LDAP: honour nested groups for MSAD

[DaanHoogland]

Description

This PR makes sure the right memberOf attribute is retrieved in the case of MSAD ...

Fixes: #10278

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[DaanHoogland]

@blueorangutan package

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.17%. Comparing base (393b5d2) to head (1d22549).
⚠️ Report is 8 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...pache/cloudstack/ldap/OpenLdapUserManagerImpl.java	0.00%	2 Missing ⚠️
.../org/apache/cloudstack/ldap/LdapConfiguration.java	50.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20   #11696      +/-   ##
============================================
- Coverage     16.17%   16.17%   -0.01%     
  Complexity    13297    13297              
============================================
  Files          5656     5656              
  Lines        498151   498219      +68     
  Branches      60441    60451      +10     
============================================
- Hits          80588    80579       -9     
- Misses       408589   408671      +82     
+ Partials       8974     8969       -5     

Flag	Coverage Δ
uitests	4.00% <ø> (ø)
unittests	17.02% <66.66%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rajujith]

@blueorangutan package

[blueorangutan]

@rajujith a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✖️ debian ✔️ suse15. SL-JID 15143

[rajujith]

LGTM.

Nested group users are listed now:

(LL-ACS-KVM) 🐱 > list ldapusers
{
  "LdapUser": [
    {
      "conflictingusersource": "",
      "domain": "CN=aduser 1,OU=engineering",
      "firstname": "aduser",
      "lastname": "1",
      "principal": "CN=aduser 1,OU=engineering,DC=jithinraju,DC=in",
      "username": "aduser1"
    },
    {
      "conflictingusersource": "",
      "domain": "CN=aduser 2,OU=engineering",
      "firstname": "aduser",
      "lastname": "2",
      "principal": "CN=aduser 2,OU=engineering,DC=jithinraju,DC=in",
      "username": "aduser2"
    },
    {
      "conflictingusersource": "",
      "domain": "CN=aduser 500,OU=Architecture",
      "firstname": "aduser",
      "lastname": "500",
      "principal": "CN=aduser 500,OU=Architecture,DC=jithinraju,DC=in",
      "username": "aduser500"
    },
    {
      "conflictingusersource": "",
      "domain": "CN=Jithin Raju,OU=Architecture",
      "firstname": "Jithin",
      "lastname": "Raju",
      "principal": "CN=Jithin Raju,OU=Architecture,DC=jithinraju,DC=in",
      "username": "jithin"
    },
    {
      "conflictingusersource": "",
      "domain": "CN=Kiran Chavala,OU=engineering",
      "firstname": "Kiran",
      "lastname": "Chavala",
      "principal": "CN=Kiran Chavala,OU=engineering,DC=jithinraju,DC=in",
      "username": "kiran"
    },
    {
      "conflictingusersource": "",
      "domain": "CN=Vishesh Jindal,OU=engineering",
      "firstname": "Vishesh",
      "lastname": "Jindal",
      "principal": "CN=Vishesh Jindal,OU=engineering,DC=jithinraju,DC=in",
      "username": "vishesh"
    }
  ],
  "count": 6

[weizhouapache]

@DaanHoogland
there is a method in the same file

    protected String getMemberOfAttribute(final Long domainId) {
        return _ldapConfiguration.getUserMemberOfAttribute(domainId);
    }

which is used only once

        if ("GROUP".equals(type)) {
            memberOfFilter.append("(").append(getMemberOfAttribute(domainId)).append("=");
            memberOfFilter.append(name);
            memberOfFilter.append(")"); 
        }

is it correct ?

[DaanHoogland]

yes, but it is overloaded in the AD user manager, so at this point it is not known which one will be called.

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[weizhouapache]

@DaanHoogland
I changed the target branch from main to 4.20

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15144

[weizhouapache]

@blueorangutan test

[blueorangutan]

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-14424)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 53795 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11696-t14424-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[weizhouapache]

code lgtm

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15154

[weizhouapache]

Merging based on approvals and test

thanks @DaanHoogland @rajujith