Yair Zaslavsky has uploaded a new change for review. Change subject: tools: Adding Setting ldap servers for domain ......................................................................
tools: Adding Setting ldap servers for domain This patch adds support for setting ldap servers for a given domain when adding/editting a domain Bug-url: https://bugzilla.redhat.com/894681 change-id: Ic0904f9f6d9432ecac1cebee2790dae902a1329c Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/conf/kerberos/engine-manage-domains M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/SimpleAuthenticationCheck.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ConfigurationProvider.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/DomainsConfigurationEntry.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java 7 files changed, 170 insertions(+), 139 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/65/11065/1 diff --git a/backend/manager/conf/kerberos/engine-manage-domains b/backend/manager/conf/kerberos/engine-manage-domains index 0be51ab..8d9c8fc 100755 --- a/backend/manager/conf/kerberos/engine-manage-domains +++ b/backend/manager/conf/kerberos/engine-manage-domains @@ -44,7 +44,7 @@ usage () { printf "engine-manage-domains: add/edit/delete/validate/list domains\n" printf "USAGE:\n" - printf "\tengine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH -addPermissions -forceDelete] -report\n" + printf "\tengine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS] -report\n" printf "Where:\n" printf "\tACTION action to perform (add/edit/delete/validate/list). See details below.\n" printf "\tDOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on.\n" @@ -53,6 +53,7 @@ printf "\tPASSWORD_FILE (optional for edit, mandatory for add) a file containing the password in the first line.\n" printf "\tinteractive alternative for using -passwordFile - read the password interactively.\n" printf "\tPATH (optional) use the given alternate configuration file.\n" + printf "\tLDAP_SERVERS (optional) a comma delimited list of ldap servers to be set to the domain.\n" printf "\n" printf "\tAvailable actions:\n" printf "\tadd\n" @@ -79,7 +80,7 @@ return 0 } -if [ "$#" -gt 6 -o "$#" -lt 1 ]; then +if [ "$#" -gt 7 -o "$#" -lt 1 ]; then usage exit 1 fi diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/SimpleAuthenticationCheck.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/SimpleAuthenticationCheck.java index 529d425..0255b47 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/SimpleAuthenticationCheck.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ipa/SimpleAuthenticationCheck.java @@ -12,8 +12,8 @@ import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; +import org.ovirt.engine.core.common.utils.Pair; import org.ovirt.engine.core.ldap.LdapProviderType; -import org.ovirt.engine.core.utils.CLIParser; import org.springframework.ldap.AuthenticationException; import org.springframework.ldap.core.ContextMapper; import org.springframework.ldap.core.LdapTemplate; @@ -30,65 +30,38 @@ ldapProviderType } - private void printUsage() { - System.out.println("Usage:"); - System.out - .println("SimpleAuthenticationCheck: -domain=<domains> -user=<user> -password=<password> -ldapProviderType=<ldapProviderType>"); - } private String getLdapUrl(String ldapServer) { return "ldap://"; + ldapServer; } - private boolean validate(CLIParser parser) { - Arguments[] argsToValidate = - { Arguments.domain, Arguments.user, Arguments.password }; - for (Arguments argument : argsToValidate) { - if (!parser.hasArg(argument.name())) { - System.out.println(argument.name() + " is required"); - return false; - } - } - if (LdapProviderType.valueOf(parser.getArg(Arguments.ldapProviderType.name())) == null) { - System.out.println(Arguments.ldapProviderType.name() + " must be one of "); - for (LdapProviderType type : LdapProviderType.values()) { - System.out.println(type.name()); - } - } - return true; - } - public static void main(String[] args) { - SimpleAuthenticationCheck util = new SimpleAuthenticationCheck(); - CLIParser parser = new CLIParser(args); - if (!util.validate(parser)) { - util.printUsage(); - System.exit(ReturnStatus.INPUT_VALIDATION_FAILURE.ordinal()); - } - String