Yair Zaslavsky has posted comments on this change. Change subject: [WIP] Add LDAP directory ......................................................................
Patch Set 3: (5 comments) Some first comments, I have more questions about the TLS/SSL code - not sure I fully understand it, can you please elaborate in email and/or at the patches? For example I did not fully understand why you use ASM. In addition, how will multiple domains be supported? shall i place several conf files at the auth.d directory? .................................................... File backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/ldap/LdapDirectory.java Line 19: import org.ovirt.engine.core.common.utils.ExternalId; Line 20: import org.slf4j.Logger; Line 21: import org.slf4j.LoggerFactory; Line 22: Line 23: public class LdapDirectory implements Directory { what about the rootDSE query that we use in the code? the scope for it is object_scope - how are we going to handle it? what method are you going to expose for it, and how is it going to interact with the code? Line 24: private static final Logger log = LoggerFactory.getLogger(LdapDirectory.class); Line 25: Line 26: /** Line 27: * The name of the directory. Line 70: controls.setSearchScope(SearchControls.SUBTREE_SCOPE); Line 71: Line 72: NamingEnumeration<SearchResult> results = null; Line 73: try { Line 74: results = ctx.search(base, "(uid=" + uid + ")", controls); arent thee queries should be based on provider specific attributes? uid is not always valid, IIRC. Line 75: if (results.hasMore()) { Line 76: SearchResult result = results.next(); Line 77: return mapUser(result.getAttributes()); Line 78: } Line 145: @Override Line 146: public List<DirectoryUser> findUsers(List<ExternalId> ids) { Line 147: List<DirectoryUser> result = new ArrayList<>(ids.size()); Line 148: for (ExternalId id : ids) { Line 149: DirectoryUser user = findUser(id); why not create an ldap query with OR on all the ids? (|(uid=id1)(uid=id2)..... ) Line 150: if (user != null) { Line 151: result.add(user); Line 152: } Line 153: } Line 188: // Create the LDAP context: Line 189: ctx = contextFactory.create(); Line 190: Line 191: // Do the search: Line 192: SearchControls controls = new SearchControls(); In general I assume this can be refactored as I see that it's repeating itself in the code (creating search controls + setting the subtree scope + going over the result) Line 193: controls.setSearchScope(SearchControls.SUBTREE_SCOPE); Line 194: Line 195: NamingEnumeration<SearchResult> results = null; Line 196: try { Line 230: } Line 231: Line 232: private DirectoryUser mapUser(Attributes attr) throws NamingException { Line 233: // Get the basic attribures: Line 234: String uid = (String) attr.get("uid").get(); always correct for all ldap providers we encountered so far? Line 235: ExternalId id = new ExternalId(uid.getBytes()); Line 236: Line 237: // Create the user with the basic attributes: Line 238: DirectoryUser user = new DirectoryUser(this, id, uid); -- To view, visit http://gerrit.ovirt.org/22386 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia8d1883145a86a4f338cd17f2d36c150e67ab653 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches