Yair Zaslavsky has uploaded a new change for review.
Change subject: core, tools: Supporting change password Url presentation
......................................................................
core, tools: Supporting change password Url presentation
The following patch introduces a new ability - in case of
password expireation, the user will see besides the message
that the password expired a link to a web-based system that will
allow him changing his password (this is an external system to oVirt,
such as IPA).
In order to set these URLs, a new optional parameter was introduced to
manage-domains, named changePasswordUrl
Change-Id: I8eb0f858e26bdefffe526623d025fac47791711e
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
M packaging/bin/engine-manage-domains.sh
M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
14 files changed, 133 insertions(+), 31 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/50/23250/1
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
index ac37708..44c2cc5 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
@@ -4,7 +4,6 @@
import java.util.List;
import org.ovirt.engine.core.authentication.AuthenticationResult;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
public class NopAuthenticationResult extends AuthenticationResult<Object> {
@@ -18,7 +17,7 @@
}
@Override
- public List<VdcBllMessages> resolveMessage() {
+ public List<String> resolveMessage() {
return Collections.emptyList();
}
}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
index 7c3c291..8468545 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
@@ -4,7 +4,6 @@
import java.util.List;
import org.ovirt.engine.core.authentication.AuthenticationResult;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
public class BooleanAuthenticationResult extends AuthenticationResult<Boolean>
{
@@ -18,7 +17,7 @@
}
@Override
- public List<VdcBllMessages> resolveMessage() {
+ public List<String> resolveMessage() {
return Collections.emptyList();
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
index 2081bcb..5235d61 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
@@ -1,15 +1,41 @@
package org.ovirt.engine.core.authentication.provisional;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import org.ovirt.engine.core.authentication.AuthenticationResult;
import org.ovirt.engine.core.bll.adbroker.UserAuthenticationResult;
+import org.ovirt.engine.core.common.config.Config;
+import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.common.errors.VdcBllMessages;
public class ProvisionalAuthenticationResult extends
AuthenticationResult<UserAuthenticationResult> {
- public ProvisionalAuthenticationResult(UserAuthenticationResult
detailedInfo) {
+
+ private static Map<String, String> passwordChangeUrlsPerDomain = null;
+ private String domain;
+
+ public ProvisionalAuthenticationResult(String domain,
UserAuthenticationResult detailedInfo) {
super(detailedInfo);
+ // Assumption - loading of provisional authenticators is done in
serial way
+ // no need to double check pattern
+ if (passwordChangeUrlsPerDomain == null) {
+ passwordChangeUrlsPerDomain = new HashMap<String, String>();
+ String changePasswordUrl = Config.<String>
getValue(ConfigValues.ChangePasswordUrl);
+ String[] pairs = changePasswordUrl.split(",");
+ for (String pair : pairs) {
+ // Split the pair in such a way that if the URL contains :, it
will not be split to strings
+ String[] pairParts = pair.split(":", 2);
+ if (pairParts.length >= 2) {
+ passwordChangeUrlsPerDomain.put(pairParts[0],
pairParts[1]);
+ }
+ }
+ }
+ this.domain = domain;
+
}
@Override
@@ -18,8 +44,25 @@
}
@Override
- public List<VdcBllMessages> resolveMessage() {
- return detailedInfo.getErrorMessages();
+ public List<String> resolveMessage() {
+ Iterator<VdcBllMessages> it =
detailedInfo.getErrorMessages().iterator();
+ List<String> result = new ArrayList<>();
+ while (it.hasNext()) {
+ VdcBllMessages current = it.next();
+ if (current == VdcBllMessages.USER_PASSWORD_EXPIRED) {
+ String passwordChangeUrl =
passwordChangeUrlsPerDomain.get(domain);
+ if (passwordChangeUrl != null) {
+
result.add(VdcBllMessages.USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED.name());
+ result.add(String.format("$URL %1$s", passwordChangeUrl));
+ } else {
+ result.add(current.name());
+ }
+ } else {
+ result.add(current.name());
+
+ }
+ }
+ return result;
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
index 2a4e3a8..a78d969 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
@@ -1,5 +1,7 @@
package org.ovirt.engine.core.authentication.provisional;
+import java.util.Map;
+
import org.ovirt.engine.core.authentication.AuthenticationResult;
import org.ovirt.engine.core.authentication.PasswordAuthenticator;
import org.ovirt.engine.core.bll.adbroker.AdActionType;
@@ -18,6 +20,8 @@
* The name of the domain.