username = parser.getArg(Arguments.user.name()); - String password = parser.getArg(Arguments.password.name()); - String domain = parser.getArg(Arguments.domain.name()); - LdapProviderType ldapProviderType = LdapProviderType.valueOf(parser.getArg(Arguments.ldapProviderType.name())); - StringBuffer userGuid = new StringBuffer(); - - ReturnStatus status = - util.printUserGuid(domain, username, password, "localhost:389", userGuid, ldapProviderType); - - System.exit(status.ordinal()); - } - - public ReturnStatus printUserGuid(String domain, + public Pair<ReturnStatus,String> printUserGuid(String domain, String username, String password, - String ldapServerUrl, - StringBuffer userGuid, LdapProviderType ldapProviderType) { + StringBuffer userGuid, LdapProviderType ldapProviderType, List<String> ldapServers) { + Pair<ReturnStatus,String> status = null; + for (String ldapServerUrl:ldapServers) { + status = checkSimpleLdapServer(domain, username, password, userGuid, ldapProviderType, ldapServerUrl); + if (status.getFirst().getExitCode() == ReturnStatus.OK.getExitCode()) { + return status; + } + } + return status; + } + + private Pair<ReturnStatus,String> checkSimpleLdapServer(String domain, + String username, + String password, + StringBuffer userGuid, + LdapProviderType ldapProviderType, + String ldapServerUrl) { LdapContextSource contextSource = getContextSource(domain, ldapProviderType, username, password, ldapServerUrl); try { contextSource.afterPropertiesSet(); } catch (Exception e) { - System.err.println(ERROR_PREFIX + "Failed setting LDAP context for domain " + domain); - return ReturnStatus.LDAP_CONTEXT_FAILURE; + return new Pair(ReturnStatus.LDAP_CONTEXT_FAILURE,ERROR_PREFIX + "Failed setting LDAP context for domain " + domain); } LdapTemplate ldapTemplate = new LdapTemplate(contextSource); @@ -115,8 +88,7 @@ List searchResult = ldapTemplate.search("", query, contextMapper); if (searchResult == null) { - System.err.println(ERROR_PREFIX + "Cannot query user " + username + " from domain " + domain); - return ReturnStatus.CANNOT_QUERY_USER; + return new Pair(ReturnStatus.CANNOT_QUERY_USER,ERROR_PREFIX + "Cannot query user " + username + " from domain " + domain); } else { userGuid.append((String) searchResult.get(0)); System.out.println("User guid is: " + userGuid.toString()); @@ -124,12 +96,11 @@ } catch (org.springframework.ldap.AuthenticationException authEx) { return authenticationReturnStatus(authEx, username, domain); } catch (Exception ex) { - System.err.println(ERROR_PREFIX + "Cannot query user " + username + " from domain " + domain + return new Pair(ReturnStatus.CANNOT_QUERY_USER,ERROR_PREFIX + "Cannot query user " + username + " from domain " + domain + ", details: " + ex.getMessage()); - return ReturnStatus.CANNOT_QUERY_USER; } - return ReturnStatus.OK; + return new Pair(ReturnStatus.OK,""); } /*** @@ -138,20 +109,21 @@ * * @param authEx */ - private ReturnStatus authenticationReturnStatus(AuthenticationException authEx, String userName, String domain) { + private Pair<ReturnStatus,String> authenticationReturnStatus(AuthenticationException authEx, String userName, String domain) { ReturnStatus returnStatus = ReturnStatus.CANNOT_AUTHENTICATE_USER; String authExMessage = authEx.getMessage(); // Using contains() since the AuthenticationException does not have an error code property + String msg = null; if (authExMessage != null && authExMessage.contains(INVALID_CREDENTIALS_ERROR_CODE)) { - System.err.println(ERROR_PREFIX + "Invalid credentials for " + userName + " and domain " + domain - + ", details: " + authEx.getMessage()); + msg = ERROR_PREFIX + "Invalid credentials for " + userName + " and domain " + domain + + ", details: " + authEx.getMessage(); returnStatus = ReturnStatus.INVALID_CREDENTIALS; } else { - System.err.println(ERROR_PREFIX + "Cannot authenticate user " + userName + " to domain " + domain - + ", details: " + authEx.getMessage()); + msg = ERROR_PREFIX + "Cannot authenticate user " + userName + " to domain " + domain + + ", details: " + authEx.getMessage(); } - return returnStatus; + return new Pair(returnStatus, msg); } private static String domainToDN(String domain) { diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ConfigurationProvider.