From 2825c07b38795ff541d4e9dc648612ce84fd728f Mon Sep 17 00:00:00 2001
From: Rajani Karuturi <rajanikaruturi@gmail.com>
Date: Tue, 11 Aug 2015 15:20:22 +0530
Subject: [PATCH] CLOUDSTACK-8647 support for assigning and admin to linked
 ldap domain

if an admin username is given to the linkDomainToLdap, added support to
import this user
User will be imported only if the user is available in the group/ou in
ldap and an account with the name doesnt exist in cloudstack.
on successful import, accountid will be returned in response.
---
 .../api/command/LinkDomainToLdapCmd.java      | 31 +++++++++++++++++++
 .../response/LinkDomainToLdapResponse.java    | 12 +++++++
 2 files changed, 43 insertions(+)

diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
index 5a76e8ec20a..f5a0ef82a2f 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
@@ -21,6 +21,9 @@ package org.apache.cloudstack.api.command;
 import javax.inject.Inject;
 
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.user.AccountService;
+import com.cloud.user.User;
+import com.cloud.user.UserAccount;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -30,10 +33,14 @@ import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.DomainResponse;
 import org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
 import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.cloudstack.ldap.LdapUser;
+import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
 import org.apache.log4j.Logger;
 
 import com.cloud.user.Account;
 
+import java.util.UUID;
+
 @APICommand(name = "linkDomainToLdap", description = "link an existing cloudstack domain to group or OU in ldap", responseObject = LinkDomainToLdapResponse.class, since = "4.6.0",
     requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class LinkDomainToLdapCmd extends BaseCmd {
@@ -59,10 +66,34 @@ public class LinkDomainToLdapCmd extends BaseCmd {
     @Inject
     private LdapManager _ldapManager;
 
+    @Inject
+    public AccountService _accountService;
+
     @Override
     public void execute() throws ServerApiException {
         try {
             LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
+            if(admin!=null) {
+                try {
+                    LdapUser ldapUser = _ldapManager.getUser(admin, type, name);
+                    if(!ldapUser.isDisabled()) {
+                        Account account = _accountService.getActiveAccountByName(admin, domainId);
+                        if (account == null) {
+                            UserAccount userAccount =
+                                _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, admin, null, UUID.randomUUID().toString(),
+                                                                  UUID.randomUUID().toString(), User.Source.LDAP);
+                            response.setAdminId(String.valueOf(userAccount.getAccountId()));
+                            s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
+                        } else {
+                            s_logger.debug("an account with name " + admin + " already exists in the domain " + domainId);
+                        }
+                    } else {
+                        s_logger.debug("ldap user with username "+admin+" is disabled in the given group/ou");
+                    }
+                } catch (NoLdapUserMatchingQueryException e) {
+                    s_logger.debug("no ldap user matching username " + admin + " in the given group/ou");
+                }
+            }
             response.setObjectName("LinkDomainToLdap");
             response.setResponseName(getCommandName());
             setResponseObject(response);
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java
index 103fb25e540..b0032b04b4d 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LinkDomainToLdapResponse.java
@@ -41,6 +41,10 @@ public class LinkDomainToLdapResponse extends BaseResponse {
     @Param(description = "Type of the account to auto import")
     private short accountType;
 
+    @SerializedName(ApiConstants.ACCOUNT_ID)
+    @Param(description = "Domain Admin accountId that is created")
+    private String adminId;
+
     public LinkDomainToLdapResponse(long domainId, String type, String name, short accountType) {
         this.domainId = domainId;
         this.name = name;
@@ -63,4 +67,12 @@ public class LinkDomainToLdapResponse extends BaseResponse {
     public short getAccountType() {
         return accountType;
     }
+
+    public String getAdminId() {
+        return adminId;
+    }
+
+    public void setAdminId(String adminId) {
+        this.adminId = adminId;
+    }
 }