*/
private String domain;
+
+ private static Map<String, String> passwordChangeUrlsPerDomain = null;
/**
* The reference to the LDAP broker that implements the authentication.
@@ -39,6 +43,6 @@
new LdapUserPasswordBaseParameters(domain, name, password)
);
UserAuthenticationResult authResult = (UserAuthenticationResult)
ldapResult.getReturnValue();
- return new ProvisionalAuthenticationResult(authResult);
+ return new ProvisionalAuthenticationResult(domain, authResult);
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
index 352710a..5a8112f 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
@@ -144,8 +144,8 @@
loginName,
profileName
);
- for (VdcBllMessages msg : result.resolveMessage()) {
- addCanDoActionMessage(msg);
+ for (String msg : result.resolveMessage()) {
+ getReturnValue().getCanDoActionMessages().add(msg);
}
return false;
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
index f29ba91..8e0ef10 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
@@ -2,8 +2,6 @@
import java.util.List;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
-
/**
* This class represents a result returned by an Authenticator
*/
@@ -33,5 +31,5 @@
* Resolves the detailed information into VdcBll messages
* @return
*/
- public abstract List<VdcBllMessages> resolveMessage();
+ public abstract List<String> resolveMessage();
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
index 73502bd..c6081ea 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
@@ -1586,5 +1586,9 @@
@DefaultValueAttribute("10")
MaxNumOfTriesToRunFailedAutoStartVm,
+ @TypeConverterAttribute(String.class)
+ @DefaultValueAttribute("")
+ ChangePasswordUrl,
+
Invalid;
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
index 9a96f64..adc09a8 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
@@ -381,6 +381,7 @@
USER_FAILED_TO_AUTHENTICATE(ErrorType.NO_AUTHENTICATION),
USER_FAILED_TO_AUTHENTICATE_KERBEROS_ERROR(ErrorType.NO_AUTHENTICATION),
USER_PASSWORD_EXPIRED(ErrorType.NO_AUTHENTICATION),
+ USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED(ErrorType.NO_AUTHENTICATION),
USER_ACCOUNT_DISABLED(ErrorType.NO_AUTHENTICATION),
USER_PERMISSION_DENIED(ErrorType.NO_AUTHENTICATION),
USER_MUST_EXIST_IN_DB(ErrorType.NO_AUTHENTICATION),
diff --git
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
index 5c584a2..24aea03 100644
---
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
+++
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
@@ -913,6 +913,7 @@
#Suspected (not in use?)
USER_PASSWORD_EXPIRED=Cannot Login. User Password has expired, Please change
your password.
+USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED=Cannot Login. User Password has
expired. Use the following URL to change the password: ${URL}
USER_CANNOT_LOGIN_DOMAIN_NOT_SUPPORTED=Cannot Login. The Domain provided is
not configured, please contact your system administrator.
VM_POOL_CANNOT_DECREASE_VMS_FROM_POOL=Cannot decrease VMs from VM-Pool.
