[
https://issues.apache.org/jira/browse/CLOUDSTACK-8796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730518#comment-14730518
]
ASF GitHub Bot commented on CLOUDSTACK-8796:
--------------------------------------------
Github user karuturi commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/755#discussion_r38731619
--- Diff:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
---
@@ -52,21 +58,71 @@ public LdapAuthenticator(final LdapManager ldapManager,
final UserAccountDao use
return new Pair<Boolean, ActionOnFailedAuthentication>(false,
null);
}
- final UserAccount user = _userAccountDao.getUserAccount(username,
domainId);
+ boolean result = false;
+ ActionOnFailedAuthentication action = null;
- if (user == null) {
- s_logger.debug("Unable to find user with " + username + " in
domain " + domainId);
- return new Pair<Boolean, ActionOnFailedAuthentication>(false,
null);
- } else if (_ldapManager.isLdapEnabled()) {
- boolean result = _ldapManager.canAuthenticate(username,
password);
- ActionOnFailedAuthentication action = null;
- if (result == false) {
+ if (_ldapManager.isLdapEnabled()) {
+ final UserAccount user =
_userAccountDao.getUserAccount(username, domainId);
+ LdapTrustMapVO ldapTrustMapVO =
_ldapManager.getDomainLinkedToLdap(domainId);
+ if(ldapTrustMapVO != null) {
+ try {
+ LdapUser ldapUser = _ldapManager.getUser(username,
ldapTrustMapVO.getType().toString(), ldapTrustMapVO.getName());
+ if(!ldapUser.isDisabled()) {
+ result =
_ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
+ if(result) {
+ if(user == null) {
+ // import user to cloudstack
+ createCloudStackUserAccount(ldapUser,
domainId, ldapTrustMapVO.getAccountType());
--- End diff --
There is no bug here. Its how the current authenticators work. the api
output will be improved based on the outcome of CLOUDSTACK-8796
> the api calll linkdomaintoldap should fail if admin is given and an account
> isnt created
> ----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-8796
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8796
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.6.0
> Reporter: Rajani Karuturi
>
> The api call doesnt fail if it cannot created the admin account supplied in
> the api. It completes the domain linking and will not return admin in
> response. a successful call would return admin in the response and a failed
> doesnt.
> This may need to be changed to fail the api if admin is given and an account
> cannot be created.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
