plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.ldap;

 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;

 import javax.inject.Inject;
 import javax.naming.NamingException;
 import javax.naming.ldap.LdapContext;
 import java.util.UUID;

 import org.apache.cloudstack.api.LdapValidator;
 import org.apache.cloudstack.api.command.LDAPConfigCmd;
 import org.apache.cloudstack.api.command.LDAPRemoveCmd;
 import org.apache.cloudstack.api.command.LdapAddConfigurationCmd;
 import org.apache.cloudstack.api.command.LdapCreateAccountCmd;
 import org.apache.cloudstack.api.command.LdapDeleteConfigurationCmd;
 import org.apache.cloudstack.api.command.LdapImportUsersCmd;
 import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
 import org.apache.cloudstack.api.command.LdapListUsersCmd;
 import org.apache.cloudstack.api.command.LdapUserSearchCmd;
 import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
 import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
 import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
 import org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
 import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
 import org.apache.cloudstack.ldap.dao.LdapTrustMapDao;
 import org.apache.commons.lang.Validate;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;

 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.Pair;

 @Component
 public class LdapManagerImpl implements LdapManager, LdapValidator {
     private static final Logger s_logger = Logger.getLogger(LdapManagerImpl.class.getName());

     @Inject
     private LdapConfigurationDao _ldapConfigurationDao;

     @Inject
     private DomainDao domainDao;

     @Inject
     private AccountDao accountDao;

     @Inject
     private LdapContextFactory _ldapContextFactory;

     @Inject
     private LdapConfiguration _ldapConfiguration;

     @Inject LdapUserManagerFactory _ldapUserManagerFactory;

     @Inject
     LdapTrustMapDao _ldapTrustMapDao;


     public LdapManagerImpl() {
         super();
     }

     public LdapManagerImpl(final LdapConfigurationDao ldapConfigurationDao, final LdapContextFactory ldapContextFactory, final LdapUserManagerFactory ldapUserManagerFactory,
                            final LdapConfiguration ldapConfiguration) {
         super();
         _ldapConfigurationDao = ldapConfigurationDao;
         _ldapContextFactory = ldapContextFactory;
         _ldapUserManagerFactory = ldapUserManagerFactory;
         _ldapConfiguration = ldapConfiguration;
     }

     @Override
     public LdapConfigurationResponse addConfiguration(final LdapAddConfigurationCmd cmd) throws InvalidParameterValueException {
         return addConfigurationInternal(cmd.getHostname(),cmd.getPort(),cmd.getDomainId());
     }

     @Override // TODO make private
     public LdapConfigurationResponse addConfiguration(final String hostname, int port, final Long domainId) throws InvalidParameterValueException {
         return addConfigurationInternal(hostname,port,domainId);
     }

     private LdapConfigurationResponse addConfigurationInternal(final String hostname, int port, final Long domainId) throws InvalidParameterValueException {
         // TODO evaluate what the right default should be
         if(port <= 0) {
             port = 389;
         }

         // hostname:port is unique for domain binding
         LdapConfigurationVO configuration = _ldapConfigurationDao.find(hostname, port, domainId);
         if (configuration == null) {
             LdapContext context = null;
             try {
                 final String providerUrl = "ldap://" + hostname + ":" + port;
                 context = _ldapContextFactory.createBindContext(providerUrl,domainId);
                 configuration = new LdapConfigurationVO(hostname, port, domainId);
                 _ldapConfigurationDao.persist(configuration);
                 s_logger.info("Added new ldap server with url: " + providerUrl + (domainId == null ? "": " for domain " + domainId));
                 return createLdapConfigurationResponse(configuration);
             } catch (NamingException | IOException e) {
                 s_logger.debug("NamingException while doing an LDAP bind", e);
                 throw new InvalidParameterValueException("Unable to bind to the given LDAP server");
             } finally {
                 closeContext(context);
             }
         } else {
             throw new InvalidParameterValueException("Duplicate configuration");
         }
     }

