lovejavaee
diff --git a/‎client/tomcatconf/commands.properties.in‎
Lines changed: 1 addition & 2 deletions b/‎client/tomcatconf/commands.properties.in‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎docs/en-US/LDAP-for-user-authentication.xml‎
Lines changed: 20 additions & 11 deletions b/‎docs/en-US/LDAP-for-user-authentication.xml‎
Lines changed: 20 additions & 11 deletions
diff --git a/‎docs/en-US/example-activedirectory-configuration.xml‎
Lines changed: 2 additions & 2 deletions b/‎docs/en-US/example-activedirectory-configuration.xml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/en-US/example-openldap-configuration.xml‎
Lines changed: 2 additions & 2 deletions b/‎docs/en-US/example-openldap-configuration.xml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎…stack/api/command/LdapCreateAccount.java‎ ‎…ck/api/command/LdapCreateAccountCmd.java‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java renamed to plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
Lines changed: 19 additions & 15 deletions b/‎…stack/api/command/LdapCreateAccount.java‎ ‎…ck/api/command/LdapCreateAccountCmd.java‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccount.java renamed to plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
Lines changed: 19 additions & 15 deletions
diff --git a/‎…ack/api/command/LdapListAllUsersCmd.java‎ ‎…dstack/api/command/LdapListUsersCmd.java‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java renamed to plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java
Lines changed: 41 additions & 9 deletions b/‎…ack/api/command/LdapListAllUsersCmd.java‎ ‎…dstack/api/command/LdapListUsersCmd.java‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListAllUsersCmd.java renamed to plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapListUsersCmd.java
Lines changed: 41 additions & 9 deletions
diff --git a/‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java‎
Lines changed: 4 additions & 4 deletions b/‎plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy‎
Lines changed: 34 additions & 36 deletions b/‎plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/BasicNamingEnumerationImpl.groovy‎
Lines changed: 34 additions & 36 deletions
@@ -666,9 +666,8 @@ listDedicatedClusters=1
 listDedicatedHosts=1
 
 ### LDAP
-searchLdap=3
 listLdapConfigurations=15
 addLdapConfiguration=3
 deleteLdapConfiguration=3
-listAllLdapUsers=3
+listLdapUsers=3
 ldapCreateAccount=3
@@ -24,19 +24,28 @@
 <section id="LDAP-for-user-authentication">
     <title>Using an LDAP Server for User Authentication</title>
     <para>You can use an external LDAP server such as Microsoft Active Directory or OpenLDAP to authenticate &PRODUCT; end-users.</para>
-    <para>To set up LDAP authentication in &PRODUCT;, open the global settings page and set:</para>
+    <para>In order to do this you must:</para>
     <itemizedlist>
-        <listitem><para>ldap.basedn - The base directory you want to search within for uses</para></listitem>
-        <listitem><para>ldap.bind.password - The password you wish to use to bind, this can be blank if the server supports anonymous binding</para></listitem>
-        <listitem><para>ldap.bind.principal - The account you wish to use to bind, this can be blank if the server supports anonymous binding</para></listitem>
-        <listitem><para>ldap.email.attribute - The attribute within your LDAP server that holds a value for users email address</para></listitem>
-        <listitem><para>ldap.realname.attribute - The attribute within your LDAP server that holds a value users realname</para></listitem>
-        <listitem><para>ldap.user.object - The object class that identifies a user</para></listitem>
-        <listitem><para>ldap.username.attribute - The attribute within your LDAP server that has a value that will match the cloudstack accounts username field</para></listitem>
+	<listitem><para>Set your LDAP configuration within &PRODUCT;</para></listitem>
+	<listitem><para>Create &PRODUCT; accounts for LDAP users</para></listitem>
     </itemizedlist>
-    <para>Finally you can add LDAP servers from Global Settings -> Select View -> LDAP Configuration. This requires a hostname and port</para>
+    <para>To set up LDAP authentication in &PRODUCT;, open the global settings page and search for LDAP</para>
+    <para>Set ldap.basedn to match your sever's base directory.</para>
+    <para>Review the defaults for the following, ensure that they match your schema.</para>
+    <itemizedlist>
+	<listitem><para>ldap.email.attribute</para></listitem>
+	<listitem><para>ldap.firstname.attribute</para></listitem>
+	<listitem><para>ldap.lastname.attribute</para></listitem>
+	<listitem><para>ldap.username.attribute</para></listitem>
+	<listitem><para>ldap.user.object</para></listitem>
+    </itemizedlist>
+    <para>Optionally you can set the following:</para>
+    <itemizedlist>
+	<listitem><para>If you do not want to use anonymous binding you can set ldap.bind.principle and ldap.bind.password as credentials for your LDAP server that will grant &PRODUCT; permission to perform a search on the LDAP server.</para></listitem>
+	<listitem><para>For SSL support set ldap.truststore to a path on the file system where your trusted store is located. Along with this set ldap.truststore.password as the password that unlocks the truststore.</para></listitem>
+	<listitem><para>If you wish to filter down the user set that is granted access to &PRODUCT; via the LDAP attribute memberof you can do so using ldap.search.group.principle.</para></listitem>
+    </itemizedlist>
+    <para>Finally, you can add your LDAP server. To do so select LDAP Configuration from the views section within global settings. Click on "Configure LDAP" and fill in your server's hostname and port.</para>
     <xi:include href="example-activedirectory-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
     <xi:include href="example-openldap-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-    <!-- Support for SSL has been removed but will be back shortly. -->
-    <!-- <xi:include href="SSL-keystore-path-and-password.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
     </section>
@@ -24,14 +24,14 @@
 
