvalidParameterValueException e) { + throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, + e.toString()); + } - } + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } } diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java index c5d6b40c648..c5cecc7e3fa 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java @@ -21,8 +21,6 @@ import java.util.List; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseListCmd; import org.apache.cloudstack.api.ServerApiException; @@ -31,59 +29,62 @@ import org.apache.cloudstack.api.response.ListResponse; import org.apache.cloudstack.ldap.LdapManager; import org.apache.cloudstack.ldap.LdapUser; import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException; +import org.apache.log4j.Logger; import com.cloud.user.Account; @APICommand(name = "listAllLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0") public class LdapListAllUsersCmd extends BaseListCmd { - public static final Logger s_logger = Logger.getLogger(LdapListAllUsersCmd.class.getName()); - private static final String s_name = "ldapuserresponse"; - @Inject - private LdapManager _ldapManager; + public static final Logger s_logger = Logger + .getLogger(LdapListAllUsersCmd.class.getName()); + private static final String s_name = "ldapuserresponse"; + @Inject + private LdapManager _ldapManager; - public LdapListAllUsersCmd() { - super(); - } + public LdapListAllUsersCmd() { + super(); + } - public LdapListAllUsersCmd(final LdapManager ldapManager) { - super(); - _ldapManager = ldapManager; - } + public LdapListAllUsersCmd(final LdapManager ldapManager) { + super(); + _ldapManager = ldapManager; + } - private List createLdapUserResponse(List users) { - final List ldapResponses = new ArrayList(); - for (final LdapUser user : users) { - final LdapUserResponse ldapResponse = _ldapManager.createLdapUserResponse(user); - ldapResponse.setObjectName("LdapUser"); - ldapResponses.add(ldapResponse); - } - return ldapResponses; - } + private List createLdapUserResponse(List users) { + final List ldapResponses = new ArrayList(); + for (final LdapUser user : users) { + final LdapUserResponse ldapResponse = _ldapManager + .createLdapUserResponse(user); + ldapResponse.setObjectName("LdapUser"); + ldapResponses.add(ldapResponse); + } + return ldapResponses; + } - @Override - public void execute() throws ServerApiException { - List ldapResponses = null; - final ListResponse response = new ListResponse(); - try { - final List users = _ldapManager.getUsers(); - ldapResponses = createLdapUserResponse(users); - } catch (final NoLdapUserMatchingQueryException ex) { - ldapResponses = new ArrayList(); - } finally { - response.setResponses(ldapResponses); - response.setResponseName(getCommandName()); - setResponseObject(response); - } - } + @Override + public void execute() throws ServerApiException { + List ldapResponses = null; + final ListResponse response = new ListResponse(); + try { + final List users = _ldapManager.getUsers(); + ldapResponses = createLdapUserResponse(users); + } catch (final NoLdapUserMatchingQueryException ex) { + ldapResponses = new ArrayList(); + } finally { + response.setResponses(ldapResponses); + response.setResponseName(getCommandName()); + setResponseObject(response); + } + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java index fc9bd35ab04..7abfefea6d0 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListConfigurationCmd.java @@ -21,8 +21,6 @@ import java.util.List; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseListCmd; import org.apache.cloudstack.api.Parameter; @@ -30,77 +28,83 @@ import org.apache.cloudstack.api.response.LdapConfigurationResponse; import org.apache.cloudstack.api.response.ListResponse; import org.apache.cloudstack.ldap.LdapConfigurationVO; import org.apache.cloudstack.ldap.LdapManager; +import org.apache.log4j.Logger; import com.cloud.user.Account; import com.cloud.utils.Pair; @APICommand(name = "listLdapConfigurations", responseObject = LdapConfigurationResponse.class, description = "Lists all LDAP configurations", since = "4.2.0") public class LdapListConfigurationCmd extends BaseListCmd { - public static final Logger s_logger = Logger.getLogger(LdapListConfigurationCmd.class.getName()); + public static final Logger s_logger = Logger + .getLogger(LdapListConfigurationCmd.class.getName()); - private static final String s_name = "ldapconfigurationresponse"; + private static final String s_name = "ldapconfigurationresponse"; - @Inject - private LdapManager _ldapManager; + @Inject + private LdapManager _ldapManager; - @Parameter(name = "hostname", type = CommandType.STRING, required = false, description = "Hostname") - private String hostname; + @Parameter(name = "hostname", type = CommandType.STRING, required = false, description = "Hostname") + private String hostname; - @Parameter(name = "port", type = CommandType.INTEGER, required = false, description = "Port") - private int port; + @Parameter(name = "port", type = CommandType.INTEGER, required = false, description = "Port") + private int port; - public LdapListConfigurationCmd() { - super(); - } + public LdapListConfigurationCmd() { + super(); + } - public LdapListConfigurationCmd(final LdapManager ldapManager) { - super(); - _ldapManager = ldapManager; - } + public LdapListConfigurationCmd(final LdapManager ldapManager) { + super(); + _ldapManager = ldapManager; + } - private List createLdapConfigurationResponses(List configurations) { - final List responses = new ArrayList(); - for (final LdapConfigurationVO resource : configurations) { - final LdapConfigurationResponse configurationResponse = _ldapManager.createLdapConfigurationResponse(resource); - configurationResponse.setObjectName("LdapConfiguration"); - responses.add(configurationResponse); - } - return responses; - } + private List createLdapConfigurationResponses( + List configurations) { + final List responses = new ArrayList(); + for (final LdapConfigurationVO resource : configurations) { + final LdapConfigurationResponse configurationResponse = _ldapManager + .createLdapConfigurationResponse(resource); + configurationResponse.setObjectName("LdapConfiguration"); + responses.add(configurationResponse); + } + return responses; + } - @Override - public void execute() { - final Pair, Integer> result = _ldapManager.listConfigurations(this); - final List responses = createLdapConfigurationResponses(result.first()); - final ListResponse response = new ListResponse(); - response.setResponses(responses, result.second()); - response.setResponseName(getCommandName()); - setResponseObject(response); - } + @Override + public void execute() { + final Pair, Integer> result = _ldapManager + .listConfigurations(this); + final List responses = createLdapConfigurationResponses(result + .first()); + final ListResponse response = new ListResponse(); + response.setResponses(responses, result.second()); + response.setResponseName(getCommandName()); + setResponseObject(response); + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } - public String getHostname() { - return hostname; - } + public String getHostname() { + return hostname; + } - public int getPort() { - return port; - } + public int getPort() { + return port; + } - public void setHostname(final String hostname) { - this.hostname = hostname; - } + public void setHostname(final String hostname) { + this.hostname = hostname; + } - public void setPort(final int port) { - this.port = port; - } + public void setPort(final int port) { + this.port = port; + } } diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java index 314581b4757..735988299be 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapUserSearchCmd.java @@ -21,8 +21,6 @@ import java.util.List; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseListCmd; import org.apache.cloudstack.api.Parameter; @@ -31,66 +29,69 @@ import org.apache.cloudstack.api.response.ListResponse; import org.apache.cloudstack.ldap.LdapManager; import org.apache.cloudstack.ldap.LdapUser; import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException; +import org.apache.log4j.Logger; import com.cloud.user.Account; @APICommand(name = "searchLdap", responseObject = LdapUserResponse.class, description = "Searches LDAP based on the username attribute", since = "4.2.0") public class LdapUserSearchCmd extends BaseListCmd { - public static final Logger s_logger = Logger.getLogger(LdapUserSearchCmd.class.getName()); - private static final String s_name = "ldapuserresponse"; - @Inject - private LdapManager _ldapManager; + public static final Logger s_logger = Logger + .getLogger(LdapUserSearchCmd.class.getName()); + private static final String s_name = "ldapuserresponse"; + @Inject + private LdapManager _ldapManager; - @Parameter(name = "query", type = CommandType.STRING, entityType = LdapUserResponse.class, required = true, description = "query to search using") - private String query; + @Parameter(name = "query", type = CommandType.STRING, entityType = LdapUserResponse.class, required = true, description = "query to search using") + private String query; - public LdapUserSearchCmd() { - super(); - } + public LdapUserSearchCmd() { + super(); + } - public LdapUserSearchCmd(final LdapManager ldapManager) { - super(); - _ldapManager = ldapManager; - } + public LdapUserSearchCmd(final LdapManager ldapManager) { + super(); + _ldapManager = ldapManager; + } - private List createLdapUserResponse(List users) { - final List ldapUserResponses = new ArrayList(); - if (users != null) { - for (final LdapUser user : users) { - final LdapUserResponse ldapUserResponse = _ldapManager.createLdapUserResponse(user); - ldapUserResponse.setObjectName("LdapUser"); - ldapUserResponses.add(ldapUserResponse); - } - } - return ldapUserResponses; - } + private List createLdapUserResponse(List users) { + final List ldapUserResponses = new ArrayList(); + if (users != null) { + for (final LdapUser user : users) { + final LdapUserResponse ldapUserResponse = _ldapManager + .createLdapUserResponse(user); + ldapUserResponse.setObjectName("LdapUser"); + ldapUserResponses.add(ldapUserResponse); + } + } + return ldapUserResponses; + } - @Override - public void execute() { - final ListResponse response = new ListResponse(); - List users = null; + @Override + public void execute() { + final ListResponse response = new ListResponse(); + List users = null; - try { - users = _ldapManager.searchUsers(query); - } catch (final NoLdapUserMatchingQueryException e) { - s_logger.debug(e.getMessage()); - } + try { + users = _ldapManager.searchUsers(query); + } catch (final NoLdapUserMatchingQueryException e) { + s_logger.debug(e.getMessage()); + } - final List ldapUserResponses = createLdapUserResponse(users); + final List ldapUserResponses = createLdapUserResponse(users); - response.setResponses(ldapUserResponses); - response.setResponseName(getCommandName()); - setResponseObject(response); - } + response.setResponses(ldapUserResponses); + response.setResponseName(getCommandName()); + setResponseObject(response); + } - @Override - public String getCommandName() { - return s_name; - } + @Override + public String getCommandName() { + return s_name; + } - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } + @Override + public long getEntityOwnerId() { + return Account.ACCOUNT_ID_SYSTEM; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java index a4e47828844..39d5baeae84 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java @@ -16,48 +16,47 @@ // under the License. package org.apache.cloudstack.api.response; -import com.google.gson.annotations.SerializedName; - import org.apache.cloudstack.api.BaseResponse; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; public class LdapConfigurationResponse extends BaseResponse { - @SerializedName("hostname") - @Param(description = "hostname") - private String hostname; + @SerializedName("hostname") + @Param(description = "hostname") + private String hostname; - @SerializedName("port") - @Param(description = "port") - private int port; + @SerializedName("port") + @Param(description = "port") + private int port; - public LdapConfigurationResponse() { - super(); - } + public LdapConfigurationResponse() { + super(); + } - public LdapConfigurationResponse(final String hostname) { - super(); - this.hostname = hostname; - } + public LdapConfigurationResponse(final String hostname) { + super(); + this.hostname = hostname; + } - public LdapConfigurationResponse(final String hostname, final int port) { - this.hostname = hostname; - this.port = port; - } + public LdapConfigurationResponse(final String hostname, final int port) { + this.hostname = hostname; + this.port = port; + } - public String getHostname() { - return hostname; - } + public String getHostname() { + return hostname; + } - public int getPort() { - return port; - } + public int getPort() { + return port; + } - public void setHostname(final String hostname) { - this.hostname = hostname; - } + public void setHostname(final String hostname) { + this.hostname = hostname; + } - public void setPort(final int port) { - this.port = port; - } + public void setPort(final int port) { + this.port = port; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java index eb1c14c5b64..9b21c8f54e8 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapUserResponse.java @@ -16,83 +16,84 @@ // under the License. package org.apache.cloudstack.api.response; -import com.google.gson.annotations.SerializedName; - import org.apache.cloudstack.api.BaseResponse; import com.cloud.serializer.Param; +import com.google.gson.annotations.SerializedName; public class LdapUserResponse extends BaseResponse { - @SerializedName("email") - @Param(description = "The user's email") - private String email; + @SerializedName("email") + @Param(description = "The user's email") + private String email; - @SerializedName("principal") - @Param(description = "The user's principle") - private String principal; + @SerializedName("principal") + @Param(description = "The user's principle") + private String principal; - @SerializedName("firstname") - @Param(description = "The user's firstname") - private String firstname; + @SerializedName("firstname") + @Param(description = "The user's firstname") + private String firstname; - @SerializedName("lastname") - @Param(description = "The user's lastname") - private String lastname; + @SerializedName("lastname") + @Param(description = "The user's lastname") + private String lastname; - @SerializedName("username") - @Param(description = "The user's username") - private String username; + @SerializedName("username") + @Param(description = "The user's username") + private String username; - public LdapUserResponse() { - super(); - } + public LdapUserResponse() { + super(); + } - public LdapUserResponse(final String username, final String email, final String firstname, final String lastname, final String principal) { - super(); - this.username = username; - this.email = email; - this.firstname = firstname; - this.lastname = lastname; - this.principal = principal; - } + public LdapUserResponse(final String username, final String email, + final String firstname, final String lastname, + final String principal) { + super(); + this.username = username; + this.email = email; + this.firstname = firstname; + this.lastname = lastname; + this.principal = principal; + } - public String getEmail() { - return email; - } + public String getEmail() { + return email; + } - public String getFirstname() { - return firstname; - } + public String getFirstname() { + return firstname; + } - public String getLastname() { - return lastname; - } + public String getLastname() { + return lastname; + } - public String getPrincipal() { - return principal; - } + public String getPrincipal() { + return principal; + } - public String getUsername() { - return username; - } + public String getUsername() { + return username; + } - public void setEmail(final String email) { - this.email = email; - } + public void setEmail(final String email) { + this.email = email; + } - public void setFirstname(final String firstname) { - this.firstname = firstname; - } + public void setFirstname(final String firstname) { + this.firstname = firstname; + } - public void setLastname(final String