B #5676: Create LDAP user without password (#2399)

* Create LDAP user without password * Update oneuser CLI tool * Update opennebula_configuration.xsd Co-authored-by: Pavel Czerný <pczerny@opennebula.io>
2025-03-29 18:50:08 +03:00 · 2022-12-07 10:03:15 +01:00 · 2022-12-07 10:03:15 +01:00 · a7fd43d9f5
commit a7fd43d9f5
parent d8baeb028e
5 changed files with 17 additions and 4 deletions
--- a/share/doc/xsd/opennebula_configuration.xsd
+++ b/share/doc/xsd/opennebula_configuration.xsd
@ -23,6 +23,7 @@
              <xs:element name="MAX_TOKEN_TIME" type="xs:integer"/>
              <xs:element name="NAME" type="xs:string"/>
              <xs:element name="PASSWORD_CHANGE" type="xs:string"/>
+              <xs:element name="PASSWORD_REQUIRED" type="xs:string" minOccurs="0"/>
            </xs:all>
          </xs:complexType>
        </xs:element>
--- a/share/etc/oned.conf
+++ b/share/etc/oned.conf
@ -1414,6 +1414,7 @@ AUTH_MAD_CONF = [
 AUTH_MAD_CONF = [
    NAME = "ldap",
    PASSWORD_CHANGE = "YES",
+    PASSWORD_REQUIRED = "NO",
    DRIVER_MANAGED_GROUPS = "YES",
    DRIVER_MANAGED_GROUP_ADMIN = "YES",
    MAX_TOKEN_TIME = "86400"
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@ -103,7 +103,7 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
                return -1, e.message
            end
        else
-            return -1, "You have to specify an Auth method or define a password"
+            return 0, ''
        end

        return 0, auth.password
--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@ -273,6 +273,7 @@ CommandParser::CmdParser.new(ARGV) do
          oneuser create my_user --ssh --key /tmp/id_rsa
          oneuser create my_user --ssh -r /tmp/public_key
          oneuser create my_user --x509 --cert /tmp/my_cert.pem
+          oneuser create my_user --driver ldap
    EOT

    command :create, create_desc, :username, [:password, nil],
--- a/src/um/UserPool.cc
+++ b/src/um/UserPool.cc
@ -325,6 +325,7 @@ int UserPool::allocate(

    string gname;
    bool driver_managed_group_admin = false;
+    bool password_required          = true;

    ostringstream   oss;

@ -346,10 +347,19 @@ int UserPool::allocate(
        return *oid;
    }

-    // Check username and password
-    if ( !User::pass_is_valid(password, error_str) )
+    if (nd.get_auth_conf_attribute(auth_driver, "PASSWORD_REQUIRED",
+            password_required) != 0)
    {
-        goto error_pass;
+        password_required = true;
+    }
+
+    // Check username and password
+    if (password_required)
+    {
+        if (!User::pass_is_valid(password, error_str))
+        {
+            goto error_pass;
+        }
    }

    if (!PoolObjectSQL::name_is_valid(uname,User::INVALID_NAME_CHARS,error_str))