This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.16
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.16 by this push:
new e06a66b ldap: truststore per domain (#5816)
e06a66b is described below
commit e06a66ba14f720bb5768ed15e6e7721fcb807ebc
Author: dahn <daan.hoogl...@shapeblue.com>
AuthorDate: Mon Jan 3 16:31:51 2022 +0100
ldap: truststore per domain (#5816)
Co-authored-by: Daan Hoogland <d...@onecht.net>
---
.../org/apache/cloudstack/api/command/LDAPConfigCmd.java | 2 +-
.../java/org/apache/cloudstack/ldap/LdapConfiguration.java | 14 +++++++-------
.../org/apache/cloudstack/ldap/LdapContextFactory.java | 10 +++++-----
.../apache/cloudstack/ldap/LdapContextFactorySpec.groovy | 6 +++---
.../org/apache/cloudstack/ldap/LdapConfigurationTest.java | 4 ++--
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LDAPConfigCmd.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LDAPConfigCmd.java
index cfef21e..23f71c2 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LDAPConfigCmd.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LDAPConfigCmd.java
@@ -189,7 +189,7 @@ public class LDAPConfigCmd extends BaseCmd {
List<LDAPConfigResponse> responses = new
ArrayList<LDAPConfigResponse>();
if (result.second() > 0) {
- boolean useSSlConfig = _ldapConfiguration.getSSLStatus();
+ boolean useSSlConfig = _ldapConfiguration.getSSLStatus(null);
String searchBaseConfig = _ldapConfiguration.getBaseDn(null);
String bindDnConfig =
_ldapConfiguration.getBindPrincipal(null);
for (LdapConfigurationVO ldapConfigurationVO : result.first())
{
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
index 259d613f..11cbcbd 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
@@ -238,7 +238,7 @@ public class LdapConfiguration implements Configurable{
}
public String getProviderUrl(final Long domainId) {
- final String protocol = getSSLStatus() == true ? "ldaps://" :
"ldap://";;
+ final String protocol = getSSLStatus(domainId) == true ? "ldaps://" :
"ldap://";;
final Pair<List<LdapConfigurationVO>, Integer> result =
_ldapConfigurationDao.searchConfigurations(null, 0, domainId);
final StringBuilder providerUrls = new StringBuilder();
String delim = "";
@@ -270,20 +270,20 @@ public class LdapConfiguration implements Configurable{
return ldapSearchGroupPrinciple.valueIn(domainId);
}
- public boolean getSSLStatus() {
+ public boolean getSSLStatus(Long domainId) {
boolean sslStatus = false;
- if (getTrustStore() != null && getTrustStorePassword() != null) {
+ if (getTrustStore(domainId) != null && getTrustStorePassword(domainId)
!= null) {
sslStatus = true;
}
return sslStatus;
}
- public String getTrustStore() {
- return ldapTrustStore.value();
+ public String getTrustStore(Long domainId) {
+ return ldapTrustStore.valueIn(domainId);
}
- public String getTrustStorePassword() {
- return ldapTrustStorePassword.value();
+ public String getTrustStorePassword(Long domainId) {
+ return ldapTrustStorePassword.valueIn(domainId);
}
public String getUsernameAttribute(final Long domainId) {
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
index 70f7a56..fd7c4d6 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
@@ -66,14 +66,14 @@ public class LdapContextFactory {
return createInitialDirContext(principal, password, false, domainId);
}
- private void enableSSL(final Hashtable<String, String> environment) {
- final boolean sslStatus = _ldapConfiguration.getSSLStatus();
+ private void enableSSL(final Hashtable<String, String> environment, Long
domainId) {
+ final boolean sslStatus = _ldapConfiguration.getSSLStatus(domainId);
if (sslStatus) {
s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl");
- System.setProperty("javax.net.ssl.trustStore",
_ldapConfiguration.getTrustStore());
- System.setProperty("javax.net.ssl.trustStorePassword",
_ldapConfiguration.getTrustStorePassword());
+ System.setProperty("javax.net.ssl.trustStore",
_ldapConfiguration.getTrustStore(domainId));
+ System.setProperty("javax.net.ssl.trustStorePassword",
_ldapConfiguration.getTrustStorePassword(domainId));
}
}
@@ -92,7 +92,7 @@ public class LdapContextFactory {
environment.put("com.sun.jndi.ldap.read.timeout",
_ldapConfiguration.getReadTimeout(domainId).toString());
environment.put("com.sun.jndi.ldap.connect.pool", "true");
- enableSSL(environment);
+ enableSSL(environment, domainId);
setAuthentication(environment, isSystemContext, domainId);
if (principal != null) {
diff --git
a/plugins/user-authenticators/ldap/src/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
b/plugins/user-authenticators/ldap/src/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
index eead0bc..6511edd 100644
---
a/plugins/user-authenticators/ldap/src/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
+++
b/plugins/user-authenticators/ldap/src/test/groovy/org/apache/cloudstack/ldap/LdapContextFactorySpec.groovy
@@ -49,9 +49,9 @@ class LdapContextFactorySpec extends spock.lang.Specification
{
ldapConfiguration.getFirstnameAttribute() >> "givenname"
ldapConfiguration.getLastnameAttribute() >> "sn"
ldapConfiguration.getBaseDn(_) >> "dc=cloudstack,dc=org"
- ldapConfiguration.getSSLStatus() >> true
- ldapConfiguration.getTrustStore() >> "/tmp/ldap.ts"
- ldapConfiguration.getTrustStorePassword() >> "password"
+ ldapConfiguration.getSSLStatus(domainId) >> true
+ ldapConfiguration.getTrustStore(domainId) >> "/tmp/ldap.ts"
+ ldapConfiguration.getTrustStorePassword(domainId) >> "password"
ldapConfiguration.getReadTimeout(_) >> 1000
ldapConfiguration.getLdapPageSize() >> 1
diff --git
a/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/LdapConfigurationTest.java
b/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/LdapConfigurationTest.java
index 2af20e7..5d19452 100644
---
a/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/LdapConfigurationTest.java
+++
b/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/LdapConfigurationTest.java
@@ -78,7 +78,7 @@ public class LdapConfigurationTest {
ldapTestConfigTool.overrideConfigValue(ldapConfiguration,
"ldapTrustStore", "/tmp/ldap.ts");
ldapTestConfigTool.overrideConfigValue(ldapConfiguration,
"ldapTrustStorePassword", "password");
- assertTrue("A request is made to get the status of SSL should result
in true", ldapConfiguration.getSSLStatus());
+ assertTrue("A request is made to get the status of SSL should result
in true", ldapConfiguration.getSSLStatus(null));
}
@Test public void getSearchGroupPrincipleReturnsSuccessfully() throws
Exception {
@@ -93,7 +93,7 @@ public class LdapConfigurationTest {
// We have a ConfigDao with a value for truststore password
ldapTestConfigTool.overrideConfigValue(ldapConfiguration,
"ldapTrustStorePassword", "password");
- String result = ldapConfiguration.getTrustStorePassword();
+ String result = ldapConfiguration.getTrustStorePassword(null);
assertEquals("The result is password", "password", result);
}