lastname) { - this.lastname = lastname; - } + public void setLastname(final String lastname) { + this.lastname = lastname; + } - public void setPrincipal(final String principal) { - this.principal = principal; - } + public void setPrincipal(final String principal) { + this.principal = principal; + } - public void setUsername(final String username) { - this.username = username; - } + public void setUsername(final String username) { + this.username = username; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java index 54b6a8b4ceb..fdea9b6c594 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java @@ -20,54 +20,59 @@ import java.util.Map; import javax.inject.Inject; -import org.apache.log4j.Logger; - import org.apache.cloudstack.api.command.LdapListConfigurationCmd; +import org.apache.log4j.Logger; import com.cloud.server.auth.DefaultUserAuthenticator; import com.cloud.user.UserAccount; import com.cloud.user.dao.UserAccountDao; public class LdapAuthenticator extends DefaultUserAuthenticator { - private static final Logger s_logger = Logger.getLogger(LdapAuthenticator.class.getName()); + private static final Logger s_logger = Logger + .getLogger(LdapAuthenticator.class.getName()); - @Inject - private LdapManager _ldapManager; - @Inject - private UserAccountDao _userAccountDao; + @Inject + private LdapManager _ldapManager; + @Inject + private UserAccountDao _userAccountDao; - public LdapAuthenticator() { - super(); - } + public LdapAuthenticator() { + super(); + } - public LdapAuthenticator(final LdapManager ldapManager, final UserAccountDao userAccountDao) { - super(); - _ldapManager = ldapManager; - _userAccountDao = userAccountDao; - } + public LdapAuthenticator(final LdapManager ldapManager, + final UserAccountDao userAccountDao) { + super(); + _ldapManager = ldapManager; + _userAccountDao = userAccountDao; + } - @Override - public boolean authenticate(final String username, final String password, final Long domainId, final Map requestParameters) { + @Override + public boolean authenticate(final String username, final String password, + final Long domainId, final Map requestParameters) { - final UserAccount user = _userAccountDao.getUserAccount(username, domainId); + final UserAccount user = _userAccountDao.getUserAccount(username, + domainId); - if (user == null) { - s_logger.debug("Unable to find user with " + username + " in domain " + domainId); - return false; - } else if (isLdapConfigurationPresent()) { - return _ldapManager.canAuthenticate(username, password); - } else { - return false; - } - } + if (user == null) { + s_logger.debug("Unable to find user with " + username + + " in domain " + domainId); + return false; + } else if (isLdapConfigurationPresent()) { + return _ldapManager.canAuthenticate(username, password); + } else { + return false; + } + } - @Override - public String encode(final String password) { - return password; - } + @Override + public String encode(final String password) { + return password; + } - private boolean isLdapConfigurationPresent() { - return _ldapManager.listConfigurations(new LdapListConfigurationCmd(_ldapManager)).second() > 0; - } + private boolean isLdapConfigurationPresent() { + return _ldapManager.listConfigurations( + new LdapListConfigurationCmd(_ldapManager)).second() > 0; + } } diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java index 1d2ddfbf8f6..c0b4a3253d8 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java @@ -27,94 +27,123 @@ import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.utils.Pair; public class LdapConfiguration { - private final static String factory = "com.sun.jndi.ldap.LdapCtxFactory"; + private final static String factory = "com.sun.jndi.ldap.LdapCtxFactory"; - private final static int scope = SearchControls.SUBTREE_SCOPE; + private final static int scope = SearchControls.SUBTREE_SCOPE; - @Inject - private ConfigurationDao _configDao; + @Inject + private ConfigurationDao _configDao; - @Inject - private LdapManager _ldapManager; + @Inject + private LdapManager _ldapManager; - public LdapConfiguration() { - } + public LdapConfiguration() { + } - public LdapConfiguration(final ConfigurationDao configDao, final LdapManager ldapManager) { - _configDao = configDao; - _ldapManager = ldapManager; - } + public LdapConfiguration(final ConfigurationDao configDao, + final LdapManager ldapManager) { + _configDao = configDao; + _ldapManager = ldapManager; + } - public String getAuthentication() { - if ((getBindPrincipal() == null) && (getBindPassword() == null)) { - return "none"; - } else { - return "simple"; - } - } + public String getAuthentication() { + if ((getBindPrincipal() == null) && (getBindPassword() == null)) { + return "none"; + } else { + return "simple"; + } + } - public String getBaseDn() { - return _configDao.getValue("ldap.basedn"); - } + public String getBaseDn() { + return _configDao.getValue("ldap.basedn"); + } - public String getBindPassword() { - return _configDao.getValue("ldap.bind.password"); - } + public String getBindPassword() { + return _configDao.getValue("ldap.bind.password"); + } - public String getBindPrincipal() { - return _configDao.getValue("ldap.bind.principal"); - } + public String getBindPrincipal() { + return _configDao.getValue("ldap.bind.principal"); + } - public String getEmailAttribute() { - final String emailAttribute = _configDao.getValue("ldap.email.attribute"); - return emailAttribute == null ? "mail" : emailAttribute; - } + public String getEmailAttribute() { + final String emailAttribute = _configDao + .getValue("ldap.email.attribute"); + return emailAttribute == null ? "mail" : emailAttribute; + } - public String getFactory() { - return factory; - } + public String getFactory() { + return factory; + } - public String getFirstnameAttribute() { - final String firstnameAttribute = _configDao.getValue("ldap.firstname.attribute"); - return firstnameAttribute == null ? "givenname" : firstnameAttribute; - } + public String getFirstnameAttribute() { + final String firstnameAttribute = _configDao + .getValue("ldap.firstname.attribute"); + return firstnameAttribute == null ? "givenname" : firstnameAttribute; + } - public String getLastnameAttribute() { - final String lastnameAttribute = _configDao.getValue("ldap.lastname.attribute"); - return lastnameAttribute == null ? "sn" : lastnameAttribute; - } + public String getLastnameAttribute() { + final String lastnameAttribute = _configDao + .getValue("ldap.lastname.attribute"); + return lastnameAttribute == null ? "sn" : lastnameAttribute; + } - public String getProviderUrl() { - final Pair, Integer> result = _ldapManager.listConfigurations(new LdapListConfigurationCmd(_ldapManager)); - final StringBuilder providerUrls = new StringBuilder(); - String delim = ""; - for (final LdapConfigurationVO resource : result.first()) { - final String providerUrl = "ldap://" + resource.getHostname() + ":" + resource.getPort(); - providerUrls.append(delim).append(providerUrl); - delim = " "; - } - return providerUrls.toString(); - } + public String getProviderUrl() { + final String protocol = getSSLStatus() == true ? "ldaps://" : "ldap://"; + final Pair, Integer> result = _ldapManager + .listConfigurations(new LdapListConfigurationCmd(_ldapManager)); + final StringBuilder providerUrls = new StringBuilder(); + String delim = ""; + for (final LdapConfigurationVO resource : result.first()) { + final String providerUrl = protocol + resource.getHostname() + ":" + + resource.getPort(); + providerUrls.append(delim).append(providerUrl); + delim = " "; + } + return providerUrls.toString(); + } - public String[] getReturnAttributes() { - return new String[] {getUsernameAttribute(), getEmailAttribute(), getFirstnameAttribute(), getLastnameAttribute()}; - } + public String[] getReturnAttributes() { + return new String[] { getUsernameAttribute(), getEmailAttribute(), + getFirstnameAttribute(), getLastnameAttribute() }; + } - public int getScope() { - return scope; - } + public int getScope() { + return scope; + } - public String getUsernameAttribute() { - final String usernameAttribute = _configDao.getValue("ldap.username.attribute"); - return