     /**
      * TODO decide if the principal is good enough to get the domain id or we need to add it as parameter
      * @param principal
      * @param password
      * @param domainId
      * @return
      */
     @Override
     public boolean canAuthenticate(final String principal, final String password, final Long domainId) {
         try {
             // TODO return the right account for this user
             final LdapContext context = _ldapContextFactory.createUserContext(principal, password,domainId);
             closeContext(context);
             return true;
         } catch (NamingException | IOException e) {
             s_logger.debug("Exception while doing an LDAP bind for user "+" "+principal, e);
             s_logger.info("Failed to authenticate user: " + principal + ". incorrect password.");
             return false;
         }
     }

     private void closeContext(final LdapContext context) {
         try {
             if (context != null) {
                 context.close();
             }
         } catch (final NamingException e) {
             s_logger.warn(e.getMessage(), e);
         }
     }

     @Override
     public LdapConfigurationResponse createLdapConfigurationResponse(final LdapConfigurationVO configuration) {
         String domainUuid = null;
         if(configuration.getDomainId() != null) {
             domainUuid = domainDao.findById(configuration.getDomainId()).getUuid();
         }
         return new LdapConfigurationResponse(configuration.getHostname(), configuration.getPort(), domainUuid);
     }

     @Override
     public LdapUserResponse createLdapUserResponse(final LdapUser user) {
         final LdapUserResponse response = new LdapUserResponse();
         response.setUsername(user.getUsername());
         response.setFirstname(user.getFirstname());
         response.setLastname(user.getLastname());
         response.setEmail(user.getEmail());
         response.setPrincipal(user.getPrincipal());
         response.setDomain(user.getDomain());
         return response;
     }

     @Override
     public LdapConfigurationResponse deleteConfiguration(final LdapDeleteConfigurationCmd cmd) throws InvalidParameterValueException {
         return deleteConfigurationInternal(cmd.getHostname(), cmd.getPort(), cmd.getDomainId());
     }

     @Override
     public LdapConfigurationResponse deleteConfiguration(final String hostname, int port, Long domainId) throws InvalidParameterValueException {
         return deleteConfigurationInternal(hostname, port, domainId);
     }

     private LdapConfigurationResponse deleteConfigurationInternal(final String hostname, int port, Long domainId) throws InvalidParameterValueException {
         final LdapConfigurationVO configuration = _ldapConfigurationDao.find(hostname,port,domainId);
         if (configuration == null) {
             throw new InvalidParameterValueException("Cannot find configuration with hostname " + hostname);
         } else {
             _ldapConfigurationDao.remove(configuration.getId());
             s_logger.info("Removed ldap server with url: " + hostname + ':' + port + (domainId == null ? "" : " for domain id " + domainId));
             return createLdapConfigurationResponse(configuration);
         }
     }

     @Override
     public List<Class<?>> getCommands() {
         final List<Class<?>> cmdList = new ArrayList<Class<?>>();
         cmdList.add(LdapUserSearchCmd.class);
         cmdList.add(LdapListUsersCmd.class);
         cmdList.add(LdapAddConfigurationCmd.class);
         cmdList.add(LdapDeleteConfigurationCmd.class);
         cmdList.add(LdapListConfigurationCmd.class);
         cmdList.add(LdapCreateAccountCmd.class);
         cmdList.add(LdapImportUsersCmd.class);
         cmdList.add(LDAPConfigCmd.class);
         cmdList.add(LDAPRemoveCmd.class);
         cmdList.add(LinkDomainToLdapCmd.class);
         cmdList.add(LinkAccountToLdapCmd.class);
         return cmdList;
     }

     @Override
     public LdapUser getUser(final String username, Long domainId) throws NoLdapUserMatchingQueryException {
         LdapContext context = null;
         try {
             context = _ldapContextFactory.createBindContext(domainId);

             final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
             return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUser(escapedUsername, context, domainId);

         } catch (NamingException | IOException e) {
             s_logger.debug("ldap Exception: ",e);
             throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username);
         } finally {
             closeContext(context);
         }
     }

