Yair Zaslavsky has posted comments on this change. Change subject: aaa: Stopping to use proxies ......................................................................
Patch Set 6: (7 comments) http://gerrit.ovirt.org/#/c/26602/6/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java: Line 27: import org.ovirt.engine.core.utils.log.LogFactory; Line 28: import org.ovirt.engine.core.utils.timer.OnTimerMethodAnnotation; Line 29: import org.ovirt.engine.core.utils.timer.SchedulerUtilQuartzImpl; Line 30: Line 31: public class DbUserCacheManager { Need to address recurisveness issue (to fetch groups for users) Line 32: private static final Log log = LogFactory.getLog(DbUserCacheManager.class); Line 33: private static final DbUserCacheManager _instance = new DbUserCacheManager(); Line 34: private boolean initialized = false; Line 35: private final Map<String, DbGroup> groupsMap = new HashMap<>(); http://gerrit.ovirt.org/#/c/26602/6/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapDirectory.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapDirectory.java: Line 112: } Line 113: } Line 114: Line 115: private void doQueryExecute(ExtMap input, ExtMap output) { Line 116: ExtMap opaque = input.<ExtMap> get(Authz.InvokeKeys.QUERY_OPAQUE); Search syntax is (&(....) | (( ....)(.....)(.....)(......))) where the first part determines the searched info is for user or group, and the part if the OR clause is actually the search filter. Line 117: if (opaque.get(Authz.InvokeKeys.QUERY_ENTITY).equals(Authz.QueryEntity.GROUP)) { Line 118: queryGroups(input, output); Line 119: } else if (opaque.get(Authz.InvokeKeys.QUERY_ENTITY).equals(Authz.QueryEntity.PRINCIPAL)) { Line 120: queryUsers(input, output); Line 133: context.mput( Line 134: Base.ContextKeys.AUTHOR, Line 135: "The oVirt Project").mput( Line 136: Base.ContextKeys.EXTENSION_NAME, Line 137: "Internal Authorization (Built-in)" This should be fixed to LdapKeerberos Line 138: ).mput( Line 139: Base.ContextKeys.LICENSE, Line 140: "ASL 2.0" Line 141: ).mput( Line 199: private String getDirectoryName() { Line 200: return configuration.getProperty(Base.ConfigKeys.NAME); Line 201: } Line 202: Line 203: private String generateQueryString(ExtMap query) { Here I generate a query (as explained in previous comment) that will be run on the search command. Line 204: StringBuilder result = Line 205: new StringBuilder(query.get(Authz.InvokeKeys.QUERY_ENTITY).equals(Authz.QueryEntity.PRINCIPAL) ? USERS_QUERY_PREFIX Line 206: : GROUPS_QUERY_PREFIX); Line 207: boolean multipleFilters = http://gerrit.ovirt.org/#/c/26602/6/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapGetAdGroupByGroupIdCommand.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapGetAdGroupByGroupIdCommand.java: Line 5 Line 6 Line 7 Line 8 Line 9 Removing all the broker commands that are not authenticate and search by query. http://gerrit.ovirt.org/#/c/26602/6/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapQueryMetadataFactoryImpl.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapQueryMetadataFactoryImpl.java: Line 579: activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$SN, "SN"); Line 580: activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$SAMACCOUNTNAME, "SAMACCOUNTNAME"); Line 581: activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$DEPARTMENT, "DEPARTMENT"); Line 582: activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$TITLE, "TITLE"); Line 583: activeDirectorySearchSyntaxMap.put(SearchLangageLDAPTokens.$ID, "objectGuid"); Added here the mapping of $ID to each one of the ldap vendors. Line 584: Line 585: ipaSearchSyntaxMap = new EnumMap<SearchLangageLDAPTokens, String>(SearchLangageLDAPTokens.class); Line 586: ipaSearchSyntaxMap.put(SearchLangageLDAPTokens.$GIVENNAME, "givenname"); Line 587: ipaSearchSyntaxMap.put(SearchLangageLDAPTokens.$USER_ACCOUNT_TYPE, http://gerrit.ovirt.org/#/c/26602/6/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/SearchLangageLDAPTokens.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/SearchLangageLDAPTokens.java: Line 10: $SAMACCOUNTNAME, Line 11: $SN, Line 12: $DEPARTMENT, Line 13: $TITLE, Line 14: $ID Added $ID - this is required so BLL will be able to perform IDs based searches (to replace the removed GetGroupByIds, GetUserByIds...) -- To view, visit http://gerrit.ovirt.org/26602 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I916012eab61a96bdb0f366d9dc8462325d7f726f Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