usernameAttribute == null ? "uid" : usernameAttribute; - } + public String getSearchGroupPrinciple() { + return _configDao.getValue("ldap.search.group.principle"); + } - public String getUserObject() { - final String userObject = _configDao.getValue("ldap.user.object"); - return userObject == null ? "inetOrgPerson" : userObject; - } + public boolean getSSLStatus() { + boolean sslStatus = false; + String dbValueForSSLStatus = _configDao.getValue("ldap.ssl.enabled"); + if (dbValueForSSLStatus != null) { + sslStatus = dbValueForSSLStatus == "false" ? false : true; + } + if (getTrustStore() == null || getTrustStorePassword() == null) { + sslStatus = false; + } + return sslStatus; + } - public String getSearchGroupPrinciple() { - return _configDao.getValue("ldap.search.group.principle"); - } + public String getTrustStore() { + return _configDao.getValue("ldap.truststore"); + } + + public String getTrustStorePassword() { + return _configDao.getValue("ldap.truststore.password"); + } + + public String getUsernameAttribute() { + final String usernameAttribute = _configDao + .getValue("ldap.username.attribute"); + return usernameAttribute == null ? "uid" : usernameAttribute; + } + + public String getUserObject() { + final String userObject = _configDao.getValue("ldap.user.object"); + return userObject == null ? "inetOrgPerson" : userObject; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java index 5a243f2e59f..0b548f32ccd 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java @@ -28,39 +28,39 @@ import org.apache.cloudstack.api.InternalIdentity; @Entity @Table(name = "ldap_configuration") public class LdapConfigurationVO implements InternalIdentity { - @Column(name = "hostname") - private String hostname; + @Column(name = "hostname") + private String hostname; - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private Long id; - @Column(name = "port") - private int port; + @Column(name = "port") + private int port; - public LdapConfigurationVO() { - } + public LdapConfigurationVO() { + } - public LdapConfigurationVO(final String hostname, final int port) { - this.hostname = hostname; - this.port = port; - } + public LdapConfigurationVO(final String hostname, final int port) { + this.hostname = hostname; + this.port = port; + } - public String getHostname() { - return hostname; - } + public String getHostname() { + return hostname; + } - @Override - public long getId() { - return id; - } + @Override + public long getId() { + return id; + } - public int getPort() { - return port; - } + public int getPort() { + return port; + } - public void setId(long id) { - this.id = id; - } + public void setId(long id) { + this.id = id; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java index fd33e8862e6..c971b70c352 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java @@ -27,77 +27,99 @@ import javax.naming.directory.InitialDirContext; import org.apache.log4j.Logger; public class LdapContextFactory { - private static final Logger s_logger = Logger.getLogger(LdapContextFactory.class.getName()); + private static final Logger s_logger = Logger + .getLogger(LdapContextFactory.class.getName()); - @Inject - private LdapConfiguration _ldapConfiguration; + @Inject + private LdapConfiguration _ldapConfiguration; - public LdapContextFactory() { - } + public LdapContextFactory() { + } - public LdapContextFactory(final LdapConfiguration ldapConfiguration) { - _ldapConfiguration = ldapConfiguration; - } + public LdapContextFactory(final LdapConfiguration ldapConfiguration) { + _ldapConfiguration = ldapConfiguration; + } - public DirContext createBindContext() throws NamingException { - return createBindContext(null); - } + public DirContext createBindContext() throws NamingException { + return createBindContext(null); + } - public DirContext createBindContext(final String providerUrl) throws NamingException { - final String bindPrincipal = _ldapConfiguration.getBindPrincipal(); - final String bindPassword = _ldapConfiguration.getBindPassword(); - return createInitialDirContext(bindPrincipal, bindPassword, providerUrl, true); - } + public DirContext createBindContext(final String providerUrl) + throws NamingException { + final String bindPrincipal = _ldapConfiguration.getBindPrincipal(); + final String bindPassword = _ldapConfiguration.getBindPassword(); + return createInitialDirContext(bindPrincipal, bindPassword, + providerUrl, true); + } - private DirContext createInitialDirContext(final String principal, final String password, final boolean isSystemContext) throws NamingException { - return createInitialDirContext(principal, password, null, isSystemContext); - } + private DirContext createInitialDirContext(final String principal, + final String password, final boolean isSystemContext) + throws NamingException { + return createInitialDirContext(principal, password, null, + isSystemContext); + } - private DirContext createInitialDirContext(final String principal, final String password, final String providerUrl, final boolean isSystemContext) throws NamingException { - return new InitialDirContext(getEnvironment(principal, password, providerUrl, isSystemContext)); - } + private DirContext createInitialDirContext(final String principal, + final String password, final String providerUrl, + final boolean isSystemContext) throws NamingException { + return new InitialDirContext(getEnvironment(principal, password, + providerUrl, isSystemContext)); + } - public DirContext createUserContext(final String principal, final String password) throws NamingException { - return createInitialDirContext(principal, password, false); - } + public DirContext createUserContext(final String principal, + final String password) throws NamingException { + return createInitialDirContext(principal, password, false); + } - private Hashtable getEnvironment(final String principal, final String password, final String providerUrl, final boolean isSystemContext) { - final String factory = _ldapConfiguration.getFactory(); - final String url = providerUrl == null ? _ldapConfiguration.getProviderUrl() : providerUrl; - final String authentication = _ldapConfiguration.getAuthentication(); + private Hashtable getEnvironment(final String principal, + final String password, final String providerUrl, + final boolean isSystemContext) { + final String factory = _ldapConfiguration.getFactory(); + final String url = providerUrl == null ? _ldapConfiguration + .getProviderUrl() : providerUrl; + final String authentication = _ldapConfiguration.getAuthentication(); + final boolean sslStatus = _ldapConfiguration.getSSLStatus(); - final Hashtable environment = new Hashtable(); + final Hashtable environment = new Hashtable(); - environment.put(Context.INITIAL_CONTEXT_FACTORY, factory); - environment.put(Context.PROVIDER_URL, url); - environment.put("com.sun.jndi.ldap.read.timeout", "500"); - environment.put("com.sun.jndi.ldap.connect.pool", "true"); + environment.put(Context.INITIAL_CONTEXT_FACTORY, factory); + environment.put(Context.PROVIDER_URL, url); + environment.put("com.sun.jndi.ldap.read.timeout", "500"); + environment.put("com.sun.jndi.ldap.connect.pool", "true"); - if ("none".equals(authentication) && !isSystemContext) { - environment.put(Context.SECURITY_AUTHENTICATION, "simple"); - } else { - environment.put(Context.SECURITY_AUTHENTICATION, authentication); - } + if (sslStatus) { + environment.put(Context.SECURITY_PROTOCOL, "ssl"); + System.setProperty("javax.net.ssl.trustStore", + _ldapConfiguration.getTrustStore()); + System.setProperty("javax.net.ssl.trustStorePassword", + _ldapConfiguration.getTrustStorePassword()); + } - if (principal != null) { - environment.put(Context.SECURITY_PRINCIPAL, principal); - } + if ("none".equals(authentication) && !isSystemContext) { + environment.put(Context.SECURITY_AUTHENTICATION, "simple"); + } else { + environment.put(Context.SECURITY_AUTHENTICATION, authentication); + } - if (password != null) { - environment.put(Context.SECURITY_CREDENTIALS, password); - } + if (principal != null) { + environment.put(Context.SECURITY_PRINCIPAL, principal); + } - return environment; - } + if (password != null) { + environment.put(Context.SECURITY_CREDENTIALS, password); + } - public void testConnection(final String providerUrl) throws NamingException { - try { - createBindContext(providerUrl); - s_logger.info("LDAP Connection was successful"); - } catch (final NamingException e) { - s_logger.warn("LDAP Connection failed"); - s_logger.error(e.getMessage(), e); - throw e; - } - } + return environment; + } + + public void testConnection(final String providerUrl) throws NamingException { + try { + createBindContext(providerUrl); + s_logger.info("LDAP Connection was successful"); + } catch (final NamingException e) { + s_logger.warn("LDAP Connection failed"); + s_logger.error(e.getMessage(), e); + throw e; + } + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java index aa0b7517c16..eb4332dc2e7 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java @@ -30,21 +30,26 @@ import com.cloud.utils.component.PluggableService; public interface LdapManager extends PluggableService { - LdapConfigurationResponse addConfiguration(String hostname, int port) throws InvalidParameterValueException; + LdapConfigurationResponse addConfiguration(String hostname, int port) + throws InvalidParameterValueException; - boolean canAuthenticate(String username, String password); + boolean canAuthenticate(String username, String password); - LdapConfigurationResponse createLdapConfigurationResponse(LdapConfigurationVO configuration); + LdapConfigurationResponse createLdapConfigurationResponse( + LdapConfigurationVO configuration); - LdapUserResponse createLdapUserResponse(LdapUser user); + LdapUserResponse createLdapUserResponse(LdapUser user); - LdapConfigurationResponse deleteConfiguration(String hostname) throws InvalidParameterValueException; + LdapConfigurationResponse deleteConfiguration(String hostname) + throws InvalidParameterValueException; - LdapUser getUser(final String username) throws NamingException; + LdapUser getUser(final String username) throws NamingException; - List getUsers() throws NoLdapUserMatchingQueryException; + List getUsers() throws NoLdapUserMatchingQueryException; - Pair, Integer> listConfigurations(LdapListConfigurationCmd cmd); + Pair, Integer> listConfigurations( + LdapListConfigurationCmd cmd); - List searchUsers(String query) throws NoLdapUserMatchingQueryException; + List searchUsers(String query) + throws NoLdapUserMatchingQueryException; } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java index 5d73ce94bbe..d358ae34166 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java @@ -24,9 +24,6 @@ import javax.inject.Inject; import javax.naming.NamingException; import javax.naming.directory.DirContext; -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - import org.apache.cloudstack.api.LdapValidator; import org.apache.cloudstack.api.command.LdapAddConfigurationCmd; import org.apache.cloudstack.api.command.LdapCreateAccount; @@ -37,6 +34,8 @@ import org.apache.cloudstack.api.command.LdapUserSearchCmd; import org.apache.cloudstack.api.response.LdapConfigurationResponse; import org.apache.cloudstack.api.response.LdapUserResponse; import org.apache.cloudstack.ldap.dao.LdapConfigurationDao; +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; import com.cloud.exception.InvalidParameterValueException; import com.cloud.utils.Pair; @@ -44,168 +43,190 @@ import com.cloud.utils.Pair; @Component @Local(value = LdapManager.class) public class LdapManagerImpl implements LdapManager, LdapValidator { - private static final Logger s_logger = Logger.getLogger(LdapManagerImpl.class.getName()); + private static final Logger s_logger = Logger + .getLogger(LdapManagerImpl.class.getName()); - @Inject - private LdapConfigurationDao _ldapConfigurationDao; + @Inject + private LdapConfigurationDao _ldapConfigurationDao; - @Inject - private LdapContextFactory _ldapContextFactory; + @Inject + private LdapContextFactory _ldapContextFactory; - @Inject - private LdapUserManager _ldapUserManager; + @Inject + private LdapUserManager _ldapUserManager; - public LdapManagerImpl() { - super(); - } + public LdapManagerImpl() { + super(); + } - public LdapManagerImpl(final LdapConfigurationDao ldapConfigurationDao, final LdapContextFactory ldapContextFactory, final LdapUserManager ldapUserManager) { - super(); - _ldapConfigurationDao = ldapConfigurationDao; - _ldapContextFactory = ldapContextFactory; - _ldapUserManager = ldapUserManager; - } + public LdapManagerImpl(final LdapConfigurationDao ldapConfigurationDao, + final LdapContextFactory ldapContextFactory, + final LdapUserManager ldapUserManager) { + super(); + _ldapConfigurationDao = ldapConfigurationDao; + _ldapContextFactory = ldapContextFactory; + _ldapUserManager = ldapUserManager; + } - @Override - public LdapConfigurationResponse addConfiguration(final String hostname, final int port) throws InvalidParameterValueException { - LdapConfigurationVO configuration = _ldapConfigurationDao.findByHostname(hostname); - if (configuration == null) { - try { - final String providerUrl = "ldap://" + hostname + ":" + port; - _ldapContextFactory.createBindContext(providerUrl); - configuration = new LdapConfigurationVO(hostname, port); - _ldapConfigurationDao.persist(configuration); - s_logger.info("Added new ldap server with hostname: " + hostname); - return new LdapConfigurationResponse(hostname, port); - } catch (final NamingException e) { - throw new InvalidParameterValueException("Unable to bind to the given LDAP server"); - } - } else { - throw new InvalidParameterValueException("Duplicate configuration"); - } - } + @Override + public LdapConfigurationResponse addConfiguration(final String hostname, + final int port) throws InvalidParameterValueException { + LdapConfigurationVO configuration = _ldapConfigurationDao + .findByHostname(hostname); + if (configuration == null) { + try { + final String providerUrl = "ldap://" + hostname + ":" + port; + _ldapContextFactory.createBindContext(providerUrl); + configuration = new LdapConfigurationVO(hostname, port); + _ldapConfigurationDao.persist(configuration); + s_logger.info("Added new ldap server with hostname: " + + hostname); + return new LdapConfigurationResponse(hostname, port); + } catch (final NamingException e) { + throw new InvalidParameterValueException( + "Unable to bind to the given LDAP server"); + } + } else { + throw new InvalidParameterValueException("Duplicate configuration"); + } + } - @Override - public boolean canAuthenticate(final String username, final String password) { - final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username); - try { - final LdapUser user = getUser(escapedUsername); - final String principal = user.getPrincipal(); - final DirContext context = _ldapContextFactory.createUserContext(principal, password); - closeContext(context); - return true; - } catch (final NamingException e) { - s_logger.info("Failed to authenticate user: " + username + ". incorrect password."); - return false; - } - } + @Override + public boolean canAuthenticate(final String username, final String password) { + final String escapedUsername = LdapUtils + .escapeLDAPSearchFilter(username); + try { + final LdapUser user = getUser(escapedUsername); + final String principal = user.getPrincipal(); + final DirContext context = _ldapContextFactory.createUserContext( + principal, password); + closeContext(context); + return true; + } catch (final NamingException e) { + s_logger.info("Failed to authenticate user: " + username + + ". incorrect password."); + return false; + } + } - private void closeContext(final DirContext context) { - try { - if (context != null) { - context.close(); - } - } catch (final NamingException e) { - s_logger.warn(e.getMessage()); - } - } + private void closeContext(final DirContext context) { + try { + if (context != null) { + context.close(); + } + } catch (final NamingException e) { + s_logger.warn(e.getMessage()); + } + } - @Override - public LdapConfigurationResponse createLdapConfigurationResponse(final LdapConfigurationVO configuration) { - final LdapConfigurationResponse response = new