     @Override
     public LdapUser getUser(final String username, final String type, final String name, Long domainId) throws NoLdapUserMatchingQueryException {
         LdapContext context = null;
         try {
             context = _ldapContextFactory.createBindContext(domainId);
             final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
             return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUser(escapedUsername, type, name, context, domainId);
         } catch (NamingException | IOException e) {
             s_logger.debug("ldap Exception: ",e);
             throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username + " in group: " + name + " of type: " + type);
         } finally {
             closeContext(context);
         }
     }

     @Override
     public List<LdapUser> getUsers(Long domainId) throws NoLdapUserMatchingQueryException {
         LdapContext context = null;
         try {
             context = _ldapContextFactory.createBindContext(domainId);
             return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(domainId)).getUsers(context, domainId);
         } catch (NamingException | IOException e) {
             s_logger.debug("ldap Exception: ",e);
             throw new NoLdapUserMatchingQueryException("*");
         } finally {
             closeContext(context);
         }
     }

     @Override
     public List<LdapUser> getUsersInGroup(String groupName, Long domainId) throws NoLdapUserMatchingQueryException {
         LdapContext context = null;
         try {
             context = _ldapContextFactory.createBindContext(domainId);
             return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(domainId)).getUsersInGroup(groupName, context, domainId);
         } catch (NamingException | IOException e) {
             s_logger.debug("ldap NamingException: ",e);
             throw new NoLdapUserMatchingQueryException("groupName=" + groupName);
         } finally {
             closeContext(context);
         }
     }

     @Override
     public boolean isLdapEnabled() {
         return listConfigurations(new LdapListConfigurationCmd(this)).second() > 0;
     }

     @Override
     public Pair<List<? extends LdapConfigurationVO>, Integer> listConfigurations(final LdapListConfigurationCmd cmd) {
         final String hostname = cmd.getHostname();
         final int port = cmd.getPort();
         final Long domainId = cmd.getDomainId();
         final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(hostname, port, domainId);
         return new Pair<List<? extends LdapConfigurationVO>, Integer>(result.first(), result.second());
     }

     @Override
     public List<LdapUser> searchUsers(final String username) throws NoLdapUserMatchingQueryException {
         LdapContext context = null;
         try {
             // TODO search users per domain (only?)
             context = _ldapContextFactory.createBindContext(null);
             final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
             return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUsers("*" + escapedUsername + "*", context, null);
         } catch (NamingException | IOException e) {
             s_logger.debug("ldap Exception: ",e);
             throw new NoLdapUserMatchingQueryException(username);
         } finally {
             closeContext(context);
         }
     }

     @Override
     public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) {
         Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not link a domain unless a basedn is configured for it.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
         return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),cmd.getLdapDomain(),cmd.getAccountType());
     }

     private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType) {
         Validate.notNull(type, "type cannot be null. It should either be GROUP or OU");
         Validate.notNull(domainId, "domainId cannot be null.");
         Validate.notEmpty(name, "GROUP or OU name cannot be empty");
         //Account type should be 0 or 2. check the constants in com.cloud.user.Account
         Validate.isTrue(accountType==0 || accountType==2, "accountype should be either 0(normal user) or 2(domain admin)");
         LinkType linkType = LdapManager.LinkType.valueOf(type.toUpperCase());
         LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, linkType, name, accountType, 0));
         DomainVO domain = domainDao.findById(vo.getDomainId());
         String domainUuid = "<unknown>";
         if (domain == null) {
             s_logger.error("no domain in database for id " + vo.getDomainId());
         } else {
             domainUuid = domain.getUuid();
         }
         LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType());
         return response;
     }

     @Override
     public LdapTrustMapVO getDomainLinkedToLdap(long domainId){
         return _ldapTrustMapDao.findByDomainId(domainId);
     }

     @Override
     public List<LdapTrustMapVO> getDomainLinkage(long domainId){
         return _ldapTrustMapDao.searchByDomainId(domainId);
     }

     public LdapTrustMapVO getAccountLinkedToLdap(long domainId, long accountId){
         return _ldapTrustMapDao.findByAccount(domainId, accountId);
     }

