unlink an ldap domain

[DaanHoogland]

Description

This PR

Fixes: #3685 partially as unlinking an account has no good functional definition (yet)
Fixes: #11474 by removing a long time deprecated parameter

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

❌ Patch coverage is 6.06061% with 31 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.48%. Comparing base (f06ac51) to head (9c68433).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...loudstack/api/command/UnlinkDomainFromLdapCmd.java	0.00%	16 Missing ⚠️
...va/org/apache/cloudstack/ldap/LdapManagerImpl.java	0.00%	13 Missing ⚠️
...he/cloudstack/api/command/LinkDomainToLdapCmd.java	33.33%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #11962      +/-   ##
============================================
- Coverage     17.48%   17.48%   -0.01%     
- Complexity    15552    15554       +2     
============================================
  Files          5913     5914       +1     
  Lines        529650   529678      +28     
  Branches      64716    64718       +2     
============================================
+ Hits          92629    92633       +4     
- Misses       426576   426601      +25     
+ Partials      10445    10444       -1     

Flag	Coverage Δ
uitests	3.58% <ø> (-0.01%)	⬇️
unittests	18.55% <6.06%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull Request Overview

This PR adds functionality to unlink a CloudStack domain from LDAP, complementing the existing linkDomainToLdap functionality. The changes also include refactoring improvements to clean up the LinkDomainToLdapCmd by removing deprecated parameters and improving logging.

Key Changes

• Added new unlinkDomainFromLdap API command to remove domain-to-LDAP linkages
• Removed deprecated name parameter and improved the LinkDomainToLdapCmd implementation
• Applied minor code modernization (diamond operator, parametrized logging)

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
UnlinkDomainFromLdapCmd.java	New API command for unlinking domains from LDAP
LdapManager.java	Added interface method for unlinking and removed trailing semicolon from enum
LdapManagerImpl.java	Implemented unlinkDomainFromLdap method and applied diamond operator refactoring
LinkDomainToLdapCmd.java	Removed deprecated name parameter, made ldapDomain required, and improved logging
pom.xml	Added explicit cloud-api dependency

Comments suppressed due to low confidence (1)

plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java:308

• The new UnlinkDomainFromLdapCmd class is not registered in the getCommands() list, which means it won't be available as an API command. Add cmdList.add(UnlinkDomainFromLdapCmd.class); before the return statement.

        final List<Class<?>> cmdList = new ArrayList<>();
        cmdList.add(LdapUserSearchCmd.class);
        cmdList.add(LdapListUsersCmd.class);
        cmdList.add(LdapAddConfigurationCmd.class);
        cmdList.add(LdapDeleteConfigurationCmd.class);
        cmdList.add(LdapListConfigurationCmd.class);
        cmdList.add(LdapCreateAccountCmd.class);
        cmdList.add(LdapImportUsersCmd.class);
        cmdList.add(LDAPConfigCmd.class);
        cmdList.add(LDAPRemoveCmd.class);
        cmdList.add(LinkDomainToLdapCmd.class);
        cmdList.add(LinkAccountToLdapCmd.class);
        return cmdList;

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shwstppr]

some comments, idea looks good. Will need testing

[vishesh92]

Code looks good to me. Just one change is required.

[kiranchavala]

@DaanHoogland

(localcloud) 🐱 > link domaintoldap domainid=0735d7e8-5dcc-4b48-8049-81c69d8830d3 type=GROUP accounttype=2 ldapdomain=cn=qa-team,ou=Telco-Bng,dc=example,dc=in name=qa admin=admin
{
  "LinkDomainToLdap": {
    "accounttype": 2,
    "domainid": "0735d7e8-5dcc-4b48-8049-81c69d8830d3",
    "ldapdomain": "cn=qa-team,ou=Telco-Bng,dc=example,dc=in",
    "name": "cn=qa-team,ou=Telco-Bng,dc=example,dc=in",
    "type": "GROUP"
  }
}

mysql> select * from ldap_configuration;
+----+-----------+------+-----------+--------------------------------------+
| id | hostname  | port | domain_id | uuid                                 |
+----+-----------+------+-----------+--------------------------------------+
|  2 | localhost |  389 |         2 | e07853d9-73dc-4486-9acf-66937c8123a5 |
+----+-----------+------+-----------+--------------------------------------+
1 row in set (0.00 sec)

mysql> select * from ldap_trust_map;
+----+-----------+-------+------------------------------------------+--------------+------------+
| id | domain_id | type  | name                                     | account_type | account_id |
+----+-----------+-------+------------------------------------------+--------------+------------+
|  1 |         2 | GROUP | cn=qa-team,ou=Telco-Bng,dc=example,dc=in |            2 |          0 |
+----+-----------+-------+------------------------------------------+--------------+------------+
1 row in set (0.00 sec)

Getting the following response from the api , but the entry is deleted from the database

(localcloud) 🐱 > unlink domainfromldap domainid=0735d7e8-5dcc-4b48-8049-81c69d8830d3
🙈 Error: failed to decode response

mysql> select * from ldap_trust_map;
Empty set (0.00 sec)

Also the UI progress doesn't stop when a user tried to link domain to ldap

[DaanHoogland]

@kiranchavala , those issues are fixed, however there are some polish issues remaining, like the condition to enable link or unlink are not available in the UI atm and I need to decide/discuss how to address these.