LdapConfigurationResponse(); - response.setHostname(configuration.getHostname()); - response.setPort(configuration.getPort()); - return response; - } + @Override + public LdapConfigurationResponse createLdapConfigurationResponse( + final LdapConfigurationVO configuration) { + final LdapConfigurationResponse response = new LdapConfigurationResponse(); + response.setHostname(configuration.getHostname()); + response.setPort(configuration.getPort()); + return response; + } - @Override - public LdapUserResponse createLdapUserResponse(final LdapUser user) { - final LdapUserResponse response = new LdapUserResponse(); - response.setUsername(user.getUsername()); - response.setFirstname(user.getFirstname()); - response.setLastname(user.getLastname()); - response.setEmail(user.getEmail()); - response.setPrincipal(user.getPrincipal()); - return response; - } + @Override + public LdapUserResponse createLdapUserResponse(final LdapUser user) { + final LdapUserResponse response = new LdapUserResponse(); + response.setUsername(user.getUsername()); + response.setFirstname(user.getFirstname()); + response.setLastname(user.getLastname()); + response.setEmail(user.getEmail()); + response.setPrincipal(user.getPrincipal()); + return response; + } - @Override - public LdapConfigurationResponse deleteConfiguration(final String hostname) throws InvalidParameterValueException { - final LdapConfigurationVO configuration = _ldapConfigurationDao.findByHostname(hostname); - if (configuration == null) { - throw new InvalidParameterValueException("Cannot find configuration with hostname " + hostname); - } else { - _ldapConfigurationDao.remove(configuration.getId()); - s_logger.info("Removed ldap server with hostname: " + hostname); - return new LdapConfigurationResponse(configuration.getHostname(), configuration.getPort()); - } - } + @Override + public LdapConfigurationResponse deleteConfiguration(final String hostname) + throws InvalidParameterValueException { + final LdapConfigurationVO configuration = _ldapConfigurationDao + .findByHostname(hostname); + if (configuration == null) { + throw new InvalidParameterValueException( + "Cannot find configuration with hostname " + hostname); + } else { + _ldapConfigurationDao.remove(configuration.getId()); + s_logger.info("Removed ldap server with hostname: " + hostname); + return new LdapConfigurationResponse(configuration.getHostname(), + configuration.getPort()); + } + } - @Override - public List> getCommands() { - final List> cmdList = new ArrayList>(); - cmdList.add(LdapUserSearchCmd.class); - cmdList.add(LdapListAllUsersCmd.class); - cmdList.add(LdapAddConfigurationCmd.class); - cmdList.add(LdapDeleteConfigurationCmd.class); - cmdList.add(LdapListConfigurationCmd.class); - cmdList.add(LdapCreateAccount.class); - return cmdList; - } + @Override + public List> getCommands() { + final List> cmdList = new ArrayList>(); + cmdList.add(LdapUserSearchCmd.class); + cmdList.add(LdapListAllUsersCmd.class); + cmdList.add(LdapAddConfigurationCmd.class); + cmdList.add(LdapDeleteConfigurationCmd.class); + cmdList.add(LdapListConfigurationCmd.class); + cmdList.add(LdapCreateAccount.class); + return cmdList; + } - @Override - public LdapUser getUser(final String username) throws NamingException { - DirContext context = null; - try { - context = _ldapContextFactory.createBindContext(); + @Override + public LdapUser getUser(final String username) throws NamingException { + DirContext context = null; + try { + context = _ldapContextFactory.createBindContext(); - final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username); - return _ldapUserManager.getUser(escapedUsername, context); + final String escapedUsername = LdapUtils + .escapeLDAPSearchFilter(username); + return _ldapUserManager.getUser(escapedUsername, context); - } catch (final NamingException e) { - throw e; - } finally { - closeContext(context); - } - } + } catch (final NamingException e) { + throw e; + } finally { + closeContext(context); + } + } - @Override - public List getUsers() throws NoLdapUserMatchingQueryException { - DirContext context = null; - try { - context = _ldapContextFactory.createBindContext(); - return _ldapUserManager.getUsers(context); - } catch (final NamingException e) { - throw new NoLdapUserMatchingQueryException("*"); - } finally { - closeContext(context); - } - } + @Override + public List getUsers() throws NoLdapUserMatchingQueryException { + DirContext context = null; + try { + context = _ldapContextFactory.createBindContext(); + return _ldapUserManager.getUsers(context); + } catch (final NamingException e) { + throw new NoLdapUserMatchingQueryException("*"); + } finally { + closeContext(context); + } + } - @Override - public Pair, Integer> listConfigurations(final LdapListConfigurationCmd cmd) { - final String hostname = cmd.getHostname(); - final int port = cmd.getPort(); - final Pair, Integer> result = _ldapConfigurationDao.searchConfigurations(hostname, port); - return new Pair, Integer>(result.first(), result.second()); - } + @Override + public boolean isLdapEnabled() { + return listConfigurations(new LdapListConfigurationCmd(this)).second() > 0; + } - @Override - public List searchUsers(final String username) throws NoLdapUserMatchingQueryException { - DirContext context = null; - try { - context = _ldapContextFactory.createBindContext(); - final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username); - return _ldapUserManager.getUsers("*" + escapedUsername + "*", context); - } catch (final NamingException e) { - throw new NoLdapUserMatchingQueryException(username); - } finally { - closeContext(context); - } - } + @Override + public Pair, Integer> listConfigurations( + final LdapListConfigurationCmd cmd) { + final String hostname = cmd.getHostname(); + final int port = cmd.getPort(); + final Pair, Integer> result = _ldapConfigurationDao + .searchConfigurations(hostname, port); + return new Pair, Integer>( + result.first(), result.second()); + } - @Override - public boolean isLdapEnabled() { - return listConfigurations(new LdapListConfigurationCmd(this)).second() > 0; - } + @Override + public List searchUsers(final String username) + throws NoLdapUserMatchingQueryException { + DirContext context = null; + try { + context = _ldapContextFactory.createBindContext(); + final String escapedUsername = LdapUtils + .escapeLDAPSearchFilter(username); + return _ldapUserManager.getUsers("*" + escapedUsername + "*", + context); + } catch (final NamingException e) { + throw new NoLdapUserMatchingQueryException(username); + } finally { + closeContext(context); + } + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUser.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUser.java index 6bc1a78533c..18ad7d95119 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUser.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUser.java @@ -17,59 +17,61 @@ package org.apache.cloudstack.ldap; public class LdapUser implements Comparable { - private final String email; - private final String principal; - private final String firstname; - private final String lastname; - private final String username; + private final String email; + private final String principal; + private final String firstname; + private final String lastname; + private final String username; - public LdapUser(final String username, final String email, final String firstname, final String lastname, final String principal) { - this.username = username; - this.email = email; - this.firstname = firstname; - this.lastname = lastname; - this.principal = principal; - } + public LdapUser(final String username, final String email, + final String firstname, final String lastname, + final String principal) { + this.username = username; + this.email = email; + this.firstname = firstname; + this.lastname = lastname; + this.principal = principal; + } - @Override - public int compareTo(final LdapUser other) { - return getUsername().compareTo(other.getUsername()); - } + @Override + public int compareTo(final LdapUser other) { + return getUsername().compareTo(other.getUsername()); + } - @Override - public boolean equals(final Object other) { - if (this == other) { - return true; - } - if (other instanceof LdapUser) { - final LdapUser otherLdapUser = (LdapUser)other; - return getUsername().equals(otherLdapUser.getUsername()); - } - return false; - } + @Override + public boolean equals(final Object other) { + if (this == other) { + return true; + } + if (other instanceof LdapUser) { + final LdapUser otherLdapUser = (LdapUser) other; + return getUsername().equals(otherLdapUser.getUsername()); + } + return false; + } - public String getEmail() { - return email; - } + public String getEmail() { + return email; + } - public String getFirstname() { - return firstname; - } + public String getFirstname() { + return firstname; + } - public String getLastname() { - return lastname; - } + public String getLastname() { + return lastname; + } - public String getPrincipal() { - return principal; - } + public String getPrincipal() { + return principal; + } - public String getUsername() { - return username; - } + public String getUsername() { + return username; + } - @Override - public int hashCode() { - return getUsername().hashCode(); - } + @Override + public int hashCode() { + return getUsername().hashCode(); + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java index 073eddab8d2..f522503f5ba 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java @@ -30,76 +30,94 @@ import javax.naming.directory.SearchResult; public class LdapUserManager { - @Inject - private LdapConfiguration _ldapConfiguration; + @Inject + private LdapConfiguration _ldapConfiguration; - public LdapUserManager() { - } - - public LdapUserManager(final LdapConfiguration ldapConfiguration) { - _ldapConfiguration = ldapConfiguration; - } - - private LdapUser createUser(final SearchResult result) throws NamingException { - final Attributes attributes = result.getAttributes(); - - final String username = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getUsernameAttribute()); - final String email = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getEmailAttribute()); - final String firstname = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getFirstnameAttribute()); - final String lastname = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getLastnameAttribute()); - final String principal = result.getName() + "," + _ldapConfiguration.getBaseDn(); - - return new LdapUser(username, email, firstname, lastname, principal); - } - - public LdapUser getUser(final String username, final DirContext context) throws NamingException { - final NamingEnumeration result = searchUsers(username, context); - if (result.hasMoreElements()) { - return createUser(result.nextElement()); - } else { - throw new NamingException("No user found for username " + username); - } - } - - public List getUsers(final DirContext context) throws NamingException { - return getUsers(null, context); - } - - public List getUsers(final String username, final DirContext context) throws NamingException { - final NamingEnumeration results = searchUsers(username, context); - - final List users = new ArrayList(); - - while (results.hasMoreElements()) { - final SearchResult result = results.nextElement(); - users.add(createUser(result)); - } - - Collections.sort(users); - - return users; - } - - public NamingEnumeration searchUsers(final DirContext context) throws NamingException { - return searchUsers(null, context); - } - - public NamingEnumeration searchUsers(final String username, final DirContext context) throws NamingException { - final SearchControls controls = new SearchControls(); - - controls.setSearchScope(_ldapConfiguration.getScope()); - controls.setReturningAttributes(_ldapConfiguration.getReturnAttributes()); - - final String userObjectFilter = "(objectClass=" + _ldapConfiguration.getUserObject() + ")"; - final String usernameFilter = "(" + _ldapConfiguration.getUsernameAttribute() + "=" + (username == null ? "*" : username) + ")"; - String memberOfFilter = ""; - if(_ldapConfiguration.getSearchGroupPrinciple() != null) { - memberOfFilter = "(memberof=" + _ldapConfiguration.getSearchGroupPrinciple() + ")"; + public LdapUserManager() { } + public LdapUserManager(final LdapConfiguration ldapConfiguration) { + _ldapConfiguration = ldapConfiguration; + } - final String filter = "(&" + userObjectFilter + usernameFilter + memberOfFilter + ")"; + private LdapUser createUser(final SearchResult result) + throws NamingException { + final Attributes attributes = result.getAttributes(); - return context.search(_ldapConfiguration.getBaseDn(), filter, controls); - } + final String username = LdapUtils.getAttributeValue(attributes, + _ldapConfiguration.getUsernameAttribute()); + final String email = LdapUtils.getAttributeValue(attributes, + _ldapConfiguration.getEmailAttribute()); + final String firstname = LdapUtils.getAttributeValue(attributes, + _ldapConfiguration.getFirstnameAttribute()); + final String lastname = LdapUtils.getAttributeValue(attributes, + _ldapConfiguration.getLastnameAttribute()); + final String principal = result.getName() + "," + + _ldapConfiguration.getBaseDn(); + + return new LdapUser(username, email, firstname, lastname, principal); + } + + public LdapUser getUser(final String username, final DirContext context) + throws NamingException { + final NamingEnumeration result = searchUsers(username, + context); + if (result.hasMoreElements()) { + return createUser(result.nextElement()); + } else { + throw new NamingException("No user found for username " + username); + } + } + + public List getUsers(final DirContext context) + throws NamingException { + return getUsers(null, context); + } + + public List getUsers(final String username, + final DirContext context) throws NamingException { + final NamingEnumeration results = searchUsers(username, + context); + + final List users = new ArrayList(); + + while (results.hasMoreElements()) { + final SearchResult result = results.nextElement(); + users.add(createUser(result)); + } + + Collections.sort(users); + + return users; + } + + public NamingEnumeration searchUsers(final DirContext context) + throws NamingException { + return searchUsers(null, context); + } + + public NamingEnumeration searchUsers(final String username, + final DirContext context) throws NamingException { + final SearchControls controls = new SearchControls(); + + controls.setSearchScope(_ldapConfiguration.getScope()); + controls.setReturningAttributes(_ldapConfiguration + .getReturnAttributes()); + + final String userObjectFilter = "(objectClass=" + + _ldapConfiguration.getUserObject() + ")"; + final String usernameFilter = "(" + + _ldapConfiguration.getUsernameAttribute() + "=" + + (username == null ? "*" : username) + ")"; + String memberOfFilter = ""; + if (_ldapConfiguration.getSearchGroupPrinciple() != null) { + memberOfFilter = "(memberof=" + + _ldapConfiguration.getSearchGroupPrinciple() + ")"; + } + + final String filter = "(&" + userObjectFilter + usernameFilter + + memberOfFilter + ")"; + + return context.search(_ldapConfiguration.getBaseDn(), filter, controls); + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java index 8e7e93e9e48..ff8c88c0e24 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java @@ -21,41 +21,42 @@ import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; public final class LdapUtils { - public static String escapeLDAPSearchFilter(final String filter) { - final StringBuilder sb = new StringBuilder(); - for (char character : filter.toCharArray()) { - switch (character) { - case '\\': - sb.append("\\5c"); - break; - case '*': - sb.append("\\2a"); - break; - case '(': - sb.append("\\28"); - break; - case ')': - sb.append("\\29"); - break; - case '\u0000': - sb.append("\\00"); - break; - default: - sb.append(character); - } - } - return sb.toString(); - } + public static String escapeLDAPSearchFilter(final String filter) { + final StringBuilder sb = new StringBuilder(); + for (char character : filter.toCharArray()) { + switch (character) { + case '\\': + sb.append("\\5c"); + break; + case '*': + sb.append("\\2a"); + break; + case '(': + sb.append("\\28"); + break; + case ')': + sb.append("\\29"); + break; + case '\u0000': + sb.append("\\00"); + break; + default: + sb.append(character); + } + } + return sb.toString(); + } - public static String getAttributeValue(final Attributes attributes, final String attributeName) throws NamingException { - final Attribute attribute = attributes.get(attributeName); - if (attribute != null) { - final Object value = attribute.get(); - return String.valueOf(value); - } - return null; - } + public static String getAttributeValue(final Attributes attributes, + final String attributeName) throws NamingException { + final Attribute attribute = attributes.get(attributeName); + if (attribute != null) { + final Object value = attribute.get(); + return String.valueOf(value); + } + return null; + } - private LdapUtils() { - } + private LdapUtils() { + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java index 0f510c39a1a..d7a3744221d 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java @@ -17,16 +17,16 @@ package org.apache.cloudstack.ldap; public class NoLdapUserMatchingQueryException extends Exception { - private static final long serialVersionUID = 7124360347208388174L; + private static final long serialVersionUID = 7124360347208388174L; - private final String query; + private final String query; - public NoLdapUserMatchingQueryException(final String query) { - super("No users matching: " + query); - this.query = query; - } + public NoLdapUserMatchingQueryException(final String query) { + super("No users matching: " + query); + this.query = query; + } - public String getQuery() { - return query; - } + public String getQuery() { + return query; + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java index d9bf13f6e49..91279ae893c 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java @@ -17,15 +17,15 @@ package org.apache.cloudstack.ldap; public class NoSuchLdapUserException extends Exception { - private static final long serialVersionUID = 6782938919658010900L; - private final String username; + private static final long serialVersionUID = 6782938919658010900L; + private final String username; - public NoSuchLdapUserException(final String username) { - super("No such user: " + username); - this.username = username; - } + public NoSuchLdapUserException(final String username) { + super("No such user: " + username); + this.username = username; + } - public String getUsername() { - return username; - } + public String getUsername() { + return username; + } } diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java index a2d5e65248e..f74bb9cd8f9 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java @@ -23,8 +23,10 @@ import org.apache.cloudstack.ldap.LdapConfigurationVO; import com.cloud.utils.Pair; import com.cloud.utils.db.GenericDao; -public interface LdapConfigurationDao extends GenericDao { - LdapConfigurationVO findByHostname(String hostname); +public interface LdapConfigurationDao extends + GenericDao { + LdapConfigurationVO findByHostname(String hostname); - Pair, Integer> searchConfigurations(String hostname, int port); + Pair, Integer> searchConfigurations( + String hostname, int port); } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java index 0f2a0150eba..862206ddf23 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java @@ -20,9 +20,8 @@ import java.util.List; import javax.ejb.Local; -import org.springframework.stereotype.Component; - import org.apache.cloudstack.ldap.LdapConfigurationVO; +import org.springframework.stereotype.Component; import com.cloud.utils.Pair; import com.cloud.utils.db.GenericDaoBase; @@ -31,36 +30,43 @@ import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.SearchCriteria.Op; @Component -@Local(value = {LdapConfigurationDao.class}) -public class LdapConfigurationDaoImpl extends GenericDaoBase implements LdapConfigurationDao { - private final SearchBuilder hostnameSearch; - private final SearchBuilder listAllConfigurationsSearch; +@Local(value = { LdapConfigurationDao.class }) +public class LdapConfigurationDaoImpl extends + GenericDaoBase implements + LdapConfigurationDao { + private final SearchBuilder hostnameSearch; + private final SearchBuilder listAllConfigurationsSearch; - public LdapConfigurationDaoImpl() { - super(); - hostnameSearch = createSearchBuilder(); - hostnameSearch.and("hostname", hostnameSearch.entity().getHostname(), SearchCriteria.Op.EQ); - hostnameSearch.done(); + public LdapConfigurationDaoImpl() { + super(); + hostnameSearch = createSearchBuilder(); + hostnameSearch.and("hostname", hostnameSearch.entity().getHostname(), + SearchCriteria.Op.EQ); + hostnameSearch.done(); - listAllConfigurationsSearch = createSearchBuilder(); - listAllConfigurationsSearch.and("hostname", listAllConfigurationsSearch.entity().getHostname(), Op.EQ); - listAllConfigurationsSearch.and("port", listAllConfigurationsSearch.entity().getPort(), Op.EQ); - listAllConfigurationsSearch.done(); - } + listAllConfigurationsSearch = createSearchBuilder(); + listAllConfigurationsSearch.and("hostname", listAllConfigurationsSearch + .entity().getHostname(), Op.EQ); + listAllConfigurationsSearch.and("port", listAllConfigurationsSearch + .entity().getPort(), Op.EQ); + listAllConfigurationsSearch.done(); + } - @Override - public LdapConfigurationVO findByHostname(final String hostname) { - final SearchCriteria sc = hostnameSearch.create(); - sc.setParameters("hostname", hostname); - return findOneBy(sc); - } + @Override + public LdapConfigurationVO findByHostname(final String hostname) { + final SearchCriteria sc = hostnameSearch.create(); + sc.setParameters("hostname", hostname); + return findOneBy(sc); + } - @Override - public Pair, Integer> searchConfigurations(final String hostname, final int port) { - final SearchCriteria sc = listAllConfigurationsSearch.create(); - if (hostname != null) { - sc.setParameters("hostname", hostname); - } - return searchAndCount(sc, null); - } + @Override + public Pair, Integer> searchConfigurations( + final String hostname, final int port) { + final SearchCriteria sc = listAllConfigurationsSearch + .create(); + if (hostname != null) { + sc.setParameters("hostname", hostname); + } + return searchAndCount(sc, null); + } } \ No newline at end of file diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 91bcbf53f39..bc60d6c1c2e 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -434,6 +434,9 @@ public enum Config { LdapUsernameAttribute("Advanced", ManagementServer.class, String.class, "ldap.username.attribute", "uid", "Sets the username attribute used within LDAP", null), LdapUserObject("Advanced", ManagementServer.class, String.class, "ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP", null), LdapSearchGroupPrinciple("Advanced", ManagementServer.class, String.class, "ldap.search.group.principle", null, "Sets the principle of the group that users must be a member of", null), + LdapSSLEnabled("Advanced", ManagementServer.class, String.class, "ldap.ssl.enabled", "false", "Enables/Disables SSL support for LDAP", null), + LdapTrustStore("Advanced", ManagementServer.class, String.class, "ldap.truststore", null, "Sets the path to the truststore to use for SSL", null), + LdapTrustStorePassword("Advanced", ManagementServer.class, String.class, "ldap.truststore.password", null, "Sets the password for the truststore", null), // VMSnapshots VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null), diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql index 9792991e73a..52772583752 100644 --- a/setup/db/db/schema-410to420.sql +++ b/setup/db/db/schema-410to420.sql @@ -2151,6 +2151,9 @@ INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'manag INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.basedn', NULL, 'Sets the basedn for LDAP'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a member of'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.ssl.enabled', 'false', 'Enables/Disables SSL support for LDAP'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.truststore', NULL, 'Sets the path to the truststore to use for LDAP SSL'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.truststore.password', NULL, 'Sets the password for the truststore'); CREATE TABLE `cloud`.`ldap_configuration` (