ca8b37535a
CLOUDSTACK-8647: updated with review comments
...
made domainId compulsory in api LinkDomainToLdapCmd
used accountServive from BaseCmd in LinkDomainToLdapCmd
changed the allowed account type values to 0 and 2
2015-09-01 10:44:30 +05:30
6572abc7b3
CLOUDSTACK-8647 added unittests for new methods in ldapmanager
2015-08-27 17:30:23 +05:30
2825c07b38
CLOUDSTACK-8647 support for assigning and admin to linked ldap domain
...
if an admin username is given to the linkDomainToLdap, added support to
import this user
User will be imported only if the user is available in the group/ou in
ldap and an account with the name doesnt exist in cloudstack.
on successful import, accountid will be returned in response.
2015-08-27 17:30:21 +05:30
59291864fc
CLOUDSTACK-8647 added nested group enabled config in ldap
...
querying the nested groups only when nested groups are enabled
2015-08-27 17:30:21 +05:30
0dc9ccd189
CLOUDSTACK-8647 added account_type to the linkDomainToLdap API
2015-08-27 17:30:20 +05:30
7109689fde
CLOUDSTACK-8647 changed the authentication flow
...
added check to see if domain is linked to ldap. If yes and the user is
member of the group/OU, authenticate and import user.
2015-08-27 17:30:20 +05:30
e3ddde841e
CLOUDSTACK-8647 added new api linkLdapToDomain
...
also added the required dao, table and vo
2015-08-27 17:30:19 +05:30
0680648036
CLOUDSTACK-8647: added cmd and response class for the new api
2015-08-27 17:30:19 +05:30
ac9c2a224a
fixed finbugs issue due to PR #609
...
applicationCtx need not be static as the bean is singleton
This closes #622
2015-07-24 17:42:21 +05:30
96cf0325e2
CLOUDSTACK-8596 addressed review comments
...
In LdapUserManagerFactory moved the beans to a map
used a Enum for LdapProvider and made the corresponding changes in
LdapConfiguration and the callers.
2015-07-23 15:21:59 +05:30
4e57cc62d0
CLOUDSTACK-8596 ability to query nested groups for Microsoft AD
...
added a new configuration to select the appropriate ldap implementation
incase of microsoft AD enabled nested querying of group members
moved LdapUserManager to an interface and added separate implementations
for openLdap and microsoft AD
Added unit tests
2015-07-20 18:00:57 +05:30
d504305a98
Fixed CLOUDSTACK-8551 findbugs issue in LdapImportUsersCmd.java
...
DM_DEFAULT_ENCODING issue. Used UTF-8
2015-06-11 17:07:03 +05:30
d46b658ec0
Fixed CLOUDSTACK-8551 Findbugs warning in LdapCreateAccountCmd.java
...
byte[].toString() would give reference to the array (ex: [B@6c521576 )
but not the original string. used new String() to get the text.
2015-06-11 14:05:03 +05:30
a69780b69b
user-authenticators: don't allow empty usernames or passwords
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 16e5f5d7d335ec325d995d91234461e99c695ed7)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-03-16 15:17:23 +05:30
843f6b1691
CLOUDSTACK-5236 : ability to identify where the user is from (ex. LDAP)
...
Added a source column to the user table.
Source now has only two values UNKNOWN,LDAP with UNKNOWN being the
default and is an enum is com.cloud.User.
When the source is UNKNOWN, the old method of authenticating against all
the available authenticators is used. If a source is available, only
that particular authenticator will be used.
added overloaded methods in AccountService to createUserAccount and
createUser with source specified.
(cherry picked from commit 5da733072e
2015-03-16 14:53:53 +05:30
04bda84299
Fixed coverity reported resource leak in LdapManagerImpl
2015-03-05 17:05:25 +05:30
d969364daf
Fixed coverity issue
...
CID 11461 (#1 of 1): DLS: Dead local store (FB.DLS_DEAD_LOCAL_STORE)
2014-11-06 09:38:22 +05:30
14f3ad55ec
Fixed CLOUDSTACK-7374: added PaginationControl while querying ldap users
2014-08-20 15:58:08 +05:30
736ff5f8e5
Fixed CLOUDSTACK-7303 [LDAP] while importing ldap users, update the user info if it already exists in cloudstack
2014-08-11 17:54:31 +05:30
fca41bf527
Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout.
