Google Git
Sign in
apache / cloudstack / 47f5c656ac4365f4fe47b3c95f7a554b2e6e62f3 / . / plugins / user-authenticators / ldap / src / main / java / org / apache / cloudstack / ldap / LdapConfiguration.java
blob: 259d613f6d9e321f28c74c90fffa1570e661d1cd [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.ldap;
import java.util.List;
import javax.inject.Inject;
import javax.naming.directory.SearchControls;
import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.config.Configurable;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import com.cloud.utils.Pair;
import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
public class LdapConfiguration implements Configurable{
private final static String factory = "com.sun.jndi.ldap.LdapCtxFactory";
private static final ConfigKey<Long> ldapReadTimeout = new ConfigKey<Long>(
Long.class,
"ldap.read.timeout",
"Advanced",
"1000",
"LDAP connection Timeout in milli sec",
true,
ConfigKey.Scope.Domain,
1l);
private static final ConfigKey<Integer> ldapPageSize = new ConfigKey<Integer>(
Integer.class,
"ldap.request.page.size",
"Advanced",
"1000",
"page size sent to ldap server on each request to get user",
true,
ConfigKey.Scope.Domain,
1);
private static final ConfigKey<Boolean> ldapEnableNestedGroups = new ConfigKey<Boolean>(
"Advanced",
Boolean.class,
"ldap.nested.groups.enable",
"true",
"if true, nested groups will also be queried",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapMemberOfAttribute = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.user.memberof.attribute",
"memberof",
"the reverse membership attibute for group members",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapProvider = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.provider",
"openldap",
"ldap provider ex:openldap, microsoftad",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBaseDn = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.basedn",
null,
"Sets the basedn for LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPassword = new ConfigKey<String>(
"Secure",
String.class,
"ldap.bind.password",
null,
"Sets the bind password for LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPrincipal = new ConfigKey<String>(
"Secure",
String.class,
"ldap.bind.principal",
null,
"Sets the bind principal for LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapEmailAttribute = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.email.attribute",
"mail",
"Sets the email attribute used within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapFirstnameAttribute = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.firstname.attribute",
"givenname",
"Sets the firstname attribute used within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapLastnameAttribute = new ConfigKey<String>(
"Advanced",
String.class, "ldap.lastname.attribute",
"sn",
"Sets the lastname attribute used within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapUsernameAttribute = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.username.attribute",
"uid",
"Sets the username attribute used within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapUserObject = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.user.object",
"inetOrgPerson",
"Sets the object type of users within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapSearchGroupPrinciple = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.search.group.principle",
null,
"Sets the principle of the group that users must be a member of",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapGroupObject = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.group.object",
"groupOfUniqueNames",
"Sets the object type of groups within LDAP",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapGroupUniqueMemberAttribute = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.group.user.uniquemember",
"uniquemember",
"Sets the attribute for uniquemembers within a group",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapTrustStore = new ConfigKey<String>(
"Advanced",
String.class,
"ldap.truststore",
null,
"Sets the path to the truststore to use for SSL",
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapTrustStorePassword = new ConfigKey<String>(
"Secure",
String.class,
"ldap.truststore.password",
null,
"Sets the password for the truststore",
true,
ConfigKey.Scope.Domain);
private final static int scope = SearchControls.SUBTREE_SCOPE;
@Inject
