Yair Zaslavsky has uploaded a new change for review.
Change subject: aaa: Fix group population for legacy provider
......................................................................
aaa: Fix group population for legacy provider
Legacy provider did not populate groups for added users
in a correct way.
Change-Id: Id1066170758ecddd296b6f253c5bd386cea22008
Topic: AAA
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java
M
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapBrokerCommandBase.java
M
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchByQueryParameters.java
M
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchUserByQueryCommand.java
4 files changed, 29 insertions(+), 11 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/28/32728/1
diff --git
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java
index 01a5758..6931c0d 100644
---
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java
+++
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java
@@ -93,6 +93,7 @@
null,
getDirectoryName(),
queryData,
+ false,
false)
);
List<LdapGroup> ldapGroups = (List<LdapGroup>)
ldapResult.getReturnValue();
@@ -115,7 +116,9 @@
null,
getDirectoryName(),
queryData,
+ (input.<Integer>
get(Authz.InvokeKeys.QUERY_FLAGS, 0) & Authz.QueryFlags.RESOLVE_GROUPS) != 0,
(input.<Integer>
get(Authz.InvokeKeys.QUERY_FLAGS, 0) &
Authz.QueryFlags.RESOLVE_GROUPS_RECURSIVE) != 0
+
)
);
List<LdapUser> ldapUsers = (List<LdapUser>)
ldapResult.getReturnValue();
diff --git
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapBrokerCommandBase.java
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapBrokerCommandBase.java
index b203130..e0ef055 100644
---
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapBrokerCommandBase.java
+++
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapBrokerCommandBase.java
@@ -128,10 +128,13 @@
protected abstract void executeQuery(DirectorySearcher directorySearcher);
protected LdapUser populateUserData(LdapUser user, String domain) {
- return populateUserData(user, domain, true);
+ return populateUserData(user, domain, true, true);
}
- protected LdapUser populateUserData(LdapUser user, String domain, boolean
populateGroups) {
+ protected LdapUser populateUserData(LdapUser user,
+ String domain,
+ boolean populateGroups,
+ boolean populateGroupsRecursively) {
if (user == null) {
return null;
}
@@ -147,7 +150,7 @@
user.setUserName(user.getUserName() + "@" +
user.getDomainControler());
}
- if (populateGroups) {
+ if (populateGroupsRecursively || populateGroups) {
if (generator.getHasValues()) {
List<LdapQueryData> partialQueries =
generator.getLdapQueriesData();
for (LdapQueryData currQueryData : partialQueries) {
@@ -155,7 +158,9 @@
getAuthenticationDomain(),
groupsDict,
getLoginName(),
- getPassword());
+ getPassword(),
+ populateGroupsRecursively
+ );
}
}
}
@@ -167,7 +172,7 @@
String domain,
Map<String, LdapGroup> groupsDict,
String loginName,
- String password) {
+ String password, boolean
populateGroupsRecursively) {
try {
GroupsDNQueryGenerator generator = new GroupsDNQueryGenerator();
List<GroupSearchResult> searchResultCollection =
@@ -178,10 +183,10 @@
}
}
// If generator has results, it means there are parent groups
- if (generator.getHasValues()) {
+ if (generator.getHasValues() && populateGroupsRecursively) {
List<LdapQueryData> partialQueries =
generator.getLdapQueriesData();
for (LdapQueryData partialQuery : partialQueries) {
- populateGroup(partialQuery, domain, groupsDict, loginName,
password);
+ populateGroup(partialQuery, domain, groupsDict, loginName,
password, populateGroupsRecursively);
}
}
} catch (RuntimeException e) {
diff --git
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchByQueryParameters.java
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchByQueryParameters.java
index ef29917..d4012b9 100644
---
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchByQueryParameters.java
+++
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchByQueryParameters.java
@@ -5,6 +5,7 @@
public class LdapSearchByQueryParameters extends LdapBrokerBaseParameters {
private LdapQueryData ldapQueryData;
private boolean populateGroups;
+ private boolean populateGroupsRecursively;
public LdapQueryData getLdapQueryData() {
return ldapQueryData;
@@ -23,21 +24,28 @@
String sessionId,
String domain,
LdapQueryData ldapQueryData) {
- this(configuration, sessionId, domain, ldapQueryData, false);
+ this(configuration, sessionId, domain, ldapQueryData, false, false);
}
- public LdapSearchByQueryParameters(Properties configuration,
+ public LdapSearchByQueryParameters(
+ Properties configuration,
String sessionId,
String domain,
LdapQueryData ldapQueryData,
- boolean populateGroups) {
+ boolean populateGroups,
+ boolean populateGroupsRecursively) {
super(configuration, sessionId, domain);
setLdapQueryData(ldapQueryData);
this.populateGroups = populateGroups;
+ this.populateGroupsRecursively = populateGroupsRecursively;
}
boolean isPopulateGroups() {
return populateGroups;
}
+ boolean isPopulateGroupsRecursively() {
+ return populateGroupsRecursively;
+ }
+
}
diff --git
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchUserByQueryCommand.java
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchUserByQueryCommand.java
index 62dfe4c..6b0515d 100644
---
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchUserByQueryCommand.java
+++
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/LdapSearchUserByQueryCommand.java
@@ -7,6 +7,7 @@
public class LdapSearchUserByQueryCommand extends
LdapSearchGroupsByQueryCommand {
private boolean populateGroups;
+ private boolean populateGroupsRecursively;
protected LdapQueryData getLdapQueryData() {
return ((LdapSearchByQueryParameters)
getParameters()).getLdapQueryData();
@@ -15,6 +16,7 @@
public LdapSearchUserByQueryCommand(LdapSearchByQueryParameters
parameters) {
super(parameters);
populateGroups = parameters.isPopulateGroups();
+ populateGroupsRecursively = parameters.isPopulateGroupsRecursively();
}
@Override
@@ -26,7 +28,7 @@
for (final LdapUser searchResult : usersList) {
{
LdapUser user =
- populateUserData(searchResult,
getLdapQueryData().getDomain(), populateGroups);
+ populateUserData(searchResult,
getLdapQueryData().getDomain(), populateGroups, populateGroupsRecursively);
userList.add(user);
}
}
--
To view, visit http://gerrit.ovirt.org/32728
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id1066170758ecddd296b6f253c5bd386cea22008
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
