This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 124fcde59c4 unlink an ldap domain (#11962)
124fcde59c4 is described below
commit 124fcde59c48cf2ab807d86f905468d06c8e6ac2
Author: dahn <[email protected]>
AuthorDate: Wed Dec 17 13:04:06 2025 +0100
unlink an ldap domain (#11962)
Co-authored-by: Daan Hoogland <[email protected]>
Co-authored-by: Abhishek Kumar <[email protected]>
Co-authored-by: Suresh Kumar Anaparti <[email protected]>
---
plugins/user-authenticators/ldap/pom.xml | 6 ++
.../api/command/LinkDomainToLdapCmd.java | 14 ++---
.../api/command/UnlinkDomainFromLdapCmd.java | 69 ++++++++++++++++++++++
.../org/apache/cloudstack/ldap/LdapManager.java | 5 +-
.../apache/cloudstack/ldap/LdapManagerImpl.java | 20 ++++++-
ui/public/locales/en.json | 2 +
ui/src/config/section/domain.js | 16 ++++-
7 files changed, 119 insertions(+), 13 deletions(-)
diff --git a/plugins/user-authenticators/ldap/pom.xml
b/plugins/user-authenticators/ldap/pom.xml
index c02d3d511e6..3c1a294cbfd 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -215,5 +215,11 @@
<artifactId>commons-io</artifactId>
<version>${cs.commons-io.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-api</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
index c351924de6d..b6c32fe49b5 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java
@@ -51,14 +51,10 @@ public class LinkDomainToLdapCmd extends BaseCmd {
@Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, required =
true, description = "type of the ldap name. GROUP or OU")
private String type;
- @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING,
required = false, description = "name of the group or OU in LDAP")
+ @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING,
required = true, description = "name of the group or OU in LDAP")
private String ldapDomain;
- @Deprecated
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required =
false, description = "name of the group or OU in LDAP")
- private String name;
-
- @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required
= false, description = "domain admin username in LDAP ")
+ @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING,
description = "domain admin username in LDAP ")
private String admin;
@Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.INTEGER,
required = true, description = "Type of the account to auto import. Specify 0
for user and 2 for " +
@@ -77,7 +73,7 @@ public class LinkDomainToLdapCmd extends BaseCmd {
}
public String getLdapDomain() {
- return ldapDomain == null ? name : ldapDomain;
+ return ldapDomain;
}
public String getAdmin() {
@@ -98,7 +94,7 @@ public class LinkDomainToLdapCmd extends BaseCmd {
try {
ldapUser = _ldapManager.getUser(admin, type,
getLdapDomain(), domainId);
} catch (NoLdapUserMatchingQueryException e) {
- logger.debug("no ldap user matching username " + admin + "
in the given group/ou", e);
+ logger.debug("no ldap user matching username {} in the
given group/ou", admin, e);
}
if (ldapUser != null && !ldapUser.isDisabled()) {
Account account =
_accountService.getActiveAccountByName(admin, domainId);
@@ -115,7 +111,7 @@ public class LinkDomainToLdapCmd extends BaseCmd {
logger.debug("an account with name {} already exists
in the domain {} with id {}", admin, _domainService.getDomain(domainId),
domainId);
}
} else {
- logger.debug("ldap user with username "+admin+" is
disabled in the given group/ou");
+ logger.debug("ldap user with username {} is disabled in
the given group/ou", admin);
}
}
response.setObjectName("LinkDomainToLdap");
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/UnlinkDomainFromLdapCmd.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/UnlinkDomainFromLdapCmd.java
new file mode 100644
index 00000000000..08f5e99bc2d
--- /dev/null
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/UnlinkDomainFromLdapCmd.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cloudstack.api.command;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import javax.inject.Inject;
+
+@APICommand(name = "unlinkDomainFromLdap", description = "remove the linkage
of a Domain to a group or OU in ldap",
+ responseObject = SuccessResponse.class, since = "4.23.0",
requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class UnlinkDomainFromLdapCmd extends BaseCmd {
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID,
required = true, entityType = DomainResponse.class,
+ description = "The ID of the Domain which has to be unlinked from
LDAP.")