2014-08-01 16:32:45 +05:30
f7c664fc2e
Revert "Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout."
...
This reverts commit cd2f27a662
2014-08-01 11:20:20 +05:30
cd2f27a662
Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout.
2014-07-31 17:33:18 +05:30
5fa2d1c7ca
Fixed Bug: CLOUDSTACK-7200 [LDAP] importUsersCmd for a group fails incase any member of a group is not an user
2014-07-30 12:02:24 +05:30
97d296bfbd
Fixed Coverity reported performance issues like inefficient string concatenations, wrong boxing or unboxing types, inefficent map element retrievals
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
2014-07-01 22:06:25 +02:00
f4779b4d0c
Fixed CLOUDSTACK-6509 Cannot import multiple LDAP/AD users into a cloudstack account
...
Conflicts:
api/src/com/cloud/user/AccountService.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
Signed-off-by: Koushik Das <koushik@apache.org>
2014-04-29 14:49:06 +05:30
baadf930fb
checkstyle fix for commit 8e2e8e5e8a
...
improved ldap logging. added stacktrace in debug level incase of exceptions.
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2014-04-24 17:30:12 +05:30
a92610d277
improved ldap logging. added stacktrace in debug level incase of exceptions.
...
Conflicts:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2014-04-24 16:47:52 +05:30
99bdc8d875
Merge branch 'master' into rbac.
2014-03-13 11:05:03 -07:00
4552ec6322
Fixed CLOUDSTACK-6210 LDAP:listLdapUsers api throws exception when we click on "Add LDAP Account" This occurs when ldap basedn is not configured. Throwing an IAE and a proper message is returned from the api call
...
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2014-03-07 16:57:13 +00:00
48e08fe676
Merge branch 'master' into rbac.
2014-03-06 14:02:20 -08:00
b0c6d47347
- Updated APICommand annotation to add new flags that indicate if API request or response carry sensitive info - Updated all API classes with the new annotation flag values as per the API's sensitivity - Updated server code to check response annotation before audit logging
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
(cherry picked from commit df270d6387c362b960064ee5123c14782e767a19)
Signed-off-by: Daan Hoogland <daan@onecht.net>
2014-02-25 22:59:10 +01:00
33cd1ab921
Merge branch 'master' into rbac
2014-01-22 11:23:51 -08:00
ab627bc767
Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased
...
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
2014-01-21 17:45:53 -08:00
929fbabaa2
Merge branch 'master' into rbac.
2014-01-17 14:37:08 -08:00
001e67ab02
Revert "CLOUDSTACK-5435 enabled encryption for ldap params"
...
This reverts commit 1d5051f60e
2014-01-09 15:50:53 +05:30
1d5051f60e
CLOUDSTACK-5435 enabled encryption for ldap params
2013-12-13 17:44:24 +05:30
d2922b9254
Separate ListAccounts cmd to use two different views.
2013-12-12 17:52:45 -08:00
be5e5cc641
All Checkstyle problems corrected
2013-12-12 12:26:07 -08:00
db8f83d71b
CLOUDSTACK-5375 :ldapconfig and ldapRemove api's are not working Added support for 4.2 ldap apis
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-12-11 15:30:03 +05:30
2774b62d64
Fixing bugs from Coverity related to Dereferenced Null after check and as return value.
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
2013-11-27 11:18:00 +01:00
d620df2bdd
Reformatted all of the code.
2013-11-21 06:15:26 -08:00
8d62744681
Reformat all source code. Added checkstyle to check the source code
2013-11-20 07:26:53 -08:00
31758ed8d0
Fix codestyle/formatting within plugins/userauthenticators/ldap
2013-11-20 14:00:08 +01:00
917ea33ba9
added LDAP group name label in add account wizard
...
changed the parameter for domain in api importLdapUser from name to UUID
improved error handling
2013-11-20 13:57:41 +01:00
b436a82392
added group and domain params to importLdapUsers api call
...
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2013-10-31 22:06:32 +00:00
9300d4a3ba
Added an api call to import all the ldap users to the same domains(ou's) in cloudstack
...
TODO:
1. error handling of no domains present, nested hierarchy
2. handling the case when the api call fails for a specific user/users
3. test cases for LdapUserManager
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2013-10-29 09:04:33 +00:00
692535f928
Cleanup DefaultUserAuthenticator and removed masking _name variable
...
