Below is a proof of concept code to get the Microsoft Active Directory LDAP
Authentication to work with CS3 and CS4. I've been using it in my environment -
so its tested and works well.
Problem Description:
When user enter password in login page, the password is
encrypted via MD5 through javascript function that checks if md5HashedLogin is
set to true. If so, MD5 encoded password is passed into JSP for further
verification against an MD5 stored password in local MySQL DB. Since MySQL DB
password is also MD5 encrypted, it will result in successful authentication.
If end-user enabled AD LDAP Authentication via API, MS AD does
not support MD5 hashed passwords. I tried altering settings in LDAP/MD5
settings in components.xml, but it has not helped because the password is
encrypted on user session level.
Solution Details:
A very simple and somewhat elegant solution is to add a
checkbox on login page that would either set off or on md5hashedLogin bolean
logic via javascript function. Example if box checked or unchecked - do -
md5HashedLogin = !md5HashedLogin - on each event. This solution allows for both
local and external authentication mechanism to function.
Review Needed:
1) What is your thought on including this patch into CS 4.0 and
backporting to 3.0?
2) Can someone who has non MS LDAP env test this solution to see if it
breaks anything.
CSS Help:
While I was trying to make it look nice, CSS is not my
strongest skill and after sometime of fiddling with it, I had to shift my focus
on another more urgent task. I also figured for UI guru this will be a 1 minute
fix. if your CSS skills are better than mine (that's almost everyone on this
list), please help make it a little more user appealing.
Implementation Details:
There are probably 10 lines of code total to add in 3 files, index.jsp,
cloudstack3.css and sharedFunctions.js. The patch was generated with "diff -u"
which should work with linux patch command, but if not - it will take less than
1 minute to make these changes by hand.
Please let me know what your thoughts are on this patch once we agree, I will
make it proper as per developer guidelines.
/usr/share/cloud/management/webapps/client/index.jsp
--- /usr/share/cloud/management/webapps/client/index.jsp.orig1
2012-10-25 13:50:49.244834323 -0400
+++ /usr/share/cloud/management/webapps/client/index.jsp 2012-10-26
15:04:17.836817297 -0400
@@ -58,6 +58,10 @@
<label for="password"><fmt:message key="label.password"/></label>
<input type="password" name="password" class="required" />
</div>
+ <div class="field">
+ MS AD LDAP AUTH
+ <input type="checkbox" name="ldap_auth" id="ldap_auth"
value="0" onclick="my_ldap_auth();"/>
+ </div>
<!-- Domain -->
<div class="field domain">
<label for="domain"><fmt:message key="label.domain"/></label>
--- /usr/share/cloud/management/webapps/client/css/cloudstack3.css.orig
2012-10-26 15:16:47.532831544 -0400
+++ /usr/share/cloud/management/webapps/client/css/cloudstack3.css
2012-10-25 13:09:23.683813597 -0400
@@ -352,6 +352,11 @@
text-shadow: 0px 1px 2px #000000;
}
+.login .fields input[type=checkbox] {
+ display: block;
+}
+
+
.login .fields input[type=submit]:hover {
background-position: -563px -772px;
}
--- /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js.orig
2012-10-26 15:19:22.334833312 -0400
+++ /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js
2012-10-23 11:07:51.373793431 -0400
@@ -40,6 +40,13 @@
var md5Hashed = true;
var md5HashedLogin = true;
+//AD auth support by setting the md5HashedLogin to false
+function my_ldap_auth()
+{
+ md5HashedLogin = !md5HashedLogin;
+}
+
+
//page size for API call (e.g."listXXXXXXX&pagesize=N" )
var pageSize = 20;