 <section id="example-activedirectory-configuration">
     <title>Example LDAP Configuration for Active Directory</title>
-    <para>This shows the configuration settings required for using ActiveDirectory</para>
+    <para>This shows the configuration settings required for using ActiveDirectory.</para>
     <itemizedlist>
         <listitem><para>samAccountName - Logon name</para></listitem>
         <listitem><para>mail - Email Address</para></listitem>
         <listitem><para>cn - Real name</para></listitem>
     </itemizedlist>
     <para>Along with this the ldap.user.object name needs to be modified, by default ActiveDirectory uses the value "user" for this.</para>
-    <para>Map the following attributes accordingly as shown below within the cloudstack ldap configuration:</para>
+    <para>Map the following attributes accordingly as shown below:</para>
     <mediaobject>
         <imageobject>
             <imagedata fileref="./images/add-ldap-configuration-ad.png"/>
 
@@ -24,8 +24,8 @@
 
 <section id="example-openldap-configuration">
     <title>Example LDAP Configuration for OpenLdap</title>
-    <para>This shows the configuration settings required for using OpenLDAP</para>
-    <para>The default values supplied are suited for OpenLDAP</para>
+    <para>This shows the configuration settings required for using OpenLDAP.</para>
+    <para>The default values supplied are suited for OpenLDAP.</para>
     <itemizedlist>
         <listitem><para>uid - Logon name</para></listitem>
         <listitem><para>mail - Email Address</para></listitem>
 
@@ -42,9 +42,9 @@
 import com.cloud.user.UserAccount;
 
 @APICommand(name = "ldapCreateAccount", description = "Creates an account from an LDAP user", responseObject = AccountResponse.class, since = "4.2.0")
-public class LdapCreateAccount extends BaseCmd {
+public class LdapCreateAccountCmd extends BaseCmd {
 	public static final Logger s_logger = Logger
-			.getLogger(LdapCreateAccount.class.getName());
+			.getLogger(LdapCreateAccountCmd.class.getName());
 	private static final String s_name = "createaccountresponse";
 
 	@Inject
@@ -77,28 +77,33 @@ public class LdapCreateAccount extends BaseCmd {
 	@Parameter(name = ApiConstants.USER_ID, type = CommandType.STRING, description = "User UUID, required for adding account from external provisioning system")
 	private String userUUID;
 
-	public LdapCreateAccount() {
+	public LdapCreateAccountCmd() {
 		super();
 	}
 
-	public LdapCreateAccount(final LdapManager ldapManager,
+	public LdapCreateAccountCmd(final LdapManager ldapManager,
 			final AccountService accountService) {
 		super();
 		_ldapManager = ldapManager;
 		_accountService = accountService;
 	}
 