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
index 314a43c..f519f6c 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
@@ -3,12 +3,12 @@
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserId;
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserName;
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserPassword;
+import static
org.ovirt.engine.core.common.config.ConfigValues.ChangePasswordUrl;
import static org.ovirt.engine.core.common.config.ConfigValues.DomainName;
import static
org.ovirt.engine.core.common.config.ConfigValues.LDAPProviderTypes;
import static
org.ovirt.engine.core.common.config.ConfigValues.LDAPSecurityAuthentication;
-import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers;
import static org.ovirt.engine.core.common.config.ConfigValues.LDAPServerPort;
-
+import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers;
import java.io.BufferedWriter;
import java.io.File;
@@ -34,7 +34,7 @@
String adUserId,
String ldapProviderTypes,
String engineConfigExecutable,
- String engineConfigProperties, String ldapServerPort) {
+ String engineConfigProperties, String ldapServerPort, String
passwordChangeUrls) {
super();
configVals.put(AdUserName, adUserName);
configVals.put(AdUserPassword, adUserPassword);
@@ -44,6 +44,7 @@
configVals.put(AdUserId, adUserId);
configVals.put(LDAPProviderTypes, ldapProviderTypes);
configVals.put(LDAPServerPort, ldapServerPort);
+ configVals.put(ChangePasswordUrl, passwordChangeUrls);
this.engineConfigExecutable = engineConfigExecutable;
this.engineConfigProperties = engineConfigProperties;
}
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
index a8d57f5..bf5c4c7 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
@@ -97,6 +97,7 @@
provider,
forceDelete,
ldapServers,
+ changePasswordUrl,
}
public enum ActionType {
@@ -251,6 +252,11 @@
if (ldapPort == null) {
ldapPort = DEFAULT_LDAP_SERVER_PORT;
}
+ String changePasswordUrl =
+ getConfigValue(engineConfigExecutable,
engineConfigProperties, ConfigValues.ChangePasswordUrl);
+ if (changePasswordUrl == null) {
+ changePasswordUrl = "";
+ }
configurationProvider =
new ConfigurationProvider(adUserName,
@@ -261,7 +267,7 @@
adUserId,
ldapProviderTypes,
utilityConfiguration.getEngineConfigExecutablePath(),
- engineConfigProperties, ldapPort);
+ engineConfigProperties, ldapPort,
changePasswordUrl);
} catch (Throwable e) {
throw new
ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION,
e.getMessage());
@@ -333,6 +339,21 @@
sb.append(" " + t.name() + "\n");
}
throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
sb.toString());
+ }
+
+ protected String getChangePasswordUrl(CLIParser parser) throws
ManageDomainsResult {
+ String changePasswordUrl =
parser.getArg(Arguments.changePasswordUrl.name());
+ if (StringUtils.isEmpty(changePasswordUrl)) {
+ throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
+ "Password change URL must not be empty");
+ }
+ try {
+ URL url = new URL(changePasswordUrl);
+ } catch (MalformedURLException e) {
+ throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
+ "The provided string for Password change URL is not a
valid URL");
+ }
+ return changePasswordUrl;
}
private String getPasswordInput(CLIParser parser) throws
ManageDomainsResult {
@@ -498,6 +519,7 @@
List<String> ldapServers = getLdapServers(parser, domainName);
validateKdcServers(authMode, domainName);
domainNameEntry.setValueForDomain(domainName, null);
+ String changePasswordUrl = getChangePasswordUrl(parser);
String currentAdUserNameEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserName);
String currentAdUserPasswordEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserPassword);
@@ -506,6 +528,7 @@
String currentAdUserIdEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String currentLDAPProviderTypes =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
String ldapServerPort =
configurationProvider.getConfigValue(ConfigValues.LDAPServerPort);
+ String currentChangePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
new DomainsConfigurationEntry(currentAdUserNameEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
@@ -519,6 +542,9 @@
new DomainsConfigurationEntry(currentAdUserIdEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
DomainsConfigurationEntry ldapProviderTypesEntry =
new DomainsConfigurationEntry(currentLDAPProviderTypes,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePasswordUrlEntry =
+ new DomainsConfigurationEntry(currentChangePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