     @Override
     public LdapTrustMapVO getLinkedLdapGroup(long domainId, String group) {
         return _ldapTrustMapDao.findGroupInDomain(domainId, group);
     }

     @Override
     public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
         Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured");
         Validate.notNull(cmd.getDomainId(), "domainId cannot be null.");
         Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
         Validate.notNull(cmd.getType(), "type cannot be null. It should either be GROUP or OU");
         Validate.notEmpty(cmd.getLdapDomain(), "GROUP or OU name cannot be empty");

         LinkType linkType = LdapManager.LinkType.valueOf(cmd.getType().toUpperCase());
         Account account = accountDao.findActiveAccount(cmd.getAccountName(),cmd.getDomainId());
         if (account == null) {
             account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), UUID.randomUUID().toString());
             accountDao.persist((AccountVO)account);
         }
         Long accountId = account.getAccountId();
         LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(cmd.getDomainId(), linkType, cmd.getLdapDomain(), cmd.getAccountType(), accountId));
         DomainVO domain = domainDao.findById(vo.getDomainId());
         String domainUuid = "<unknown>";
         if (domain == null) {
             s_logger.error("no domain in database for id " + vo.getDomainId());
         } else {
             domainUuid = domain.getUuid();
         }

         LinkAccountToLdapResponse response = new LinkAccountToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType(), account.getUuid(), cmd.getAccountName());
         return response;
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package org.apache.cloudstack.ldap;

	import java.io.IOException;
	import java.util.ArrayList;
	import java.util.List;

	import javax.inject.Inject;
	import javax.naming.NamingException;
	import javax.naming.ldap.LdapContext;
	import java.util.UUID;

	import org.apache.cloudstack.api.LdapValidator;
	import org.apache.cloudstack.api.command.LDAPConfigCmd;
	import org.apache.cloudstack.api.command.LDAPRemoveCmd;
	import org.apache.cloudstack.api.command.LdapAddConfigurationCmd;
	import org.apache.cloudstack.api.command.LdapCreateAccountCmd;
	import org.apache.cloudstack.api.command.LdapDeleteConfigurationCmd;
	import org.apache.cloudstack.api.command.LdapImportUsersCmd;
	import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
	import org.apache.cloudstack.api.command.LdapListUsersCmd;
	import org.apache.cloudstack.api.command.LdapUserSearchCmd;
	import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
	import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
	import org.apache.cloudstack.api.response.LdapConfigurationResponse;
	import org.apache.cloudstack.api.response.LdapUserResponse;
	import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
	import org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
	import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
	import org.apache.cloudstack.ldap.dao.LdapTrustMapDao;
	import org.apache.commons.lang.Validate;
	import org.apache.log4j.Logger;
	import org.springframework.stereotype.Component;

	import com.cloud.domain.DomainVO;
	import com.cloud.domain.dao.DomainDao;
	import com.cloud.exception.InvalidParameterValueException;
	import com.cloud.user.Account;
	import com.cloud.user.AccountVO;
	import com.cloud.user.dao.AccountDao;
	import com.cloud.utils.Pair;

	@Component
	public class LdapManagerImpl implements LdapManager, LdapValidator {
	private static final Logger s_logger = Logger.getLogger(LdapManagerImpl.class.getName());

	@Inject
	private LdapConfigurationDao _ldapConfigurationDao;

	@Inject
	private DomainDao domainDao;

	@Inject
	private AccountDao accountDao;

	@Inject
	private LdapContextFactory _ldapContextFactory;

	@Inject
	private LdapConfiguration _ldapConfiguration;

	@Inject LdapUserManagerFactory _ldapUserManagerFactory;