DefaultUserAuthenticator maskes the _name varible in ComponentLifecycleBase
making the setName() method not work as expected. This patch cleans up the
code such that getName() will be getClass().getSimpleName() unless
overridden in the Spring configuration.
2013-09-30 09:33:33 -07:00
c7cc79181b
Revert "Cleanup DefaultUserAuthenticator and removed masking _name variable"
...
This reverts commit 4d01ce8fc7
2013-09-20 19:33:50 +05:30
4d01ce8fc7
Cleanup DefaultUserAuthenticator and removed masking _name variable
2013-09-20 17:40:00 +05:30
9febf4c43e
Return name for getName() on LdapAuthenticator
2013-09-13 17:22:52 +01:00
f1a4e9fdf5
copyrights
2013-09-01 23:49:05 +02:00
bdba0ddeed
Bring up to date with master
2013-08-31 00:25:48 +01:00
7f7035d516
Update unit tests, add filter to list all users, update ssl
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-12 14:49:55 +05:30
5495f10bce
Revert "Reverting the range of commits that broke the build"
...
This reverts commit b59e3aaefc
2013-08-08 15:02:40 -07:00
b59e3aaefc
Reverting the range of commits that broke the build
...
This reverts commits 30c33415..f6a2c817bc
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
2013-08-08 14:46:56 +05:30
942f282a6e
Moved config into it's own package
2013-08-07 16:41:02 -07:00
25e8e9b85f
General cleanup, source formatting, remove whitespace
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
00c17add3c
Add SSL Support
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
23f0187d05
Add Support for member of filter
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
532e04db1a
Disable password changing when ldap is enabled
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
eaa4143371
Merge LDAPPlugin
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-07-25 17:54:52 +05:30
2dbdc46337
CLOUDSTACK-1734: Make SHA1 default password encoding mechanism
...
Description:
Making SHA256SALT the default encoding algorithm to encode
passwords when creating/updating users.
Introducing a new configurable list to allow admins to
separately configure the order of preference for encoding
and authentication schemes.
Since passwords are now sent by clients as clear text,
fixing the Plain text authenticator to check against the
password passed in rather than its md5 digest.
2013-04-02 17:40:50 -07:00
f2b97db0f9
CLOUDSTACK-1172: LDAP enhancements
2013-02-19 15:36:39 +05:30
2be270de89
Separate loadable components like Gurus, Elements, Adapters to componentContext.xml
2013-01-16 16:33:59 -08:00
0bcb64605f
all built with the latest
2013-01-09 05:02:39 -08:00
14bd345f1f
merge compiles
2013-01-09 04:41:27 -08:00
b274c570f9
Cleanup places that use explicit wiring of the components
2013-01-08 17:45:33 -08:00
30f2565d98
Merge branch 'api_refactoring' into javelin
2013-01-08 12:36:04 -08:00
6fc3bc3760
api_refactor: refactor vpn and vm apis
...
- Refactor VPN and VM APIs to admin and user pkgs
- Names space, org.apache.cloudstack
- Fix refactored apis in commands*.in
- Fix comments etc.
- Expand tabs, remove trailing whitespace
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
2012-12-03 21:27:02 -08:00
5edfc2760a
refactor: remove redundant imports, fix trailing chars
2012-12-03 13:54:37 -08:00
aab02e2743
Add Spring annotation to major components
2012-11-07 14:53:39 -08:00
bd58ceccd8
Summary: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator
...
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
2012-10-30 12:56:56 +01:00
67bc9c819a
fixing some more license headers
2012-07-20 15:59:31 -04:00
712565cef2
build fix: adding missing file LDAPUserAuthenticator.java
2012-06-25 21:33:16 -07:00
Rajani Karuturi
Rajani Karuturi
Rohit Yadav
Santhosh Edukulla
Min Chen
Mandar Barve
Alena Prokharchyk
Alex Huang
wilderrodrigues
Ian Duffy
Darren Shepherd
Abhinandan Prateek
Daan Hoogland
Prasanna Santhanam
Vijayendra Bhamidipati
Kelven Yang
Rohit Yadav
Hugo Trippaers
David Nalley
Murali reddy