LdapProviderType ldapProviderType = getLdapProviderType(parser);
adUserNameEntry.setValueForDomain(domainName, userName);
@@ -526,6 +552,8 @@
authModeEntry.setValueForDomain(domainName, authMode);
ldapProviderTypesEntry.setValueForDomain(domainName,
ldapProviderType.name());
setLdapServersPerDomain(domainName, ldapServersEntry,
StringUtils.join(ldapServers, ","));
+ changePasswordUrlEntry.setValueForDomain(domainName,
changePasswordUrl);
+
testConfiguration(domainName,
@@ -550,7 +578,7 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypesEntry);
+ ldapProviderTypesEntry, changePasswordUrlEntry);
printSuccessMessage(domainName, "added");
}
@@ -627,6 +655,7 @@
String currentAdUserIdEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String currentLdapProviderTypeEntry =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
String ldapServerPort =
configurationProvider.getConfigValue(ConfigValues.LDAPServerPort);
+ String currentChangePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
@@ -639,6 +668,9 @@
new DomainsConfigurationEntry(currentAdUserIdEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
DomainsConfigurationEntry ldapProviderTypeEntry =
new DomainsConfigurationEntry(currentLdapProviderTypeEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePaswordUrlEntry =
+ new DomainsConfigurationEntry(currentChangePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
if (userName != null) {
adUserNameEntry.setValueForDomain(domainName, userName);
@@ -663,6 +695,9 @@
if (ldapProviderType != null) {
ldapProviderTypeEntry.setValueForDomain(domainName,
ldapProviderType.name());
}
+ if (parser.hasArg(Arguments.changePasswordUrl.name())) {
+ changePaswordUrlEntry.setValueForDomain(domainName,
getChangePasswordUrl(parser));
+ }
testConfiguration(domainName,
domainNameEntry,
@@ -685,7 +720,8 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypeEntry);
+ ldapProviderTypeEntry,
+ changePaswordUrlEntry);
printSuccessMessage(domainName, "edited");
}
@@ -930,7 +966,8 @@
DomainsConfigurationEntry authModeEntry,
DomainsConfigurationEntry ldapServersEntry,
DomainsConfigurationEntry adUserIdEntry,
- DomainsConfigurationEntry ldapProviderTypeEntry) throws
ManageDomainsResult {
+ DomainsConfigurationEntry ldapProviderTypeEntry,
DomainsConfigurationEntry changePasswordUrlEntry)
+ throws ManageDomainsResult {
// Update the configuration
configurationProvider.setConfigValue(ConfigValues.AdUserName,
adUserNameEntry);
@@ -952,6 +989,8 @@
configurationProvider.setConfigValue(ConfigValues.LDAPProviderTypes,
ldapProviderTypeEntry);
+
+ configurationProvider.setConfigValue(ConfigValues.ChangePasswordUrl,
changePasswordUrlEntry);
}
public void deleteDomain(String domainName, boolean forceDelete) throws
ManageDomainsResult {
@@ -983,6 +1022,7 @@
String currentLdapServersEntry =
configurationProvider.getConfigValue(ConfigValues.LdapServers);
String currentAdUserId =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String ldapProviderType =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
+ String changePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
new DomainsConfigurationEntry(currentAdUserNameEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
@@ -997,12 +1037,16 @@
DomainsConfigurationEntry ldapProviderTypeEntry =
new DomainsConfigurationEntry(ldapProviderType,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePasswordUrlEntry =
+ new DomainsConfigurationEntry(changePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
adUserNameEntry.removeValueForDomain(domainName);
adUserIdEntry.removeValueForDomain(domainName);
adUserPasswordEntry.removeValueForDomain(domainName);
authModeEntry.removeValueForDomain(domainName);
ldapServersEntry.removeValueForDomain(domainName);
ldapProviderTypeEntry.removeValueForDomain(domainName);
+ changePasswordUrlEntry.removeValueForDomain(domainName);
// Update the configuration
setConfigurationEntries(domainNameEntry,
@@ -1011,7 +1055,7 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypeEntry);
+ ldapProviderTypeEntry, changePasswordUrlEntry);
System.out.println(String.format(DELETE_DOMAIN_SUCCESS, domainName));
}
diff --git
a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
index 51800c4..3b0f89c 100644
---
a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
+++
b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
@@ -2474,10 +2474,12 @@
@DefaultStringValue("Cannot disable VirtIO-SCSI when disks with a
VirtIO-SCSI interface are plugged into the VM.")
