// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.LDAPConfigResponse;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
import org.apache.cloudstack.ldap.LdapConfiguration;
import org.apache.cloudstack.ldap.LdapConfigurationVO;
import org.apache.cloudstack.ldap.LdapManager;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.utils.Pair;
/**
* @deprecated as of 4.3 use the new api {@link LdapAddConfigurationCmd}
*/
@Deprecated
@APICommand(name = "ldapConfig", description = "Configure the LDAP context for this site.", responseObject = LDAPConfigResponse.class, since = "3.0.0",
requestHasSensitiveInfo = true, responseHasSensitiveInfo = false)
public class LDAPConfigCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(LDAPConfigCmd.class.getName());
private static final String s_name = "ldapconfigresponse";
@Inject
private ConfigurationDao _configDao;
@Inject
private LdapManager _ldapManager;
@Inject
private LdapConfiguration _ldapConfiguration;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.LIST_ALL, type = CommandType.BOOLEAN, description = "If true return current LDAP configuration")
private Boolean listAll;
@Parameter(name = ApiConstants.HOST_NAME, type = CommandType.STRING, description = "Hostname or ip address of the ldap server eg: my.ldap.com")
private String hostname;
@Parameter(name = ApiConstants.PORT, type = CommandType.INTEGER, description = "Specify the LDAP port if required, default is 389.")
private Integer port = 0;
@Parameter(name = ApiConstants.USE_SSL, type = CommandType.BOOLEAN, description = "Check Use SSL if the external LDAP server is configured for LDAP over SSL.")
private Boolean useSSL;
@Parameter(name = ApiConstants.SEARCH_BASE,
type = CommandType.STRING,
description = "The search base defines the starting point for the search in the directory tree Example: dc=cloud,dc=com.")
private String searchBase;
@Parameter(name = ApiConstants.QUERY_FILTER,
type = CommandType.STRING,
description = "You specify a query filter here, which narrows down the users, who can be part of this domain.")
private String queryFilter;
@Parameter(name = ApiConstants.BIND_DN,
type = CommandType.STRING,
description = "Specify the distinguished name of a user with the search permission on the directory.")
private String bindDN;
@Parameter(name = ApiConstants.BIND_PASSWORD, type = CommandType.STRING, description = "Enter the password.")
private String bindPassword;
@Parameter(name = ApiConstants.TRUST_STORE, type = CommandType.STRING, description = "Enter the path to trust certificates store.")
private String trustStore;
@Parameter(name = ApiConstants.TRUST_STORE_PASSWORD, type = CommandType.STRING, description = "Enter the password for trust store.")
private String trustStorePassword;
public Boolean getListAll() {
return listAll == null ? Boolean.FALSE : listAll;
}
public String getBindPassword() {
return bindPassword;
}
public String getBindDN() {
return bindDN;
}
public void setBindDN(String bdn) {
bindDN = bdn;
}
public String getQueryFilter() {
return queryFilter;
}
public void setQueryFilter(String queryFilter) {
this.queryFilter = StringEscapeUtils.unescapeHtml(queryFilter);
}
public String getSearchBase() {
return searchBase;
}
public void setSearchBase(String searchBase) {
this.searchBase = searchBase;
}
public Boolean getUseSSL() {
return useSSL == null ? Boolean.FALSE : useSSL;
}
public void setUseSSL(Boolean useSSL) {
this.useSSL = useSSL;
}
public String getHostname() {
return hostname;
}
public void setHostname(String hostname) {
this.hostname = hostname;
}
public Integer getPort() {
return (Integer)(port.intValue() <= 0 ? 389 : port.intValue());
}
public void setPort(Integer port) {
this.port = port;
}
public String getTrustStore() {
return trustStore;
}
public void setTrustStore(String trustStore) {
this.trustStore = trustStore;
}
public String getTrustStorePassword() {
return trustStorePassword;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
ResourceAllocationException {
if (getListAll()) {
// return the existing conf
LdapListConfigurationCmd listConfigurationCmd = new LdapListConfigurationCmd(_ldapManager);
Pair<List<? extends LdapConfigurationVO>, Integer> result = _ldapManager.listConfigurations(listConfigurationCmd);
ListResponse<LDAPConfigResponse> response = new ListResponse<LDAPConfigResponse>();
List<LDAPConfigResponse> responses = new ArrayList<LDAPConfigResponse>();
if (result.second() > 0) {
boolean useSSlConfig = _ldapConfiguration.getSSLStatus();
String searchBaseConfig = _ldapConfiguration.getBaseDn();
String bindDnConfig = _ldapConfiguration.getBindPrincipal();
for (LdapConfigurationVO ldapConfigurationVO : result.first()) {
responses.add(createLDAPConfigResponse(ldapConfigurationVO.getHostname(), ldapConfigurationVO.getPort(), useSSlConfig, null, searchBaseConfig,
bindDnConfig));
}
}
response.setResponses(responses);
response.setResponseName(getCommandName());
setResponseObject(response);
} else if (getHostname() == null || getPort() == null) {
throw new InvalidParameterValueException("You need to provide hostname, port to configure your LDAP server");
} else {
boolean result = updateLDAP();
if (result) {
LDAPConfigResponse lr = createLDAPConfigResponse(getHostname(), getPort(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
lr.setResponseName(getCommandName());
setResponseObject(lr);
}
}
}
private LDAPConfigResponse createLDAPConfigResponse(String hostname, Integer port, Boolean useSSL, String queryFilter, String searchBase, String bindDN) {
LDAPConfigResponse lr = new LDAPConfigResponse();
lr.setHostname(hostname);
lr.setPort(port.toString());
lr.setUseSSL(useSSL.toString());
lr.setQueryFilter(queryFilter);
lr.setBindDN(bindDN);
lr.setSearchBase(searchBase);
lr.setObjectName("ldapconfig");
return lr;
}
private boolean updateLDAP() {
_ldapManager.addConfiguration(hostname, port);
/**
* There is no query filter now. It is derived from ldap.user.object and ldap.search.group.principle
*/
// ConfigurationVO cvo = _configDao.findByName(LDAPParams.queryfilter.toString());
// _configDao.update(cvo.getName(),cvo.getCategory(),getQueryFilter());
ConfigurationVO cvo = _configDao.findByName("ldap.basedn");
_configDao.update(cvo.getName(), cvo.getCategory(), getSearchBase());
/**
* There is no ssl now. it is derived from the presence of trust store and password
*/
// cvo = _configDao.findByName(LDAPParams.usessl.toString());
// _configDao.update(cvo.getName(),cvo.getCategory(),getUseSSL().toString());
cvo = _configDao.findByName("ldap.bind.principal");
_configDao.update(cvo.getName(), cvo.getCategory(), getBindDN());
cvo = _configDao.findByName("ldap.bind.password");
_configDao.update(cvo.getName(), cvo.getCategory(), getBindPassword());
cvo = _configDao.findByName("ldap.truststore");
_configDao.update(cvo.getName(), cvo.getCategory(), getTrustStore());
cvo = _configDao.findByName("ldap.truststore.password");
_configDao.update(cvo.getName(), cvo.getCategory(), getTrustStorePassword());
return true;
}
private List<? extends LdapConfigurationVO> listLDAPConfig() {
LdapListConfigurationCmd listConfigurationCmd = new LdapListConfigurationCmd(_ldapManager);
Pair<List<? extends LdapConfigurationVO>, Integer> result = _ldapManager.listConfigurations(listConfigurationCmd);
return result.first();
}
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM;
}
}