+	UserAccount createCloudstackUserAccount(final LdapUser user) {
+		return _accountService.createUserAccount(username, generatePassword(),
+				user.getFirstname(), user.getLastname(), user.getEmail(),
+				timezone, accountName, accountType, domainId, networkDomain,
+				details, accountUUID, userUUID);
+	}
+
 	@Override
 	public void execute() throws ServerApiException {
-		updateCallContext();
+		final CallContext callContext = getCurrentContext();
+		callContext.setEventDetails("Account Name: " + accountName
+				+ ", Domain Id:" + domainId);
 		try {
 			final LdapUser user = _ldapManager.getUser(username);
 			validateUser(user);
-			final UserAccount userAccount = _accountService.createUserAccount(
-					username, generatePassword(), user.getFirstname(),
-					user.getLastname(), user.getEmail(), timezone, accountName,
-					accountType, domainId, networkDomain, details, accountUUID,
-					userUUID);
+			final UserAccount userAccount = createCloudstackUserAccount(user);
 			if (userAccount != null) {
 				final AccountResponse response = _responseGenerator
 						.createUserAccountResponse(userAccount);
@@ -132,16 +137,15 @@ public String getCommandName() {
 		return s_name;
 	}
 
+	CallContext getCurrentContext() {
+		return CallContext.current();
+	}
+
 	@Override
 	public long getEntityOwnerId() {
 		return Account.ACCOUNT_ID_SYSTEM;
 	}
 
-	private void updateCallContext() {
-		CallContext.current().setEventDetails(
-				"Account Name: " + accountName + ", Domain Id:" + domainId);
-	}
-
 	private boolean validateUser(final LdapUser user) throws ServerApiException {
 		if (user.getEmail() == null) {
 			throw new ServerApiException(
 
@@ -23,42 +23,56 @@
 
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.user.ListUsersCmd;
 import org.apache.cloudstack.api.response.LdapUserResponse;
 import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.UserResponse;
 import org.apache.cloudstack.ldap.LdapManager;
 import org.apache.cloudstack.ldap.LdapUser;
 import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
+import org.apache.cloudstack.query.QueryService;
 import org.apache.log4j.Logger;
 
 import com.cloud.user.Account;
 
-@APICommand(name = "listAllLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0")
-public class LdapListAllUsersCmd extends BaseListCmd {
+@APICommand(name = "listLdapUsers", responseObject = LdapUserResponse.class, description = "Lists all LDAP Users", since = "4.2.0")
+public class LdapListUsersCmd extends BaseListCmd {
 
 	public static final Logger s_logger = Logger
-			.getLogger(LdapListAllUsersCmd.class.getName());
+			.getLogger(LdapListUsersCmd.class.getName());
 	private static final String s_name = "ldapuserresponse";
 	@Inject
 	private LdapManager _ldapManager;
 
-	public LdapListAllUsersCmd() {
+	@Inject
+	private QueryService _queryService;
+
+	@Parameter(name = "listtype", type = CommandType.STRING, required = false, description = "Determines whether all ldap users are returned or just non-cloudstack users")
+	private String listType;
+
+	public LdapListUsersCmd() {
 		super();
 	}
 
-	public LdapListAllUsersCmd(final LdapManager ldapManager) {
+	public LdapListUsersCmd(final LdapManager ldapManager,
+			final QueryService queryService) {
 		super();
 		_ldapManager = ldapManager;
+		_queryService = queryService;
 	}
 