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ConfigurationProvider.java index 1e43dac..774c876 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ConfigurationProvider.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ConfigurationProvider.java @@ -32,7 +32,7 @@ String adUserId, String ldapProviderTypes, String engineConfigExecutable, - String engineConfigProperties) { + String engineConfigProperties, String ldapServerPort) { super(); configVals.put(AdUserName, adUserName); configVals.put(AdUserPassword, adUserPassword); @@ -41,6 +41,7 @@ configVals.put(LdapServers, ldapServers); configVals.put(AdUserId, adUserId); configVals.put(LDAPProviderTypes, ldapProviderTypes); + configVals.put(ConfigValues.LDAPServerPort, ldapServerPort); this.engineConfigExecutable = engineConfigExecutable; this.engineConfigProperties = engineConfigProperties; } diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/DomainsConfigurationEntry.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/DomainsConfigurationEntry.java index a455765..71b972f 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/DomainsConfigurationEntry.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/DomainsConfigurationEntry.java @@ -85,6 +85,10 @@ return valuePerDomain.entrySet(); } + public boolean contains(String domain) { + return valuePerDomain.containsKey(domain); + } + public Set<String> getDomainNames() { return valuePerDomain.keySet(); } diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java index 0d6126b..0ac9a85 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java @@ -3,6 +3,7 @@ import java.net.URI; import java.security.PrivilegedAction; import java.util.Hashtable; +import java.util.List; import javax.naming.AuthenticationException; import javax.naming.CommunicationException; @@ -19,7 +20,6 @@ import org.ovirt.engine.core.ldap.LdapProviderType; import org.ovirt.engine.core.ldap.LdapSRVLocator; import org.ovirt.engine.core.ldap.RootDSEData; -import org.ovirt.engine.core.utils.dns.DnsSRVLocator.DnsSRVResult; import org.ovirt.engine.core.utils.ipa.RHDSUserContextMapper; /** @@ -32,15 +32,17 @@ private final String domainName; private final LdapProviderType ldapProviderType; private final StringBuffer userGuid; - private DnsSRVResult ldapDnsResult; + private List<String> ldapServers; + private String defaultLdapServerPort; private final static Logger log = Logger.getLogger(JndiAction.class); - public JndiAction(String userName, String domainName, StringBuffer userGuid, LdapProviderType ldapProviderType, DnsSRVResult ldapDnsResult) { + public JndiAction(String userName, String domainName, StringBuffer userGuid, LdapProviderType ldapProviderType, List<String> ldapServers, String defaultLdapServerPort) { this.userName = userName; this.domainName = domainName; this.ldapProviderType = ldapProviderType; this.userGuid = userGuid; - this.ldapDnsResult = ldapDnsResult; + this.ldapServers= ldapServers; + this.defaultLdapServerPort = defaultLdapServerPort; } @Override @@ -53,9 +55,9 @@ // Send an SRV record DNS query to retrieve all the LDAP servers in the domain LdapSRVLocator locator = new LdapSRVLocator(); - if (ldapDnsResult == null) { + if (ldapServers == null) { try { - ldapDnsResult = locator.getLdapServers(domainName); + ldapServers = locator.getServersList(locator.getLdapServers(domainName)); } catch (Exception ex) { return KerberosUtils.convertDNSException(ex); } @@ -65,20 +67,21 @@ String currentLdapServer = null; - if (ldapDnsResult == null || ldapDnsResult.getNumOfValidAddresses() == 0) { + if (ldapServers == null || ldapServers.size() == 0) { return AuthenticationResult.CANNOT_FIND_LDAP_SERVER_FOR_DOMAIN; } // Goes over all the retrieved LDAP servers - for (int counter = 0; counter < ldapDnsResult.getNumOfValidAddresses(); counter++) { - String address = ldapDnsResult.getAddresses()[counter]; + for (String address:ldapServers) { try { // Constructs an LDAP url in a format of ldap://hostname:port (based on the data in the SRV record // This URL is not enough in order to query for user - as for querying users, we should also provide a // base dn, for example: ldap://hostname:389/DC=abc,DC=com . However, this URL (ldap:hostname:port) // suffices for // getting the rootDSE information, which includes the baseDN. - URI uri = locator.constructURI("LDAP", address); + System.out.println("debug!!! going to construct address " + address); + URI uri = locator.constructURI("LDAP", address, defaultLdapServerPort); + System.out.println("debug!!! result of constructed address "+ uri.toString()); env.put(Context.PROVIDER_URL, uri.toString()); ctx = new InitialDirContext(env); diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java index 918fa99..f8559ec 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java @@ -2,6 +2,8 @@ import static org.ovirt.engine.core.utils.kerberos.InstallerConstants.ERROR_PREFIX; +import java.util.List; + import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -14,7 +16,6 @@ import org.apache.log4j.Logger; import org.ovirt.engine.core.ldap.LdapProviderType; import org.ovirt.engine.core.utils.CLIParser; -import org.ovirt.engine.core.utils.dns.DnsSRVLocator.DnsSRVResult; /** * Utility to verify Kerberos installation @@ -22,7 +23,8 @@ */ public class KerberosConfigCheck { private LoginContext lc; - private final DnsSRVResult ldapDnsResult; + private final List<String> ldapServers; + private String defaultLdapServerPort; private final static Logger log = Logger.getLogger(KerberosConfigCheck.class); public enum Arguments { @@ -35,12 +37,13 @@ ldapProviderType; } - public KerberosConfigCheck(DnsSRVResult ldapDnsResult) { - this.ldapDnsResult = ldapDnsResult; + public KerberosConfigCheck(List<String> ldapServers, String defaultLdapServerPort) { + this.ldapServers = ldapServers; + this.defaultLdapServerPort = defaultLdapServerPort; } public KerberosConfigCheck() { - this(null); + this(null,null); } // This function gets the username and adjusts it doing the following: @@ -118,28 +121,6 @@ return true; } - public static void main(String[] args) { - KerberosConfigCheck util = new KerberosConfigCheck(); - CLIParser parser = new CLIParser(args); - if (!util.validate(parser)) { - util.printUsage(); - System.exit(1); - } - String username = adjustUserName(parser.getArg(Arguments.user.name())); - String password = parser.getArg(Arguments.password.name()); - String jaasFile = parser.getArg(Arguments.jaas_file.name()); - String krb5ConfFile = parser.getArg(Arguments.krb5_conf_path.name()); - String domains = parser.getArg(Arguments.domains.name()); - StringBuffer userGuid = new StringBuffer(); - LdapProviderType ldapProviderType = LdapProviderType.valueOf(Arguments.ldapProviderType.name()); - try { - util.checkInstallation(domains, username, password, jaasFile, krb5ConfFile, userGuid, ldapProviderType); - } catch (AuthenticationException e) { - System.err.println(ERROR_PREFIX + e.getMessage()); - System.exit(e.getAuthResult().getExitCode()); - } - } - public void checkInstallation(String domains, String username, String password, @@ -193,7 +174,7 @@ authResult = (AuthenticationResult) Subject.doAs(lc.getSubject(), new JndiAction(username, realm.toLowerCase(), - userGuid, ldapProviderType,ldapDnsResult)); + userGuid, ldapProviderType,ldapServers,defaultLdapServerPort)); } finally { if (lc != null) { diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java index a417d4f..bb3b857 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java @@ -10,8 +10,12 @@ import java.io.InputStream; import java.sql.SQLException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Arrays; import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; import java.util.Scanner; import java.util.Set; @@ -21,6 +25,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.ovirt.engine.core.common.config.ConfigValues; +import org.ovirt.engine.core.common.utils.Pair; import org.ovirt.engine.core.ldap.LdapProviderType; import org.ovirt.engine.core.ldap.LdapSRVLocator; import org.ovirt.engine.core.utils.CLIParser; @@ -57,10 +62,11 @@ private ManageDomainsDAOImpl daoImpl; private boolean reportAllErrors; private boolean addPermissions; - private DnsSRVResult ldapDnsResult; private boolean useDnsLookup; + private List<String> ldapServers; private final static Logger log = Logger.getLogger(ManageDomains.class); + private static final String DEFAULT_LDAP_SERVER_PORT = "389"; public enum Arguments { action, @@ -74,7 +80,8 @@ interactive, addPermissions, provider, - forceDelete + forceDelete, + ldapServers, } public enum ActionType { @@ -207,6 +214,12 @@ getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.LdapServers); String ldapProviderTypes = getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.LDAPProviderTypes); + String ldapPort = + getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.LDAPServerPort); + if (ldapPort == null) + { + ldapPort = DEFAULT_LDAP_SERVER_PORT; + } configurationProvider = new ConfigurationProvider(adUserName, @@ -217,7 +230,7 @@ adUserId, ldapProviderTypes, utilityConfiguration.getEngineConfigExecutablePath(), - engineConfigProperties); + engineConfigProperties, ldapPort); } catch (Throwable e) { throw new ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION, e.getMessage()); @@ -249,26 +262,6 @@ private boolean foundSrvRecords(DnsSRVResult result) { return result != null && result.getNumOfValidAddresses() > 0; - } - - private DnsSRVResult validateLdapServers(String domainName) throws ManageDomainsResult { - LdapSRVLocator locator = new LdapSRVLocator(); - DnsSRVResult ldapDnsResult = null; - boolean foundServers = true; - try { - ldapDnsResult = locator.getLdapServers(domainName); - if (!foundSrvRecords(ldapDnsResult)) { - foundServers = false; - } - } catch (Exception ex) { - foundServers = false; - } - if (!foundServers) { - throw new ManageDomainsResult("Could not locate LDAP servers to be used to validate the input of the utility", - ManageDomainsResultEnum.NO_LDAP_SERVERS_FOR_DOMAIN, domainName); - - } - return ldapDnsResult; } private void runCommand(CLIParser parser) throws ManageDomainsResult { @@ -378,6 +371,9 @@ String currentAuthModeEntry = configurationProvider.getConfigValue(ConfigValues.LDAPSecurityAuthentication); String currentAdUserIdEntry = configurationProvider.getConfigValue(ConfigValues.AdUserId); String currentLdapProviderTypesEntry = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); + String currentLdapServersEntry = configurationProvider.getConfigValue(ConfigValues.LdapServers); + String ldapServerPort = configurationProvider.getConfigValue(ConfigValues.LDAPServerPort); + DomainsConfigurationEntry domainNameEntry = new DomainsConfigurationEntry(currentDomainNameEntry, DOMAIN_SEPERATOR, null); @@ -392,6 +388,10 @@ DomainsConfigurationEntry ldapProviderTypeEntry = new DomainsConfigurationEntry(currentLdapProviderTypesEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + DomainsConfigurationEntry ldapServersEntry = + new DomainsConfigurationEntry(currentLdapServersEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + + testConfiguration(null, domainNameEntry, adUserNameEntry, @@ -399,6 +399,8 @@ authModeEntry, adUserIdEntry, ldapProviderTypeEntry, + ldapServersEntry, + ldapServerPort, false, true); } @@ -423,6 +425,37 @@ } } + protected List<String> getLdapServers(CLIParser parser, String domainName) throws ManageDomainsResult { + System.out.println("debug!!! getLdapServers!!!!!!"); + String argValue = parser.getArg(Arguments.ldapServers.toString().toLowerCase()); + if (StringUtils.isEmpty(argValue)) { + System.out.println("debug!!! gettting ldap servers from dns!!"); + LdapSRVLocator locator = new LdapSRVLocator(); + DnsSRVResult ldapDnsResult = null; + boolean foundServers = true; + try { + ldapDnsResult = locator.getLdapServers(domainName); + if (!foundSrvRecords(ldapDnsResult)) { + foundServers = false; + } + } catch (Exception ex) { + foundServers = false; + } + if (!foundServers) { + throw new ManageDomainsResult("Could not locate LDAP servers to be used to validate the input of the utility", + ManageDomainsResultEnum.NO_LDAP_SERVERS_FOR_DOMAIN, domainName); + + } + ArrayList<String> result = new ArrayList<String>(); + for (int counter = 0; counter < ldapDnsResult.getNumOfValidAddresses(); counter++) { + result.add(ldapDnsResult.getAddresses()[counter]); + } + System.out.println("debug!!! getLdapServers!! result is " + result); + return result; + } + return new ArrayList<String>(Arrays.asList(argValue.split(","))); + } + public void addDomain(CLIParser parser) throws ManageDomainsResult { String authMode = LdapAuthModeEnum.GSSAPI.name(); String currentDomains = configurationProvider.getConfigValue(ConfigValues.DomainName); @@ -433,7 +466,7 @@ if (domainNameEntry.doesDomainExist(domainName)) { throw new ManageDomainsResult(ManageDomainsResultEnum.DOMAIN_ALREADY_EXISTS_IN_CONFIGURATION, domainName); } - ldapDnsResult = validateLdapServers(domainName); + ldapServers = getLdapServers(parser,domainName); validateKdcServers(authMode,domainName); domainNameEntry.setValueForDomain(domainName, null); @@ -443,6 +476,7 @@ String currentLdapServersEntry = configurationProvider.getConfigValue(ConfigValues.LdapServers); String currentAdUserIdEntry = configurationProvider.getConfigValue(ConfigValues.AdUserId); String currentLDAPProviderTypes = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); + String ldapServerPort = configurationProvider.getConfigValue(ConfigValues.LDAPServerPort); DomainsConfigurationEntry adUserNameEntry = new DomainsConfigurationEntry(currentAdUserNameEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); @@ -463,9 +497,15 @@ authModeEntry.setValueForDomain(domainName, authMode); ldapProviderTypesEntry.setValueForDomain(domainName, ldapProviderType.name()); - if (authMode.equalsIgnoreCase(LdapAuthModeEnum.SIMPLE.name())) { - ldapServersEntry.setValueForDomain(domainName, utilityConfiguration.getLocalHostEntry()); + String ldapServersStr = parser.getArg(Arguments.ldapServers.name()); + if (!StringUtils.isEmpty(ldapServersStr)) { + //Replacing "," with ";" - from user perspective of the utility, passing comma delimited string makes more sense and more natural + //But "," is used as domain separate character when storing to DB. + ldapServersStr = ldapServersStr.replace(',',';'); + System.out.println("debug!!! getLdapServers!! result is " + ldapServersStr); + ldapServersEntry.setValueForDomain(domainName, ldapServersStr); } + testConfiguration(domainName, domainNameEntry, @@ -474,6 +514,8 @@ authModeEntry, adUserIdEntry, ldapProviderTypesEntry, + ldapServersEntry, + ldapServerPort, true, false); @@ -528,7 +570,7 @@ String authMode; String domainName = parser.getArg(Arguments.domain.toString()).toLowerCase(); authMode = getDomainAuthMode(domainName); - ldapDnsResult = validateLdapServers(domainName); + ldapServers = getLdapServers(parser, domainName); validateKdcServers(authMode,domainName); String currentDomains = configurationProvider.getConfigValue(ConfigValues.DomainName); String userName = parser.getArg(Arguments.user.toString()); @@ -548,6 +590,8 @@ String currentLdapServersEntry = configurationProvider.getConfigValue(ConfigValues.LdapServers); String currentAdUserIdEntry = configurationProvider.getConfigValue(ConfigValues.AdUserId); String currentLdapProviderTypeEntry = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); + String ldapServerPort = configurationProvider.getConfigValue(ConfigValues.LDAPServerPort); + DomainsConfigurationEntry adUserNameEntry = new DomainsConfigurationEntry(currentAdUserNameEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); @@ -585,6 +629,8 @@ authModeEntry, adUserIdEntry, ldapProviderTypeEntry, + ldapServersEntry, + ldapServerPort, true, false); @@ -630,8 +676,9 @@ DomainsConfigurationEntry gssapiDomains, DomainsConfigurationEntry userIds, DomainsConfigurationEntry ldapProviderTypes, + Map<String,List<String>> ldapServersPerDomainMap, String kerberosConfigFile, - boolean isValidate) throws ManageDomainsResult { + String ldapServerPort, boolean isValidate) throws ManageDomainsResult { Set<Entry<String, String>> gssapiDomainValues = gssapiDomains.getValues(); @@ -642,7 +689,8 @@ users.setValueForDomain(domain, constructUPN(currUserName, domain)); try { log.info("Testing kerberos configuration for domain: " + domain); - KerberosConfigCheck kerberosConfigCheck = new KerberosConfigCheck(ldapDnsResult); + List<String> ldapServersPerDomain = ldapServersPerDomainMap.get(ldapServers); + KerberosConfigCheck kerberosConfigCheck = new KerberosConfigCheck(ldapServersPerDomain, ldapServerPort); StringBuffer userGuid = new StringBuffer(); kerberosConfigCheck.checkInstallation(domain, users.getValueForDomain(domain), @@ -693,15 +741,15 @@ private ManageDomainsResult checkSimple(String domain, String