+ private Long domainId;
+
+ @Inject
+ private LdapManager _ldapManager;
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException,
ConcurrentOperationException, ResourceAllocationException,
NetworkRuleConflictException {
+ boolean rc = _ldapManager.unlinkDomainFromLdap(this);
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ response.setSuccess(rc);
+ if (rc) {
+ response.setDisplayText("Domain unlinked from LDAP successfully");
+ } else {
+ response.setDisplayText("Failed to unlink domain from LDAP");
+ }
+ setResponseObject(response);
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+}
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManager.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManager.java
index ded6e94c12a..ac50a8130c1 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManager.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManager.java
@@ -23,6 +23,7 @@ import
org.apache.cloudstack.api.command.LdapDeleteConfigurationCmd;
import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
+import org.apache.cloudstack.api.command.UnlinkDomainFromLdapCmd;
import org.apache.cloudstack.api.response.LdapConfigurationResponse;
import org.apache.cloudstack.api.response.LdapUserResponse;
@@ -34,7 +35,7 @@ import
org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
public interface LdapManager extends PluggableService {
- enum LinkType { GROUP, OU;}
+ enum LinkType { GROUP, OU}
LdapConfigurationResponse addConfiguration(final LdapAddConfigurationCmd
cmd) throws InvalidParameterValueException;
@@ -69,6 +70,8 @@ public interface LdapManager extends PluggableService {
LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd);
+ boolean unlinkDomainFromLdap(UnlinkDomainFromLdapCmd cmd);
+
LdapTrustMapVO getDomainLinkedToLdap(long domainId);
List<LdapTrustMapVO> getDomainLinkage(long domainId);
diff --git
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
index abf47d4094e..a139688700a 100644
---
a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
+++
b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -43,6 +43,7 @@ import org.apache.cloudstack.api.command.LdapListUsersCmd;
import org.apache.cloudstack.api.command.LdapUserSearchCmd;
import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
+import org.apache.cloudstack.api.command.UnlinkDomainFromLdapCmd;
import org.apache.cloudstack.api.response.LdapConfigurationResponse;
import org.apache.cloudstack.api.response.LdapUserResponse;
import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
@@ -292,7 +293,7 @@ public class LdapManagerImpl extends ComponentLifecycleBase
implements LdapManag
@Override
public List<Class<?>> getCommands() {
- final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ final List<Class<?>> cmdList = new ArrayList<>();
cmdList.add(LdapUserSearchCmd.class);
cmdList.add(LdapListUsersCmd.class);
cmdList.add(LdapAddConfigurationCmd.class);
@@ -304,6 +305,7 @@ public class LdapManagerImpl extends ComponentLifecycleBase
implements LdapManag
cmdList.add(LDAPRemoveCmd.class);
cmdList.add(LinkDomainToLdapCmd.class);
cmdList.add(LinkAccountToLdapCmd.class);
+ cmdList.add(UnlinkDomainFromLdapCmd.class);
return cmdList;
}
@@ -393,7 +395,7 @@ public class LdapManagerImpl extends ComponentLifecycleBase
implements LdapManag
final boolean listAll = cmd.listAll();
final Long id = cmd.getId();
final Pair<List<LdapConfigurationVO>, Integer> result =
_ldapConfigurationDao.searchConfigurations(id, hostname, port, domainId,
listAll);
- return new Pair<List<? extends LdapConfigurationVO>,
Integer>(result.first(), result.second());
+ return new Pair<>(result.first(), result.second());
}
@Override
@@ -423,6 +425,11 @@ public class LdapManagerImpl extends
ComponentLifecycleBase implements LdapManag
return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),
ldapDomain,cmd.getAccountType());
}
+ @Override
+ public boolean unlinkDomainFromLdap(UnlinkDomainFromLdapCmd cmd) {
+ return unlinkDomainFromLdap(cmd.getDomainId());
+ }
+
private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String
type, String name, Account.Type accountType) {
Validate.notNull(type, "type cannot be null. It should either be GROUP
or OU");
Validate.notNull(domainId, "domainId cannot be null.");
@@ -442,6 +449,15 @@ public class LdapManagerImpl extends
ComponentLifecycleBase implements LdapManag
return response;
}
+ private boolean unlinkDomainFromLdap(Long domainId) {
+ LdapTrustMapVO vo = _ldapTrustMapDao.findByDomainId(domainId);
+ if (vo != null) {
+ removeTrustmap(vo);
+ return true;
+ }
+ return false;
+ }
+
@Override
public LdapTrustMapVO getDomainLinkedToLdap(long domainId){
return _ldapTrustMapDao.findByDomainId(domainId);
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 9dc2c60fd18..d29bab3521a 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1452,6 +1452,7 @@
"label.lbruleid": "Load balancer ID",
"label.lbtype": "Load balancer type",
"label.ldap": "LDAP",
+"label.ldapdomain": "LDAP Domain",
"label.ldap.configuration": "LDAP Configuration",
"label.ldap.group.name": "LDAP Group",
"label.level": "Level",
@@ -2587,6 +2588,7 @@
"label.undefined": "Undefined",
"label.unit": "Usage unit",
"label.unknown": "Unknown",
+"label.unlink.domain.from.ldap": "Unlink the Domain from LDAP",
"label.unlimited": "Unlimited",
"label.unmanaged": "Unmanaged",
"label.unmanage.instance": "Unmanage Instance",
diff --git a/ui/src/config/section/domain.js b/ui/src/config/section/domain.js
index fbe20ef8891..706cbf805cf 100644
--- a/ui/src/config/section/domain.js
+++ b/ui/src/config/section/domain.js
@@ -144,7 +144,7 @@ export default {
docHelp:
'adminguide/accounts.html#using-an-ldap-server-for-user-authentication',
listView: true,
dataView: true,
- args: ['type', 'domainid', 'name', 'accounttype', 'admin'],
+ args: ['type', 'domainid', 'ldapdomain', 'accounttype', 'admin'],
mapping: {
type: {
options: ['GROUP', 'OU']
@@ -157,6 +157,20 @@ export default {
}
}
},
+ {
+ api: 'unlinkDomainFromLdap',
+ icon: 'ArrowsAltOutlined',
+ label: 'label.unlink.domain.from.ldap',
+ docHelp:
'adminguide/accounts.html#using-an-ldap-server-for-user-authentication',
+ listView: true,
+ dataView: true,
+ args: ['domainid'],
+ mapping: {
+ domainid: {
+ value: (record) => { return record.id }
+ }
+ }
+ },
{
api: 'deleteDomain',
icon: 'delete-outlined',