[rajujith]

@DaanHoogland, there is a similar use case with accounts where there are no UI options https://cloudstack.apache.org/api/apidocs-4.20/apis/linkAccountToLdap.html. Should this also be considered in this PR?

[kiranchavala]

@DaanHoogland, there is a similar use case with accounts where there are no UI options https://cloudstack.apache.org/api/apidocs-4.20/apis/linkAccountToLdap.html. Should this also be considered in this PR?

Yes @rajujith @DaanHoogland

The improvement issue is already present

#11473

[DaanHoogland]

@DaanHoogland, there is a similar use case with accounts where there are no UI options https://cloudstack.apache.org/api/apidocs-4.20/apis/linkAccountToLdap.html. Should this also be considered in this PR?

Yes @rajujith @DaanHoogland

The improvement issue is already present

#11473

guys (@rajujith @kiranchavala), I don’t want to add and create a big beautiful PR. I’d rather implement smaller well tested changes, if you don’t mind. We need to have a backend change in DomainResponse as well to be able to decide whether to show the link or the unlink button. I am sure we will find more issues while working on this.

[Pearl1594]

Linking and unlinking of domain to ldap works fine, however, as an improvement to this it would be nice to selectively show and hide the link/unlink buttons based on whether the domain is linked to an LDAP or not. But that could happen on a separate PR> Also, ldapdomain requires translation

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15950

[DaanHoogland]

@blueorangutan test

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-14926)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 52399 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11962-t14926-kvm-ol8.zip
Smoke tests completed. 144 look OK, 6 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_secure_vm_migration	Error	133.98	test_vm_life_cycle.py
test_01_secure_vm_migration	Error	133.99	test_vm_life_cycle.py
test_08_migrate_vm	Error	14.84	test_vm_life_cycle.py
test_01_migrate_vm_strict_tags_success	Error	76.11	test_vm_strict_host_tags.py
test_01_verify_ipv6_vpc	Error	53.15	test_vpc_ipv6.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL	Error	106.98	test_vpc_redundant.py
test_02_redundant_VPC_default_routes	Error	63.03	test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers	Error	56.28	test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics	Error	103.70	test_vpc_redundant.py
test_05_rvpc_multi_tiers	Error	108.75	test_vpc_redundant.py
test_01_redundant_vpc_site2site_vpn	Failure	56.35	test_vpc_vpn.py
test_01_vpc_site2site_vpn_multiple_options	Failure	100.33	test_vpc_vpn.py
test_01_vpc_site2site_vpn	Failure	100.33	test_vpc_vpn.py
test_01_cancel_host_maintenance_ssh_enabled_agent_connected	Failure	1.15	test_host_maintenance.py
test_03_cancel_host_maintenance_ssh_disabled_agent_connected	Failure	1.13	test_host_maintenance.py
test_04_cancel_host_maintenance_ssh_disabled_agent_disconnected	Failure	0.14	test_host_maintenance.py

[blueorangutan]

[SF] Trillian Build Failed (tid-14955)

[sureshanaparti]

clgtm

[blueorangutan]

[SF] Trillian test result (tid-14994)
Environment: kvm-ol9 (x2), zone: Advanced Networking with Mgmt server ol9
Total time taken: 62170 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11962-t14994-kvm-ol9.zip
Smoke tests completed. 146 look OK, 4 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
ContextSuite context=TestClusterDRS>:setup	Error	0.00	test_cluster_drs.py
test_list_system_vms_metrics_history	Failure	0.19	test_metrics_api.py
test_01_deployVMInSharedNetwork	Failure	265.67	test_network.py
ContextSuite context=TestResetVmOnReboot>:setup	Error	0.00	test_reset_vm_on_reboot.py

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16053

[DaanHoogland]

@blueorangutan test

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-14999)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 53542 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11962-t14999-kvm-ol8.zip
Smoke tests completed. 149 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_03_deploy_and_scale_kubernetes_cluster	Failure	26.87	test_kubernetes_clusters.py