 	private List<LdapUserResponse> createLdapUserResponse(
 			final List<LdapUser> users) {
 		final List<LdapUserResponse> ldapResponses = new ArrayList<LdapUserResponse>();
 		for (final LdapUser user : users) {
-			final LdapUserResponse ldapResponse = _ldapManager
-					.createLdapUserResponse(user);
-			ldapResponse.setObjectName("LdapUser");
-			ldapResponses.add(ldapResponse);
+			if (getListType().equals("all") || !isACloudstackUser(user)) {
+				final LdapUserResponse ldapResponse = _ldapManager
+						.createLdapUserResponse(user);
+				ldapResponse.setObjectName("LdapUser");
+				ldapResponses.add(ldapResponse);
+			}
 		}
 		return ldapResponses;
 	}
@@ -88,4 +102,22 @@ public String getCommandName() {
 	public long getEntityOwnerId() {
 		return Account.ACCOUNT_ID_SYSTEM;
 	}
+
+	private String getListType() {
+		return listType == null ? "all" : listType;
+	}
+
+	private boolean isACloudstackUser(final LdapUser ldapUser) {
+		final ListResponse<UserResponse> response = _queryService
+				.searchForUsers(new ListUsersCmd());
+		final List<UserResponse> cloudstackUsers = response.getResponses();
+		if (cloudstackUsers != null && cloudstackUsers.size() != 0) {
+			for (final UserResponse cloudstackUser : response.getResponses()) {
+				if (ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
 }
@@ -26,10 +26,10 @@
 
 import org.apache.cloudstack.api.LdapValidator;
 import org.apache.cloudstack.api.command.LdapAddConfigurationCmd;
-import org.apache.cloudstack.api.command.LdapCreateAccount;
+import org.apache.cloudstack.api.command.LdapCreateAccountCmd;
 import org.apache.cloudstack.api.command.LdapDeleteConfigurationCmd;
-import org.apache.cloudstack.api.command.LdapListAllUsersCmd;
 import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
+import org.apache.cloudstack.api.command.LdapListUsersCmd;
 import org.apache.cloudstack.api.command.LdapUserSearchCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
@@ -159,11 +159,11 @@ public LdapConfigurationResponse deleteConfiguration(final String hostname)
 	public List<Class<?>> getCommands() {
 		final List<Class<?>> cmdList = new ArrayList<Class<?>>();
 		cmdList.add(LdapUserSearchCmd.class);
-		cmdList.add(LdapListAllUsersCmd.class);
+		cmdList.add(LdapListUsersCmd.class);
 		cmdList.add(LdapAddConfigurationCmd.class);
 		cmdList.add(LdapDeleteConfigurationCmd.class);
 		cmdList.add(LdapListConfigurationCmd.class);
-		cmdList.add(LdapCreateAccount.class);
+		cmdList.add(LdapCreateAccountCmd.class);
 		return cmdList;
 	}
 
 
@@ -16,43 +16,41 @@
 // under the License.
 package groovy.org.apache.cloudstack.ldap
 
-import java.util.LinkedList;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.SearchResult;
+import javax.naming.NamingEnumeration
+import javax.naming.NamingException
+import javax.naming.directory.SearchResult
 
 class BasicNamingEnumerationImpl implements NamingEnumeration {
 
-    private LinkedList<String> items = new LinkedList<SearchResult>();
-
-    public void add(SearchResult item) {
-	items.add(item)
-    }
-
-    @Override
-    public void close() throws NamingException {
-    }
-
-    @Override
-    public boolean hasMore() throws NamingException {
-        return hasMoreElements();
-    }
-
-    @Override
-    public boolean hasMoreElements() {
-	return items.size != 0;
-    }
-
-    @Override
-    public Object next() throws NamingException {
-        return nextElement();
-    }
-
-    @Override
-    public Object nextElement() {
-	SearchResult result = items.getFirst();
-	items.removeFirst();
-	return result;
-    }
+	private LinkedList<String> items = new LinkedList<SearchResult>();
+
+	public void add(SearchResult item) {
+		items.add(item)
+	}
+
+	@Override
+	public void close() throws NamingException {
+	}
+
+	@Override
+	public boolean hasMore() throws NamingException {
+		return hasMoreElements();
+	}
+
+	@Override
+	public boolean hasMoreElements() {
+		return items.size != 0;
+	}
+
+	@Override
+	public Object next() throws NamingException {
+		return nextElement();
+	}
+
+	@Override
+	public Object nextElement() {
+		SearchResult result = items.getFirst();
+		items.removeFirst();
+		return result;
+	}
 }