	@Inject
	LdapTrustMapDao _ldapTrustMapDao;


	public LdapManagerImpl() {
	super();
	}

	public LdapManagerImpl(final LdapConfigurationDao ldapConfigurationDao, final LdapContextFactory ldapContextFactory, final LdapUserManagerFactory ldapUserManagerFactory,
	final LdapConfiguration ldapConfiguration) {
	super();
	_ldapConfigurationDao = ldapConfigurationDao;
	_ldapContextFactory = ldapContextFactory;
	_ldapUserManagerFactory = ldapUserManagerFactory;
	_ldapConfiguration = ldapConfiguration;
	}

	@Override
	public LdapConfigurationResponse addConfiguration(final LdapAddConfigurationCmd cmd) throws InvalidParameterValueException {
	return addConfigurationInternal(cmd.getHostname(),cmd.getPort(),cmd.getDomainId());
	}

	@Override // TODO make private
	public LdapConfigurationResponse addConfiguration(final String hostname, int port, final Long domainId) throws InvalidParameterValueException {
	return addConfigurationInternal(hostname,port,domainId);
	}

	private LdapConfigurationResponse addConfigurationInternal(final String hostname, int port, final Long domainId) throws InvalidParameterValueException {
	// TODO evaluate what the right default should be
	if(port <= 0) {
	port = 389;
	}

	// hostname:port is unique for domain binding
	LdapConfigurationVO configuration = _ldapConfigurationDao.find(hostname, port, domainId);
	if (configuration == null) {
	LdapContext context = null;
	try {
	final String providerUrl = "ldap://" + hostname + ":" + port;
	context = _ldapContextFactory.createBindContext(providerUrl,domainId);
	configuration = new LdapConfigurationVO(hostname, port, domainId);
	_ldapConfigurationDao.persist(configuration);
	s_logger.info("Added new ldap server with url: " + providerUrl + (domainId == null ? "": " for domain " + domainId));
	return createLdapConfigurationResponse(configuration);
	} catch (NamingException \| IOException e) {
	s_logger.debug("NamingException while doing an LDAP bind", e);
	throw new InvalidParameterValueException("Unable to bind to the given LDAP server");
	} finally {
	closeContext(context);
	}
	} else {
	throw new InvalidParameterValueException("Duplicate configuration");
	}
	}

	/**
	* TODO decide if the principal is good enough to get the domain id or we need to add it as parameter
	* @param principal
	* @param password
	* @param domainId
	* @return
	*/
	@Override
	public boolean canAuthenticate(final String principal, final String password, final Long domainId) {
	try {
	// TODO return the right account for this user
	final LdapContext context = _ldapContextFactory.createUserContext(principal, password,domainId);
	closeContext(context);
	return true;
	} catch (NamingException \| IOException e) {
	s_logger.debug("Exception while doing an LDAP bind for user "+" "+principal, e);
	s_logger.info("Failed to authenticate user: " + principal + ". incorrect password.");
	return false;
	}
	}

	private void closeContext(final LdapContext context) {
	try {
	if (context != null) {
	context.close();
	}
	} catch (final NamingException e) {
	s_logger.warn(e.getMessage(), e);
	}
	}

	@Override
	public LdapConfigurationResponse createLdapConfigurationResponse(final LdapConfigurationVO configuration) {
	String domainUuid = null;
	if(configuration.getDomainId() != null) {
	domainUuid = domainDao.findById(configuration.getDomainId()).getUuid();
	}
	return new LdapConfigurationResponse(configuration.getHostname(), configuration.getPort(), domainUuid);
	}

	@Override
	public LdapUserResponse createLdapUserResponse(final LdapUser user) {
	final LdapUserResponse response = new LdapUserResponse();
	response.setUsername(user.getUsername());
	response.setFirstname(user.getFirstname());
	response.setLastname(user.getLastname());
	response.setEmail(user.getEmail());
	response.setPrincipal(user.getPrincipal());
	response.setDomain(user.getDomain());
	return response;
	}

	@Override
	public LdapConfigurationResponse deleteConfiguration(final LdapDeleteConfigurationCmd cmd) throws InvalidParameterValueException {
	return deleteConfigurationInternal(cmd.getHostname(), cmd.getPort(), cmd.getDomainId());
	}