String CANNOT_DISABLE_VIRTIO_SCSI_PLUGGED_DISKS();
- // Suspected (not in use?)
@DefaultStringValue("Cannot Login. User Password has expired, Please
change your password.")
String USER_PASSWORD_EXPIRED();
+ @DefaultStringValue("Cannot Login. User Password has expired. Use the
following URL to change the password: ${URL}")
+ String USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED();
+
@DefaultStringValue("Cannot Login. The Domain provided is not configured,
please contact your system administrator.")
String USER_CANNOT_LOGIN_DOMAIN_NOT_SUPPORTED();
diff --git a/packaging/bin/engine-manage-domains.sh
b/packaging/bin/engine-manage-domains.sh
index 7eb920e..5984a2d 100755
--- a/packaging/bin/engine-manage-domains.sh
+++ b/packaging/bin/engine-manage-domains.sh
@@ -11,16 +11,17 @@
cat << __EOF__
engine-manage-domains: add/edit/delete/validate/list domains
USAGE:
- engine-manage-domains -action=ACTION [-domain=DOMAIN
-provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive
-configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS] -report
+ engine-manage-domains -action=ACTION [-domain=DOMAIN
-provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive
-configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS
-changePasswordUrl] -report
Where:
- ACTION action to perform (add/edit/delete/validate/list).
See details below.
- DOMAIN (mandatory for add, edit and delete) the domain you
wish to perform the action on.
- PROVIDER (mandatory for add, optional for edit) the LDAP
provider type of server used for the domain. Among the supported providers IPA,
RHDS, ITDS, ActiveDirectory and OpenLDAP.
- USER (optional for edit, mandatory for add) the domain
user.
- PASSWORD_FILE (optional for edit, mandatory for add) a file
containing the password in the first line.
- interactive alternative for using -passwordFile - read the
password interactively.
- PATH (optional) use the given alternate configuration
file.
- LDAP_SERVERS (optional) a comma delimited list of LDAP servers
to be set to the domain.
+ ACTION action to perform
(add/edit/delete/validate/list). See details below.
+ DOMAIN (mandatory for add, edit and delete) the domain
you wish to perform the action on.
+ PROVIDER (mandatory for add, optional for edit) the LDAP
provider type of server used for the domain. Among the supported providers IPA,
RHDS, ITDS, ActiveDirectory and OpenLDAP.
+ USER (optional for edit, mandatory for add) the
domain user.
+ PASSWORD_FILE (optional for edit, mandatory for add) a file
containing the password in the first line.
+ interactive alternative for using -passwordFile - read the
password interactively.
+ PATH (optional) use the given alternate
configuration file.
+ LDAP_SERVERS (optional) a comma delimited list of LDAP
servers to be set to the domain.
+ CHANGE_PASSWORD_URL (optional) a URL to be returned to the user in
case
Available actions:
add
@@ -100,6 +101,7 @@
LdapServers=
LDAPProviderTypes=
LDAPServerPort=
+ChangePasswordUrl=
__EOF__
#
diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
index 07dcfa9..e7d8b06 100644
--- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
+++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
@@ -609,6 +609,10 @@
select fn_db_add_config_value('EnableVdsHaReservation','true','general');
select
fn_db_add_config_value('VdsHaReservationIntervalInMinutes','5','general');
+--Password URL change
+select fn_db_add_config_value('ChangePasswordUrl','','general');
+
+
------------------------------------------------------------------------------------
-- Update with override section
------------------------------------------------------------------------------------
--
To view, visit http://gerrit.ovirt.org/23250
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8eb0f858e26bdefffe526623d025fac47791711e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
