Yair Zaslavsky has uploaded a new change for review.
Change subject: 1. core, tools: Supporting change password Url presentation
......................................................................
1. core, tools: Supporting change password Url presentation
This patch adds the ability for the admin to configure for each
authentication domain a url which will be shown on login attempts
failing due to password expiration.
This allows providing the users with a link to a web page allowing to
change their expired password.
In order to set these URLs, a new optional parameter was introduced to
manage-domains, named changePasswordUrl.
Change-Id: I8eb0f858e26bdefffe526623d025fac47791711e
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
M packaging/bin/engine-manage-domains.sh
M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
5 files changed, 87 insertions(+), 17 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/19/23619/1
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
index 5ad83c0..efa776e 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
@@ -1618,5 +1618,12 @@
@DefaultValueAttribute("0")
DefaultMaximumMigrationDowntime,
+ @TypeConverterAttribute(Map.class)
+ @DefaultValueAttribute("{\"x86_64\":\"true\",\"ppc64\":\"false\"}")
+ HotPlugCpuSupported,
+ @TypeConverterAttribute(String.class)
+ @DefaultValueAttribute("")
+ ChangePasswordUrl,
+
Invalid;
}
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
index 314a43c..f519f6c 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
@@ -3,12 +3,12 @@
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserId;
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserName;
import static org.ovirt.engine.core.common.config.ConfigValues.AdUserPassword;
+import static
org.ovirt.engine.core.common.config.ConfigValues.ChangePasswordUrl;
import static org.ovirt.engine.core.common.config.ConfigValues.DomainName;
import static
org.ovirt.engine.core.common.config.ConfigValues.LDAPProviderTypes;
import static
org.ovirt.engine.core.common.config.ConfigValues.LDAPSecurityAuthentication;
-import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers;
import static org.ovirt.engine.core.common.config.ConfigValues.LDAPServerPort;
-
+import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers;
import java.io.BufferedWriter;
import java.io.File;
@@ -34,7 +34,7 @@
String adUserId,
String ldapProviderTypes,
String engineConfigExecutable,
- String engineConfigProperties, String ldapServerPort) {
+ String engineConfigProperties, String ldapServerPort, String
passwordChangeUrls) {
super();
configVals.put(AdUserName, adUserName);
configVals.put(AdUserPassword, adUserPassword);
@@ -44,6 +44,7 @@
configVals.put(AdUserId, adUserId);
configVals.put(LDAPProviderTypes, ldapProviderTypes);
configVals.put(LDAPServerPort, ldapServerPort);
+ configVals.put(ChangePasswordUrl, passwordChangeUrls);
this.engineConfigExecutable = engineConfigExecutable;
this.engineConfigProperties = engineConfigProperties;
}
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
index a8d57f5..3af3b9f 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
@@ -79,6 +79,7 @@
private boolean reportAllErrors;
private boolean addPermissions;
private boolean useDnsLookup;
+ private boolean changePasswordUrl;
private final static Logger log = Logger.getLogger(ManageDomains.class);
private static final String DEFAULT_LDAP_SERVER_PORT = "389";
@@ -97,6 +98,7 @@
provider,
forceDelete,
ldapServers,
+ changePasswordUrl,
}
public enum ActionType {
@@ -195,6 +197,9 @@
if (parser.hasArg(Arguments.addPermissions.name())) {
util.addPermissions = true;
}
+ if (parser.hasArg(Arguments.changePasswordUrl.name())) {
+ util.changePasswordUrl = true;
+ }
try {
// it's existence is checked during the parser validation
@@ -251,6 +256,11 @@
if (ldapPort == null) {
ldapPort = DEFAULT_LDAP_SERVER_PORT;
}
+ String changePasswordUrl =
+ getConfigValue(engineConfigExecutable,
engineConfigProperties, ConfigValues.ChangePasswordUrl);
+ if (changePasswordUrl == null) {
+ changePasswordUrl = "";
+ }
configurationProvider =
new ConfigurationProvider(adUserName,
@@ -261,7 +271,7 @@
adUserId,
ldapProviderTypes,
utilityConfiguration.getEngineConfigExecutablePath(),
- engineConfigProperties, ldapPort);
+ engineConfigProperties, ldapPort,
changePasswordUrl);
} catch (Throwable e) {
throw new
ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION,
e.getMessage());
@@ -333,6 +343,26 @@
sb.append(" " + t.name() + "\n");
}
throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
sb.toString());
+ }
+
+ protected String getChangePasswordUrl(CLIParser parser) throws
ManageDomainsResult {
+ if (!changePasswordUrl) {
+ return null;
+ }
+
+ String changePasswordUrl =
parser.getArg(Arguments.changePasswordUrl.name());
+ if (StringUtils.isEmpty(changePasswordUrl)) {
+ throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
+ "Password change URL must not be empty");
+ }
+ try {
+ URL url = new URL(changePasswordUrl);
+ log.debug("Validated that " + url + " is in correct format");
+ } catch (MalformedURLException e) {
+ throw new
ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND,
+ "The provided string for Password change URL is not a
valid URL");
+ }
+ return changePasswordUrl;
}
private String getPasswordInput(CLIParser parser) throws
ManageDomainsResult {
@@ -498,6 +528,7 @@
List<String> ldapServers = getLdapServers(parser, domainName);
validateKdcServers(authMode, domainName);
domainNameEntry.setValueForDomain(domainName, null);
+ String changePasswordUrlStr = getChangePasswordUrl(parser);
String currentAdUserNameEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserName);
String currentAdUserPasswordEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserPassword);
@@ -506,6 +537,7 @@
String currentAdUserIdEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String currentLDAPProviderTypes =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
String ldapServerPort =
configurationProvider.getConfigValue(ConfigValues.LDAPServerPort);
+ String currentChangePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
new DomainsConfigurationEntry(currentAdUserNameEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
@@ -519,6 +551,9 @@
new DomainsConfigurationEntry(currentAdUserIdEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
DomainsConfigurationEntry ldapProviderTypesEntry =
new DomainsConfigurationEntry(currentLDAPProviderTypes,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePasswordUrlEntry =
+ new DomainsConfigurationEntry(currentChangePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
LdapProviderType ldapProviderType = getLdapProviderType(parser);
adUserNameEntry.setValueForDomain(domainName, userName);
@@ -526,6 +561,10 @@
authModeEntry.setValueForDomain(domainName, authMode);
ldapProviderTypesEntry.setValueForDomain(domainName,
ldapProviderType.name());
setLdapServersPerDomain(domainName, ldapServersEntry,
StringUtils.join(ldapServers, ","));
+ if (changePasswordUrl) {
+ changePasswordUrlEntry.setValueForDomain(domainName,
changePasswordUrlStr);
+ }
+
testConfiguration(domainName,
@@ -550,7 +589,7 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypesEntry);
+ ldapProviderTypesEntry, changePasswordUrlEntry);
printSuccessMessage(domainName, "added");
}
@@ -605,6 +644,7 @@
}
public void editDomain(CLIParser parser) throws ManageDomainsResult {
+ System.out.println("editting domain");
String authMode;
String domainName =
parser.getArg(Arguments.domain.toString()).toLowerCase();
authMode = getDomainAuthMode(domainName);
@@ -627,6 +667,7 @@
String currentAdUserIdEntry =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String currentLdapProviderTypeEntry =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
String ldapServerPort =
configurationProvider.getConfigValue(ConfigValues.LDAPServerPort);
+ String currentChangePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
@@ -639,6 +680,9 @@
new DomainsConfigurationEntry(currentAdUserIdEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
DomainsConfigurationEntry ldapProviderTypeEntry =
new DomainsConfigurationEntry(currentLdapProviderTypeEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePaswordUrlEntry =
+ new DomainsConfigurationEntry(currentChangePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
if (userName != null) {
adUserNameEntry.setValueForDomain(domainName, userName);
@@ -663,6 +707,9 @@
if (ldapProviderType != null) {
ldapProviderTypeEntry.setValueForDomain(domainName,
ldapProviderType.name());
}
+ if (parser.hasArg(Arguments.changePasswordUrl.name())) {
+ changePaswordUrlEntry.setValueForDomain(domainName,
getChangePasswordUrl(parser));
+ }
testConfiguration(domainName,
domainNameEntry,
@@ -685,7 +732,8 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypeEntry);
+ ldapProviderTypeEntry,
+ changePaswordUrlEntry);
printSuccessMessage(domainName, "edited");
}
@@ -930,7 +978,8 @@
DomainsConfigurationEntry authModeEntry,
DomainsConfigurationEntry ldapServersEntry,
DomainsConfigurationEntry adUserIdEntry,
- DomainsConfigurationEntry ldapProviderTypeEntry) throws
ManageDomainsResult {
+ DomainsConfigurationEntry ldapProviderTypeEntry,
DomainsConfigurationEntry changePasswordUrlEntry)
+ throws ManageDomainsResult {
// Update the configuration
configurationProvider.setConfigValue(ConfigValues.AdUserName,
adUserNameEntry);
@@ -952,6 +1001,10 @@
configurationProvider.setConfigValue(ConfigValues.LDAPProviderTypes,
ldapProviderTypeEntry);
+
+ if (changePasswordUrl) {
+
configurationProvider.setConfigValue(ConfigValues.ChangePasswordUrl,
changePasswordUrlEntry);
+ }
}
public void deleteDomain(String domainName, boolean forceDelete) throws