private LdapConfigurationDao _ldapConfigurationDao;
public LdapConfiguration() {
}
public LdapConfiguration(final LdapConfigurationDao ldapConfigurationDao) {
_ldapConfigurationDao = ldapConfigurationDao;
}
@Deprecated
public LdapConfiguration(final ConfigurationDao configDao, final LdapConfigurationDao ldapConfigurationDao) {
_ldapConfigurationDao = ldapConfigurationDao;
}
public String getAuthentication(final Long domainId) {
if ((getBindPrincipal(domainId) == null) && (getBindPassword(domainId) == null)) {
return "none";
} else {
return "simple";
}
}
public String getBaseDn(final Long domainId) {
return ldapBaseDn.valueIn(domainId);
}
public String getBindPassword(final Long domainId) {
return ldapBindPassword.valueIn(domainId);
}
public String getBindPrincipal(final Long domainId) {
return ldapBindPrincipal.valueIn(domainId);
}
public String getEmailAttribute(final Long domainId) {
return ldapEmailAttribute.valueIn(domainId);
}
public String getFactory() {
return factory;
}
public String getFirstnameAttribute(final Long domainId) {
return ldapFirstnameAttribute.valueIn(domainId);
}
public String getLastnameAttribute(final Long domainId) {
return ldapLastnameAttribute.valueIn(domainId);
}
public String getProviderUrl(final Long domainId) {
final String protocol = getSSLStatus() == true ? "ldaps://" : "ldap://";
final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(null, 0, domainId);
final StringBuilder providerUrls = new StringBuilder();
String delim = "";
for (final LdapConfigurationVO resource : result.first()) {
final String providerUrl = protocol + resource.getHostname() + ":" + resource.getPort();
providerUrls.append(delim).append(providerUrl);
delim = " ";
}
return providerUrls.toString();
}
public String[] getReturnAttributes(final Long domainId) {
return new String[] {
getUsernameAttribute(domainId),
getEmailAttribute(domainId),
getFirstnameAttribute(domainId),
getLastnameAttribute(domainId),
getCommonNameAttribute(),
getUserAccountControlAttribute(),
getUserMemberOfAttribute(domainId)
};
}
public int getScope() {
return scope;
}
public String getSearchGroupPrinciple(final Long domainId) {
return ldapSearchGroupPrinciple.valueIn(domainId);
}
public boolean getSSLStatus() {
boolean sslStatus = false;
if (getTrustStore() != null && getTrustStorePassword() != null) {
sslStatus = true;
}
return sslStatus;
}
public String getTrustStore() {
return ldapTrustStore.value();
}
public String getTrustStorePassword() {
return ldapTrustStorePassword.value();
}
public String getUsernameAttribute(final Long domainId) {
return ldapUsernameAttribute.valueIn(domainId);
}
public String getUserObject(final Long domainId) {
return ldapUserObject.valueIn(domainId);
}
public String getGroupObject(final Long domainId) {
return ldapGroupObject.valueIn(domainId);
}
public String getGroupUniqueMemberAttribute(final Long domainId) {
return ldapGroupUniqueMemberAttribute.valueIn(domainId);
}
// TODO remove hard-coding
public String getCommonNameAttribute() {
return "cn";
}
// TODO remove hard-coding
public String getUserAccountControlAttribute() {
return "userAccountControl";
}
public Long getReadTimeout(final Long domainId) {
return ldapReadTimeout.valueIn(domainId);
}
public Integer getLdapPageSize(final Long domainId) {
return ldapPageSize.valueIn(domainId);
}
public LdapUserManager.Provider getLdapProvider(final Long domainId) {
LdapUserManager.Provider provider;
try {
provider = LdapUserManager.Provider.valueOf(ldapProvider.valueIn(domainId).toUpperCase());
} catch (IllegalArgumentException ex) {
//openldap is the default
provider = LdapUserManager.Provider.OPENLDAP;
}
return provider;
}
public boolean isNestedGroupsEnabled(final Long domainId) {
return ldapEnableNestedGroups.valueIn(domainId);
}
public static String getUserMemberOfAttribute(final Long domainId) {
return ldapMemberOfAttribute.valueIn(domainId);
}
@Override
public String getConfigComponentName() {
return LdapConfiguration.class.getSimpleName();
}
@Override
public ConfigKey<?>[] getConfigKeys() {
return new ConfigKey<?>[]{
ldapReadTimeout,
ldapPageSize,
ldapProvider,
ldapEnableNestedGroups,
ldapBaseDn,
ldapBindPassword,
ldapBindPrincipal,
ldapEmailAttribute,
ldapFirstnameAttribute,
ldapLastnameAttribute,
ldapUsernameAttribute,
ldapUserObject,
ldapSearchGroupPrinciple,
ldapGroupObject,
ldapGroupUniqueMemberAttribute,
ldapTrustStore,
ldapTrustStorePassword,
ldapMemberOfAttribute
};
}
}