From 23f0187d056462b326f070e05de8e2bd9de147de Mon Sep 17 00:00:00 2001 From: Ian Duffy Date: Fri, 2 Aug 2013 09:27:58 +0100 Subject: [PATCH] Add Support for member of filter Signed-off-by: Abhinandan Prateek --- .../org/apache/cloudstack/ldap/LdapConfiguration.java | 4 ++++ .../org/apache/cloudstack/ldap/LdapUserManager.java | 11 +++++++++-- server/src/com/cloud/configuration/Config.java | 1 + setup/db/db/schema-410to420.sql | 2 ++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java index d0ae4d23424..1d2ddfbf8f6 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java @@ -113,4 +113,8 @@ public class LdapConfiguration { final String userObject = _configDao.getValue("ldap.user.object"); return userObject == null ? "inetOrgPerson" : userObject; } + + public String getSearchGroupPrinciple() { + return _configDao.getValue("ldap.search.group.principle"); + } } \ No newline at end of file diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java index f255752bf8e..073eddab8d2 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java @@ -90,8 +90,15 @@ public class LdapUserManager { controls.setSearchScope(_ldapConfiguration.getScope()); controls.setReturningAttributes(_ldapConfiguration.getReturnAttributes()); - final String filter = "(&(objectClass=" + _ldapConfiguration.getUserObject() + ")" + "(" - + _ldapConfiguration.getUsernameAttribute() + "=" + (username == null ? "*" : username) + "))"; + final String userObjectFilter = "(objectClass=" + _ldapConfiguration.getUserObject() + ")"; + final String usernameFilter = "(" + _ldapConfiguration.getUsernameAttribute() + "=" + (username == null ? "*" : username) + ")"; + String memberOfFilter = ""; + if(_ldapConfiguration.getSearchGroupPrinciple() != null) { + memberOfFilter = "(memberof=" + _ldapConfiguration.getSearchGroupPrinciple() + ")"; + } + + + final String filter = "(&" + userObjectFilter + usernameFilter + memberOfFilter + ")"; return context.search(_ldapConfiguration.getBaseDn(), filter, controls); } diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 1ec0576a7a9..91bcbf53f39 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -433,6 +433,7 @@ public enum Config { LdapLastnameAttribute("Advanced", ManagementServer.class, String.class, "ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP", null), LdapUsernameAttribute("Advanced", ManagementServer.class, String.class, "ldap.username.attribute", "uid", "Sets the username attribute used within LDAP", null), LdapUserObject("Advanced", ManagementServer.class, String.class, "ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP", null), + LdapSearchGroupPrinciple("Advanced", ManagementServer.class, String.class, "ldap.search.group.principle", null, "Sets the principle of the group that users must be a member of", null), // VMSnapshots VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null), diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql index f4cd1b1a9e0..9792991e73a 100644 --- a/setup/db/db/schema-410to420.sql +++ b/setup/db/db/schema-410to420.sql @@ -2150,6 +2150,8 @@ INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'manag INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.lastname.attribute', 'sn', 'Sets the lastname attribute used within LDAP'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.basedn', NULL, 'Sets the basedn for LDAP'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a member of'); + CREATE TABLE `cloud`.`ldap_configuration` ( `id` bigint unsigned NOT NULL auto_increment COMMENT 'id',