userName, String password, - String address, - StringBuffer userGuid, LdapProviderType ldapProviderType) { + StringBuffer userGuid, LdapProviderType ldapProviderType, List<String> ldapServers) { log.info("Testing domain " + domain); SimpleAuthenticationCheck simpleAuthenticationCheck = new SimpleAuthenticationCheck(); - ReturnStatus returnStatus = - simpleAuthenticationCheck.printUserGuid(domain, userName, password, address, userGuid, ldapProviderType); - if (!returnStatus.equals(ReturnStatus.OK)) { + Pair<ReturnStatus,String> simpleCheckResult = + simpleAuthenticationCheck.printUserGuid(domain, userName, password, userGuid, ldapProviderType, ldapServers); + if (!simpleCheckResult.getFirst().equals(ReturnStatus.OK)) { + System.err.println(simpleCheckResult.getSecond()); return new ManageDomainsResult(ManageDomainsResultEnum.FAILURE_WHILE_TESTING_DOMAIN, - new String[] { domain, returnStatus.getDetailedMessage() }); + new String[] { domain, simpleCheckResult.getFirst().getDetailedMessage() }); } log.info("Successfully tested domain " + domain); return OK_RESULT; @@ -713,18 +761,18 @@ DomainsConfigurationEntry simpleDomains, DomainsConfigurationEntry userIds, DomainsConfigurationEntry ldapProviderType, - String address, + Map<String,List<String>> ldapServersMapPerDomainMap, boolean isValidate) throws ManageDomainsResult { Set<Entry<String, String>> simpleDomainValues = simpleDomains.getValues(); StringBuffer userGuid = new StringBuffer(); for (Entry<String, String> currDomain : simpleDomainValues) { String domain = currDomain.getKey(); + List<String> domainLdapServers = ldapServersMapPerDomainMap.get(domain); ManageDomainsResult result = checkSimple(domain, users.getValueForDomain(domain), passwords.getValueForDomain(domain), - address, - userGuid, LdapProviderType.valueOf(ldapProviderType.getValueForDomain(domain))); + userGuid, LdapProviderType.valueOf(ldapProviderType.getValueForDomain(domain)), domainLdapServers); if (!result.isSuccessful()) { if (isValidate || ((domainName != null) && !domain.equals(domainName))) { if (reportAllErrors) { @@ -754,13 +802,15 @@ DomainsConfigurationEntry authModes, DomainsConfigurationEntry userIds, DomainsConfigurationEntry ldapProviderType, - boolean reconfigure, + DomainsConfigurationEntry ldapServersEntry, + String ldapServerPort, boolean reconfigure, boolean isValidate) throws ManageDomainsResult { Set<Entry<String, String>> domainValues = domains.getValues(); DomainsConfigurationEntry gssapiDomains = new DomainsConfigurationEntry("", DOMAIN_SEPERATOR, null); DomainsConfigurationEntry simpleDomains = new DomainsConfigurationEntry("", DOMAIN_SEPERATOR, null); + for (Entry<String, String> currDomain : domainValues) { String domain = currDomain.getKey(); @@ -775,13 +825,30 @@ } } + Map<String,List<String>> ldapServersPerSimpleDomains = new HashMap<String, List<String>>(); + Map<String,List<String>> ldapServersPerGSSAPIDomains = new HashMap<String, List<String>>(); + + + for (Entry<String,String> currLdapServerEntry: ldapServersEntry.getValues()) { + System.out.println("current ldap server entry. domain " + currLdapServerEntry.getKey() + " server " + currLdapServerEntry.getValue()); + if (gssapiDomains.contains(currLdapServerEntry.getKey())) { + ldapServersPerGSSAPIDomains.put(currLdapServerEntry.getKey(), + new ArrayList<String>(Arrays.asList(currLdapServerEntry.getValue().split(",")))); + } else + { + ldapServersPerSimpleDomains.put(currLdapServerEntry.getKey(), + new ArrayList<String>(Arrays.asList(currLdapServerEntry.getValue().split(",")))); + + } + } + checkSimpleDomains(domainName, users, passwords, simpleDomains, userIds, ldapProviderType, - utilityConfiguration.getLocalHostEntry(), + ldapServersPerSimpleDomains, isValidate); boolean domainIsGssapi = gssapiDomains.doesDomainExist(domainName); @@ -800,7 +867,9 @@ gssapiDomains, userIds, ldapProviderType, + ldapServersPerGSSAPIDomains, kerberosConfigFile, + ldapServerPort, isValidate); if (domainIsGssapi && reconfigure) { applyKerberosConfiguration(); -- To view, visit http://gerrit.ovirt.org/11065 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic0904f9f6d9432ecac1cebee2790dae902a1329c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
