kiranchavala opened a new issue, #11471: URL: https://github.com/apache/cloudstack/issues/11471
### The required feature described as a wish Steps to reproduce the issue 1. Add a ldap configuration <img width="629" height="443" alt="Image" src="https://github.com/user-attachments/assets/dafe0887-5a3b-4f5f-8e7d-f120c9487caa"; /> 2. Create domain <img width="1106" height="580" alt="Image" src="https://github.com/user-attachments/assets/03fb4f6f-d424-4b59-a1ba-5ffd9d799834"; /> 3. Link the domain to LDAP <img width="1156" height="659" alt="Image" src="https://github.com/user-attachments/assets/20629116-ce80-48dd-91e8-d005b7dfdd3d"; /> or execute the api https://cloudstack.apache.org/api/apidocs-4.20/apis/linkDomainToLdap.html (localcloud) 🐱 > link domaintoldap domainid=394cbde8-efe2-4ef2-bac0-fa5958fa4134 type=GROUP accounttype=2 ldapdomain=cn=dev-team,ou=Telco-Bng,dc=example,dc=in admin=admin { "LinkDomainToLdap": { "accounttype": 2, "domainid": "394cbde8-efe2-4ef2-bac0-fa5958fa4134", "ldapdomain": "cn=qa-team,dc=example,dc=in", "name": "cn=qa-team,dc=example,dc=in", "type": "GROUP" } } 4. Check the database table ``` mysql> select * from ldap_trust_map; +----+-----------+-------+-------------------------------------------+--------------+------------+ | id | domain_id | type | name | account_type | account_id | +----+-----------+-------+-------------------------------------------+--------------+------------+ | 22 | 25 | GROUP | cn=dev-team,ou=Telco-Bng,dc=example,dc=in | 2 | 0 | ``` 5. Currently there is no update the configuration via API call 6. If an admin tries to execute API call again or perform the same action from UI , admin user will hit a exception <img width="1641" height="697" alt="Image" src="https://github.com/user-attachments/assets/3f699c04-5a81-4639-9579-b5c3f64f6820"; /> Logs ``` 2025-08-19 06:52:25,182 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8]) (logid:aafa8e9e) ===START=== 10.0.3.251 -- POST 2025-08-19 06:52:25,182 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8]) (logid:aafa8e9e) Two factor authentication is already verified for the user 2, so skipping 2025-08-19 06:52:25,190 DEBUG [c.c.a.ApiServer] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) CIDRs from which account 'Account [{"accountName":"admin","id":2,"uuid":"41afc720-7731-11f0-9a5b-1e00900003a2"}]' is allowed to perform API calls: 0.0.0.0/0,::/0 2025-08-19 06:52:25,192 INFO [o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) Account for user id 41b07ac1-7731-11f0-9a5b-1e00900003a2 is Root Admin or Domain Admin, all APIs are allowed. 2025-08-19 06:52:25,192 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker. 2025-08-19 06:52:25,192 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) API rate limiting is disabled. We will not use ApiRateLimitService. 2025-08-19 06:52:25,197 ERROR [o.a.c.l.d.LdapTrustMapDaoImpl] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) DB Exception on: HikariProxyPreparedStatement@239902172 wrapping com.mysql.cj.jdbc.ServerPreparedStatement[181]: INSERT INTO ldap_trust_map (ldap_trust_map.type, ldap_trust_map.name, ldap_trust_map.domain_id, ldap_trust_map.account_id, ldap_trust_map.account_type) VALUES ('OU', x'6f753d54656c636f2d426e672c64633d6578616d706c652c64633d696e', 25, 0, 0) java.sql.SQLIntegrityConstraintViolationException: Duplicate entry '25-0' for key 'ldap_trust_map.uk_ldap_trust_map__bind_location' at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:118) at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122) at com.mysql.cj.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:555) at com.mysql.cj.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:339) at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1061) at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1009) at com.mysql.cj.jdbc.ClientPreparedStatement.executeLargeUpdate(ClientPreparedStatement.java:1320) at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdate(ClientPreparedStatement.java:994) at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61) at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java) at com.cloud.utils.db.GenericDaoBase.persist(GenericDaoBase.java:1636) at jdk.internal.reflect.GeneratedMethodAccessor12.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:569) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at com.cloud.utils.db.TransactionContextInterceptor.invoke(TransactionContextInterceptor.java:34) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) at jdk.proxy3/jdk.proxy3.$Proxy517.persist(Unknown Source) at org.apache.cloudstack.ldap.LdapManagerImpl.linkDomainToLdap(LdapManagerImpl.java:418) at org.apache.cloudstack.ldap.LdapManagerImpl.linkDomainToLdap(LdapManagerImpl.java:4 2025-08-19 06:52:25,201 DEBUG [c.c.u.d.T.Transaction] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) Rolling back the transaction: Time = 3 Name = qtp253011924-25; called by -TransactionLegacy.rollback:905-TransactionLegacy.removeUpTo:848-TransactionLegacy.close:672-TransactionContextInterceptor.invoke:36-ReflectiveMethodInvocation.proceed:175-ExposeInvocationInterceptor.invoke:97-ReflectiveMethodInvocation.proceed:186-JdkDynamicAopProxy.invoke:215-$Proxy517.persist:-1-LdapManagerImpl.linkDomainToLdap:418-LdapManagerImpl.linkDomainToLdap:408-LinkDomainToLdapCmd.execute:95 2025-08-19 06:52:25,206 ERROR [c.c.a.ApiServer] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) unhandled exception executing api command: [Ljava.lang.String;@7eab7506 javax.persistence.EntityExistsException: Entity already exists 2025-08-19 06:52:25,210 DEBUG [c.c.a.ApiServlet] (qtp253011924-25:[ctx-f25a19f8, ctx-aebf2303]) (logid:aafa8e9e) ===END=== 10.0.3.251 -- POST ``` Currently, there is only deleteLdapConfiguration API https://cloudstack.apache.org/api/apidocs-4.20/apis/deleteLdapConfiguration.html Expected behaviour Admin user should be able to Unlink Domain to LDAP and do the same activity from the UI If there is already a domain linked to LDAP, UI should throw a Message saying its not possible or already configured -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
