CLOUDSTACK-10239: Fallback to default provider if needed (#2430)

Fallback to default provider if needed.

Author: DaanHoogland

Diff for: plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java

@@ -54,11 +54,11 @@ public class LinkDomainToLdapCmd extends BaseCmd {
     @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, required = true, description = "type of the ldap name. GROUP or OU")
     private String type;
 
-    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP")
+    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
     private String ldapDomain;
 
     @Deprecated
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP")
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
     private String name;
 
     @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")

Diff for: plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java

@@ -25,6 +25,7 @@
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 public class LdapContextFactory {
@@ -40,12 +41,10 @@ public LdapContextFactory(final LdapConfiguration ldapConfiguration) {
         _ldapConfiguration = ldapConfiguration;
     }
 
-    // TODO add optional domain (optional only for backwards compatibility)
     public LdapContext createBindContext(Long domainId) throws NamingException, IOException {
         return createBindContext(null, domainId);
     }
 
-    // TODO add optional domain (optional only for backwards compatibility)
     public LdapContext createBindContext(final String providerUrl, Long domainId) throws NamingException, IOException {
         final String bindPrincipal = _ldapConfiguration.getBindPrincipal(domainId);
         final String bindPassword = _ldapConfiguration.getBindPassword(domainId);
@@ -80,9 +79,13 @@ private void enableSSL(final Hashtable<String, String> environment) {
 
     private Hashtable<String, String> getEnvironment(final String principal, final String password, final String providerUrl, final boolean isSystemContext, Long domainId) {
         final String factory = _ldapConfiguration.getFactory();
-        final String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl;
+        String url = providerUrl == null ? _ldapConfiguration.getProviderUrl(domainId) : providerUrl;
+        if (StringUtils.isEmpty(url) && domainId != null) {
+            //try a default ldap implementation
+            url = _ldapConfiguration.getProviderUrl(null);
+        }
 
-        final Hashtable<String, String> environment = new Hashtable<String, String>();
+        final Hashtable<String, String> environment = new Hashtable<>();
 
         environment.put(Context.INITIAL_CONTEXT_FACTORY, factory);
         environment.put(Context.PROVIDER_URL, url);

Diff for: plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManager.java

@@ -52,7 +52,6 @@ enum LinkType { GROUP, OU;}
     @Deprecated
     LdapConfigurationResponse deleteConfiguration(String hostname, int port, Long domainId) throws InvalidParameterValueException;
 
-    // TODO username is only unique withing domain scope (add domain id to call)
     LdapUser getUser(final String username, Long domainId) throws NoLdapUserMatchingQueryException;
 
     LdapUser getUser(String username, String type, String name, Long domainId) throws NoLdapUserMatchingQueryException;

Diff for: plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java

@@ -313,7 +313,7 @@ public List<LdapUser> searchUsers(final String username) throws NoLdapUserMatchi
 
     @Override
     public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) {
-        Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not configure an ldap server and an ldap group/ou to a domain");
+        Validate.isTrue(_ldapConfiguration.getBaseDn(cmd.getDomainId()) == null, "can not link a domain unless a basedn is configured for it.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
         return linkDomainToLdap(cmd.getDomainId(),cmd.getType(),cmd.getLdapDomain(),cmd.getAccountType());
     }
@@ -356,8 +356,9 @@ public LdapTrustMapVO getLinkedLdapGroup(long domainId, String group) {
         return _ldapTrustMapDao.findGroupInDomain(domainId, group);
     }
 
-    @Override public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
-        Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not configure an ldap server and an ldap group/ou to a domain");
+    @Override
+    public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
+        Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured");
         Validate.notNull(cmd.getDomainId(), "domainId cannot be null.");
         Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty.");
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");

Diff for: plugins/user-authenticators/ldap/test/org/apache/cloudstack/api/command/LdapCreateAccountCmdTest.java

@@ -62,10 +62,10 @@ public void failureToRetrieveLdapUser() throws Exception {
     }
 
     @Test(expected = ServerApiException.class)
-    public void failedCreationDueToANullResponseFromCloudstackAccountCreater() throws Exception {
+    public void failedCreationDueToANullResponseFromCloudstackAccountCreator() throws Exception {
         // We have an LdapManager, AccountService and LdapCreateAccountCmd
         LdapUser mrMurphy = new LdapUser("rmurphy", "[email protected]", "Ryan", "Murphy", "cn=rmurphy,ou=engineering,dc=cloudstack,dc=org", "engineering", false, null);
-        when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy);
+        when(ldapManager.getUser(anyString(), isNull(Long.class))).thenReturn(mrMurphy).thenReturn(mrMurphy);
         ldapCreateAccountCmd.execute();
         fail("An exception should have been thrown: " + ServerApiException.class);
     }