Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Api/UI: Add support to delete/unlink DomainToLdap #11471

Open
@kiranchavala

Description

The required feature described as a wish

Steps to reproduce the issue

  1. Add a ldap configuration
Image
  1. Create domain
Image
  1. Link the domain to LDAP
Image

or execute the api

https://cloudstack.apache.org/api/apidocs-4.20/apis/linkDomainToLdap.html

(localcloud) 🐱 > link domaintoldap domainid=394cbde8-efe2-4ef2-bac0-fa5958fa4134 type=GROUP accounttype=2 ldapdomain=cn=dev-team,ou=Telco-Bng,dc=example,dc=in admin=admin
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": "394cbde8-efe2-4ef2-bac0-fa5958fa4134",
"ldapdomain": "cn=qa-team,dc=example,dc=in",
"name": "cn=qa-team,dc=example,dc=in",
"type": "GROUP"
}
}

  1. Check the database table
mysql> select * from ldap_trust_map;
+----+-----------+-------+-------------------------------------------+--------------+------------+
| id | domain_id | type | name | account_type | account_id |
+----+-----------+-------+-------------------------------------------+--------------+------------+
| 22 | 25 | GROUP | cn=dev-team,ou=Telco-Bng,dc=example,dc=in | 2 | 0 |

  1. Currently there is no update the configuration via API call

  2. If an admin tries to execute API call again or perform the same action from UI , admin user will hit a exception

Image

Logs

2025年08月19日 06:52:25,182 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8]) (logid:aafa8e9e) ===START=== 10.0.3.251 -- POST
2025年08月19日 06:52:25,182 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8]) (logid:aafa8e9e) Two factor authentication is already verified for the user 2, so skipping
2025年08月19日 06:52:25,190 DEBUG [c.c.a.ApiServer] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) CIDRs from which account 'Account [{"accountName":"admin","id":2,"uuid":"41afc720-7731-11f0-9a5b-1e00900003a2"}]' is allowed to perform API calls: 0.0.0.0/0,::/0
2025年08月19日 06:52:25,192 INFO [o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) Account for user id 41b07ac1-7731-11f0-9a5b-1e00900003a2 is Root Admin or Domain Admin, all APIs are allowed.
2025年08月19日 06:52:25,192 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.
2025年08月19日 06:52:25,192 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) API rate limiting is disabled. We will not use ApiRateLimitService.
2025年08月19日 06:52:25,197 ERROR [o.a.c.l.d.LdapTrustMapDaoImpl] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) DB Exception on: HikariProxyPreparedStatement@239902172 wrapping com.mysql.cj.jdbc.ServerPreparedStatement[181]: INSERT INTO ldap_trust_map (ldap_trust_map.type, ldap_trust_map.name, ldap_trust_map.domain_id, ldap_trust_map.account_id, ldap_trust_map.account_type) VALUES ('OU', x'6f753d54656c636f2d426e672c64633d6578616d706c652c64633d696e', 25, 0, 0) java.sql.SQLIntegrityConstraintViolationException: Duplicate entry '25-0' for key 'ldap_trust_map.uk_ldap_trust_map__bind_location'
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:118)
	at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
	at com.mysql.cj.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:555)
	at com.mysql.cj.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:339)
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1061)
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1009)
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeLargeUpdate(ClientPreparedStatement.java:1320)
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdate(ClientPreparedStatement.java:994)
	at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61)
	at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java)
	at com.cloud.utils.db.GenericDaoBase.persist(GenericDaoBase.java:1636)
	at jdk.internal.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
	at com.cloud.utils.db.TransactionContextInterceptor.invoke(TransactionContextInterceptor.java:34)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
	at jdk.proxy3/jdk.proxy3.$Proxy517.persist(Unknown Source)
	at org.apache.cloudstack.ldap.LdapManagerImpl.linkDomainToLdap(LdapManagerImpl.java:418)
	at org.apache.cloudstack.ldap.LdapManagerImpl.linkDomainToLdap(LdapManagerImpl.java:4
2025年08月19日 06:52:25,201 DEBUG [c.c.u.d.T.Transaction] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) Rolling back the transaction: Time = 3 Name = qtp253011924-25; called by -TransactionLegacy.rollback:905-TransactionLegacy.removeUpTo:848-TransactionLegacy.close:672-TransactionContextInterceptor.invoke:36-ReflectiveMethodInvocation.proceed:175-ExposeInvocationInterceptor.invoke:97-ReflectiveMethodInvocation.proceed:186-JdkDynamicAopProxy.invoke:215-$Proxy517.persist:-1-LdapManagerImpl.linkDomainToLdap:418-LdapManagerImpl.linkDomainToLdap:408-LinkDomainToLdapCmd.execute:95
2025年08月19日 06:52:25,206 ERROR [c.c.a.ApiServer] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) unhandled exception executing api command: [Ljava.lang.String;@7eab7506 javax.persistence.EntityExistsException: Entity already exists
2025年08月19日 06:52:25,210 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) ===END=== 10.0.3.251 -- POST

Currently, there is only deleteLdapConfiguration API

https://cloudstack.apache.org/api/apidocs-4.20/apis/deleteLdapConfiguration.html

Expected behaviour

Admin user should be able to Unlink Domain to LDAP and do the same activity from the UI

If there is already a domain linked to LDAP, UI should throw a Message saying its not possible or already configured

Metadata

Metadata

Assignees

No one assigned

    Type

    Projects

    Status

    Todo

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      AltStyle によって変換されたページ (->オリジナル) /