	@Override
	public LdapConfigurationResponse deleteConfiguration(final String hostname, int port, Long domainId) throws InvalidParameterValueException {
	return deleteConfigurationInternal(hostname, port, domainId);
	}

	private LdapConfigurationResponse deleteConfigurationInternal(final String hostname, int port, Long domainId) throws InvalidParameterValueException {
	final LdapConfigurationVO configuration = _ldapConfigurationDao.find(hostname,port,domainId);
	if (configuration == null) {
	throw new InvalidParameterValueException("Cannot find configuration with hostname " + hostname);
	} else {
	_ldapConfigurationDao.remove(configuration.getId());
	s_logger.info("Removed ldap server with url: " + hostname + ':' + port + (domainId == null ? "" : " for domain id " + domainId));
	return createLdapConfigurationResponse(configuration);
	}
	}

	@Override
	public List<Class<?>> getCommands() {
	final List<Class<?>> cmdList = new ArrayList<Class<?>>();
	cmdList.add(LdapUserSearchCmd.class);
	cmdList.add(LdapListUsersCmd.class);
	cmdList.add(LdapAddConfigurationCmd.class);
	cmdList.add(LdapDeleteConfigurationCmd.class);
	cmdList.add(LdapListConfigurationCmd.class);
	cmdList.add(LdapCreateAccountCmd.class);
	cmdList.add(LdapImportUsersCmd.class);
	cmdList.add(LDAPConfigCmd.class);
	cmdList.add(LDAPRemoveCmd.class);
	cmdList.add(LinkDomainToLdapCmd.class);
	cmdList.add(LinkAccountToLdapCmd.class);
	return cmdList;
	}

	@Override
	public LdapUser getUser(final String username, Long domainId) throws NoLdapUserMatchingQueryException {
	LdapContext context = null;
	try {
	context = _ldapContextFactory.createBindContext(domainId);

	final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
	return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUser(escapedUsername, context, domainId);

	} catch (NamingException \| IOException e) {
	s_logger.debug("ldap Exception: ",e);
	throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username);
	} finally {
	closeContext(context);
	}
	}

	@Override
	public LdapUser getUser(final String username, final String type, final String name, Long domainId) throws NoLdapUserMatchingQueryException {
	LdapContext context = null;
	try {
	context = _ldapContextFactory.createBindContext(domainId);
	final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
	return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUser(escapedUsername, type, name, context, domainId);
	} catch (NamingException \| IOException e) {
	s_logger.debug("ldap Exception: ",e);
	throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username + " in group: " + name + " of type: " + type);
	} finally {
	closeContext(context);
	}
	}

	@Override
	public List<LdapUser> getUsers(Long domainId) throws NoLdapUserMatchingQueryException {
	LdapContext context = null;
	try {
	context = _ldapContextFactory.createBindContext(domainId);
	return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(domainId)).getUsers(context, domainId);
	} catch (NamingException \| IOException e) {
	s_logger.debug("ldap Exception: ",e);
	throw new NoLdapUserMatchingQueryException("*");
	} finally {
	closeContext(context);
	}
	}

	@Override
	public List<LdapUser> getUsersInGroup(String groupName, Long domainId) throws NoLdapUserMatchingQueryException {
	LdapContext context = null;
	try {
	context = _ldapContextFactory.createBindContext(domainId);
	return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(domainId)).getUsersInGroup(groupName, context, domainId);
	} catch (NamingException \| IOException e) {
	s_logger.debug("ldap NamingException: ",e);
	throw new NoLdapUserMatchingQueryException("groupName=" + groupName);
	} finally {
	closeContext(context);
	}
	}

	@Override
	public boolean isLdapEnabled() {
	return listConfigurations(new LdapListConfigurationCmd(this)).second() > 0;
	}