ManageDomainsResult {
@@ -983,6 +1036,7 @@
String currentLdapServersEntry =
configurationProvider.getConfigValue(ConfigValues.LdapServers);
String currentAdUserId =
configurationProvider.getConfigValue(ConfigValues.AdUserId);
String ldapProviderType =
configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes);
+ String changePasswordUrl =
configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl);
DomainsConfigurationEntry adUserNameEntry =
new DomainsConfigurationEntry(currentAdUserNameEntry,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
@@ -997,12 +1051,16 @@
DomainsConfigurationEntry ldapProviderTypeEntry =
new DomainsConfigurationEntry(ldapProviderType,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+ DomainsConfigurationEntry changePasswordUrlEntry =
+ new DomainsConfigurationEntry(changePasswordUrl,
DOMAIN_SEPERATOR, VALUE_SEPERATOR);
+
adUserNameEntry.removeValueForDomain(domainName);
adUserIdEntry.removeValueForDomain(domainName);
adUserPasswordEntry.removeValueForDomain(domainName);
authModeEntry.removeValueForDomain(domainName);
ldapServersEntry.removeValueForDomain(domainName);
ldapProviderTypeEntry.removeValueForDomain(domainName);
+ changePasswordUrlEntry.removeValueForDomain(domainName);
// Update the configuration
setConfigurationEntries(domainNameEntry,
@@ -1011,7 +1069,7 @@
authModeEntry,
ldapServersEntry,
adUserIdEntry,
- ldapProviderTypeEntry);
+ ldapProviderTypeEntry, changePasswordUrlEntry);
System.out.println(String.format(DELETE_DOMAIN_SUCCESS, domainName));
}
diff --git a/packaging/bin/engine-manage-domains.sh
b/packaging/bin/engine-manage-domains.sh
index 7eb920e..bc895a4 100755
--- a/packaging/bin/engine-manage-domains.sh
+++ b/packaging/bin/engine-manage-domains.sh
@@ -11,16 +11,17 @@
cat << __EOF__
engine-manage-domains: add/edit/delete/validate/list domains
USAGE:
- engine-manage-domains -action=ACTION [-domain=DOMAIN
-provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive
-configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS] -report
+ engine-manage-domains -action=ACTION [-domain=DOMAIN
-provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive
-configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS
-changePasswordUrl] -report
Where:
- ACTION action to perform (add/edit/delete/validate/list).
See details below.
- DOMAIN (mandatory for add, edit and delete) the domain you
wish to perform the action on.
- PROVIDER (mandatory for add, optional for edit) the LDAP
provider type of server used for the domain. Among the supported providers IPA,
RHDS, ITDS, ActiveDirectory and OpenLDAP.
- USER (optional for edit, mandatory for add) the domain
user.
- PASSWORD_FILE (optional for edit, mandatory for add) a file
containing the password in the first line.
- interactive alternative for using -passwordFile - read the
password interactively.
- PATH (optional) use the given alternate configuration
file.
- LDAP_SERVERS (optional) a comma delimited list of LDAP servers
to be set to the domain.
+ ACTION action to perform
(add/edit/delete/validate/list). See details below.
+ DOMAIN (mandatory for add, edit and delete) the domain
you wish to perform the action on.
+ PROVIDER (mandatory for add, optional for edit) the LDAP
provider type of server used for the domain. Among the supported providers IPA,
RHDS, ITDS, ActiveDirectory and OpenLDAP.
+ USER (optional for edit, mandatory for add) the
domain user.
+ PASSWORD_FILE (optional for edit, mandatory for add) a file
containing the password in the first line.
+ interactive alternative for using -passwordFile - read the
password interactively.
+ PATH (optional) use the given alternate
configuration file.
+ LDAP_SERVERS (optional) a comma delimited list of LDAP
servers to be set to the domain.
+ CHANGE_PASSWORD_URL (optional) a URL to be returned to the user in
case the password has expired.
Available actions:
add
@@ -100,6 +101,7 @@
LdapServers=
LDAPProviderTypes=
LDAPServerPort=
+ChangePasswordUrl=
__EOF__
#
diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
index a21dd45..b9cf99e 100644
--- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
+++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
@@ -610,6 +610,8 @@
select
fn_db_add_config_value('VdsHaReservationIntervalInMinutes','5','general');
select fn_db_add_config_value('DefaultMaximumMigrationDowntime','0','general');
+--Password URL change
+select fn_db_add_config_value('ChangePasswordUrl','','general');
------------------------------------------------------------------------------------
-- Update with override section
--
To view, visit http://gerrit.ovirt.org/23619
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8eb0f858e26bdefffe526623d025fac47791711e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.4
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
