add validation of existing domain

Daan Hoogland · Daan Hoogland · commit f575a70f2397 · 2025-12-11T17:31:26.000+01:00
diff --git a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -48,11 +48,11 @@
 import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
 import org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
-import org.apache.cloudstack.framework.messagebus.MessageSubscriber;
 import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
 import org.apache.cloudstack.ldap.dao.LdapTrustMapDao;
 import org.apache.commons.lang.Validate;
 import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.stereotype.Component;
 
 import com.cloud.domain.DomainVO;
@@ -114,36 +114,30 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
     }
 
     private void addAccountRemovalListener() {
-        messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object args) {
-                try {
-                    final Account account = accountDao.findByIdIncludingRemoved((Long) args);
-                    long domainId = account.getDomainId();
-                    LdapTrustMapVO ldapTrustMapVO = _ldapTrustMapDao.findByAccount(domainId, account.getAccountId());
-                    if (ldapTrustMapVO != null) {
-                        removeTrustmap(ldapTrustMapVO);
-                    }
-                } catch (final Exception e) {
-                    logger.error("Caught exception while removing account linked to LDAP", e);
+        messageBus.subscribe(AccountManager.MESSAGE_REMOVE_ACCOUNT_EVENT, (senderAddress, subject, args) -> {
+            try {
+                final Account account = accountDao.findByIdIncludingRemoved((Long) args);
+                long domainId = account.getDomainId();
+                LdapTrustMapVO ldapTrustMapVO = _ldapTrustMapDao.findByAccount(domainId, account.getAccountId());
+                if (ldapTrustMapVO != null) {
+                    removeTrustmap(ldapTrustMapVO);
                 }
+            } catch (final Exception e) {
+                logger.error("Caught exception while removing account linked to LDAP", e);
             }
         });
     }
 
     private void addDomainRemovalListener() {
-        messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, new MessageSubscriber() {
-            @Override
-            public void onPublishMessage(String senderAddress, String subject, Object args) {
-                try {
-                    long domainId = ((DomainVO) args).getId();
-                    List<LdapTrustMapVO> ldapTrustMapVOs = _ldapTrustMapDao.searchByDomainId(domainId);
-                    for (LdapTrustMapVO ldapTrustMapVO : ldapTrustMapVOs) {
-                        removeTrustmap(ldapTrustMapVO);
-                    }
-                } catch (final Exception e) {
-                    logger.error("Caught exception while removing trust-map for domain linked to LDAP", e);
+        messageBus.subscribe(DomainManager.MESSAGE_REMOVE_DOMAIN_EVENT, (senderAddress, subject, args) -> {
+            try {
+                long domainId = ((DomainVO) args).getId();
+                List<LdapTrustMapVO> ldapTrustMapVOs = _ldapTrustMapDao.searchByDomainId(domainId);
+                for (LdapTrustMapVO ldapTrustMapVO : ldapTrustMapVOs) {
+                    removeTrustmap(ldapTrustMapVO);
                 }
+            } catch (final Exception e) {
+                logger.error("Caught exception while removing trust-map for domain linked to LDAP", e);
             }
         });
     }
@@ -200,10 +194,10 @@ private LdapConfigurationResponse addConfigurationInternal(final String hostname
 
     /**
      * TODO decide if the principal is good enough to get the domain id or we need to add it as parameter
-     * @param principal
-     * @param password
-     * @param domainId
-     * @return
+     * @param principal ldap user
+     * @param password the users password to check
+     * @param domainId the domain for logging into
+     * @return true if the user can authenticate
      */
     @Override
     public boolean canAuthenticate(final String principal, final String password, final Long domainId) {
@@ -428,20 +422,42 @@ private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, St
         //Account type should be 0 or 2. check the constants in com.cloud.user.Account
         Validate.isTrue(accountType== Account.Type.NORMAL || accountType== Account.Type.DOMAIN_ADMIN, "accountype should be either 0(normal user) or 2(domain admin)");
         LinkType linkType = LdapManager.LinkType.valueOf(type.toUpperCase());
-        LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domainId, linkType, name, accountType, 0));
-        DomainVO domain = domainDao.findById(vo.getDomainId());
-        String domainUuid = getDomainUuid(domain, vo);
+        return linkDomainToLdapAndGetResponse(domainId, name, accountType, linkType);
+    }
+
+    @NotNull
+    private LinkDomainToLdapResponse linkDomainToLdapAndGetResponse(Long domainId, String name, Account.Type accountType, LinkType linkType) {
+        DomainVO domain = getDomainToLink(domainId);
+        LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(domain.getId(), linkType, name, accountType, 0));
+        String domainUuid = domain.getUuid();
         return new LinkDomainToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType().ordinal());
     }
 
-    private String getDomainUuid(DomainVO domain, LdapTrustMapVO vo) {
-        String domainUuid = "<unknown>";
+    @NotNull
+    private DomainVO getDomainToLink(Long domainId) {
+        DomainVO domain = domainDao.findById(domainId);
         if (domain == null) {
-            logger.error("no domain in database for id {}", vo.getDomainId());
-        } else {
-            domainUuid = domain.getUuid();
+            String msg = "Cannot link Domain to LDAP. No domain found";
+            logger.error(msg);
+            throw new InvalidParameterValueException(msg);
+        }
+        return domain;
+    }
+
+    @NotNull
+    private LinkAccountToLdapResponse linkAccountToLdapAndGetResponse(LinkAccountToLdapCmd cmd) {
+        DomainVO domain = getDomainToLink(cmd.getDomainId());
+        LinkType linkType = LinkType.valueOf(cmd.getType().toUpperCase());
+        Account account = accountDao.findActiveAccount(cmd.getAccountName(), cmd.getDomainId());
+        if (account == null) {
+            account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), cmd.getRoleId(), UUID.randomUUID().toString());
+            accountDao.persist((AccountVO)account);
         }
-        return domainUuid;
+
+        long accountId = account.getAccountId();
+        clearOldAccountMapping(cmd);
+        LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(cmd.getDomainId(), linkType, cmd.getLdapDomain(), cmd.getAccountType(), accountId));
+        return new LinkAccountToLdapResponse(domain.getUuid(), vo.getType().toString(), vo.getName(), vo.getAccountType().ordinal(), account.getUuid(), cmd.getAccountName());
     }
 
     @Override
@@ -469,20 +485,7 @@ public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
         Validate.notEmpty(cmd.getLdapDomain(), "GROUP or OU name cannot be empty");
         Validate.isTrue(cmd.getAccountType() != null || cmd.getRoleId() != null, "Either account type or role ID must be given");
 
-        LinkType linkType = LdapManager.LinkType.valueOf(cmd.getType().toUpperCase());
-        Account account = accountDao.findActiveAccount(cmd.getAccountName(),cmd.getDomainId());
-        if (account == null) {
-            account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), cmd.getRoleId(), UUID.randomUUID().toString());
-            accountDao.persist((AccountVO)account);
-        }
-
-        long accountId = account.getAccountId();
-        clearOldAccountMapping(cmd);
-        LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(cmd.getDomainId(), linkType, cmd.getLdapDomain(), cmd.getAccountType(), accountId));
-        DomainVO domain = domainDao.findById(vo.getDomainId());
-        String domainUuid = getDomainUuid(domain, vo);
-
-        return new LinkAccountToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType().ordinal(), account.getUuid(), cmd.getAccountName());
+        return linkAccountToLdapAndGetResponse(cmd);
     }
 
     private void clearOldAccountMapping(LinkAccountToLdapCmd cmd) {