	@Override
	public Pair<List<? extends LdapConfigurationVO>, Integer> listConfigurations(final LdapListConfigurationCmd cmd) {
	final String hostname = cmd.getHostname();
	final int port = cmd.getPort();
	final Long domainId = cmd.getDomainId();
	final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(hostname, port, domainId);
	return new Pair<List<? extends LdapConfigurationVO>, Integer>(result.first(), result.second());
	}

	@Override
	public List<LdapUser> searchUsers(final String username) throws NoLdapUserMatchingQueryException {
	LdapContext context = null;
	try {
	// TODO search users per domain (only?)
	context = _ldapContextFactory.createBindContext(null);
	final String escapedUsername = LdapUtils.escapeLDAPSearchFilter(username);
	return _ldapUserManagerFactory.getInstance(_ldapConfiguration.getLdapProvider(null)).getUsers("" + escapedUsername + "", context, null);
	} catch (NamingException \| IOException e) {
	s_logger.debug("ldap Exception: ",e);
	throw new NoLdapUserMatchingQueryException(username);
	} finally {
	closeContext(context);
	}
	}

	@Override
	public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) {
	Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not link a domain unless a basedn is configured for it.");
	Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
	return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),cmd.getLdapDomain(),cmd.getAccountType());
	}

	private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, short accountType) {
	Validate.notNull(type, "type cannot be null. It should either be GROUP or OU");
	Validate.notNull(domainId, "domainId cannot be null.");
	Validate.notEmpty(name, "GROUP or OU name cannot be empty");
	//Account type should be 0 or 2. check the constants in com.cloud.user.Account
	Validate.isTrue(accountType==0 \|\| accountType==2, "accountype should be either 0(normal user) or 2(domain admin)");
	LinkType linkType = LdapManager.LinkType.valueOf(type.toUpperCase());
	LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, linkType, name, accountType, 0));
	DomainVO domain = domainDao.findById(vo.getDomainId());
	String domainUuid = "<unknown>";
	if (domain == null) {
	s_logger.error("no domain in database for id " + vo.getDomainId());
	} else {
	domainUuid = domain.getUuid();
	}
	LinkDomainToLdapResponse response = new LinkDomainToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType());
	return response;
	}

	@Override
	public LdapTrustMapVO getDomainLinkedToLdap(long domainId){
	return _ldapTrustMapDao.findByDomainId(domainId);
	}

	@Override
	public List<LdapTrustMapVO> getDomainLinkage(long domainId){
	return _ldapTrustMapDao.searchByDomainId(domainId);
	}

	public LdapTrustMapVO getAccountLinkedToLdap(long domainId, long accountId){
	return _ldapTrustMapDao.findByAccount(domainId, accountId);
	}

	@Override
	public LdapTrustMapVO getLinkedLdapGroup(long domainId, String group) {
	return _ldapTrustMapDao.findGroupInDomain(domainId, group);
	}

	@Override
	public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
	Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured");
	Validate.notNull(cmd.getDomainId(), "domainId cannot be null.");
	Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty.");
	Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
	Validate.notNull(cmd.getType(), "type cannot be null. It should either be GROUP or OU");
	Validate.notEmpty(cmd.getLdapDomain(), "GROUP or OU name cannot be empty");

	LinkType linkType = LdapManager.LinkType.valueOf(cmd.getType().toUpperCase());
	Account account = accountDao.findActiveAccount(cmd.getAccountName(),cmd.getDomainId());
	if (account == null) {
	account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), UUID.randomUUID().toString());
	accountDao.persist((AccountVO)account);
	}
	Long accountId = account.getAccountId();
	LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(cmd.getDomainId(), linkType, cmd.getLdapDomain(), cmd.getAccountType(), accountId));
	DomainVO domain = domainDao.findById(vo.getDomainId());
	String domainUuid = "<unknown>";
	if (domain == null) {
	s_logger.error("no domain in database for id " + vo.getDomainId());
	} else {
	domainUuid = domain.getUuid();
	}

	LinkAccountToLdapResponse response = new LinkAccountToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType(), account.getUuid(), cmd.getAccountName());
	return response;
	}
	}