ceph · yehudasa · Mar 13, 2016 · Mar 13, 2016
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -136,13 +136,6 @@ set(HAVE_LIBAIO ${AIO_FOUND})
 message(STATUS "${AIO_LIBS}")
 endif(${WITH_AIO})
 
-option(WITH_OPENLDAP "OPENLDAP is here" ON)
-if(${WITH_OPENLDAP})
-find_package(OpenLdap REQUIRED)
-set(HAVE_OPENLDAP ${OPENLDAP_FOUND})
-message(STATUS "${OPENLDAP_LIBS}")
-endif(${WITH_OPENLDAP})
-
 option(WITH_FUSE "Fuse is here" ON)
 if(${WITH_FUSE})
 find_package(fuse)

diff --git a/ceph.spec.in b/ceph.spec.in
@@ -119,7 +119,6 @@ BuildRequires:	libblkid-devel >= 2.17
 BuildRequires:	libudev-devel
 BuildRequires:	libtool
 BuildRequires:	make
-BuildRequires:  openldap-devel
 BuildRequires:  openssl-devel
 BuildRequires:	parted
 BuildRequires:	perl
@@ -1109,7 +1108,6 @@ fi
 %defattr(-,root,root,-)
 %{_bindir}/radosgw
 %{_bindir}/radosgw-admin
-%{_bindir}/radosgw-token
 %{_bindir}/radosgw-object-expirer
 %{_mandir}/man8/radosgw.8*
 %{_mandir}/man8/radosgw-admin.8*

diff --git a/cmake/modules/FindOpenLdap.cmake b/cmake/modules/FindOpenLdap.cmake
diff --git a/debian/control b/debian/control
@@ -42,8 +42,7 @@ Build-Depends: autoconf,
                libleveldb-dev,
                libnss3-dev,
                libsnappy-dev,
-               libldap2-dev,
-               libssl-dev,
+	       libssl-dev,
                liblttng-ust-dev,
                libtool,
                libudev-dev,

diff --git a/debian/radosgw.install b/debian/radosgw.install
@@ -1,7 +1,6 @@
 etc/bash_completion.d/radosgw-admin
 usr/bin/radosgw
 usr/bin/radosgw-admin
-usr/bin/radosgw-token
 usr/bin/radosgw-object-expirer
 usr/share/man/man8/radosgw-admin.8
 usr/share/man/man8/radosgw.8
diff --git a/src/.gitignore b/src/.gitignore
@@ -74,7 +74,6 @@ Makefile
 /rados
 /radosgw
 /radosgw-admin
-/radosgw-token
 /radosgw-object-expirer
 /rbd
 /rbd-mirror

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -1144,7 +1144,6 @@ if(${WITH_RADOSGW})
     rgw/rgw_http_client.cc
     rgw/rgw_json_enc.cc
     rgw/rgw_keystone.cc
-    rgw/rgw_ldap.cc
     rgw/rgw_loadgen.cc
     rgw/rgw_log.cc
     rgw/rgw_metadata.cc
@@ -1221,9 +1220,6 @@ if(${WITH_RADOSGW})
     rgw/rgw_admin.cc
     rgw/rgw_orphan.cc)
 
-  set(radosgw_token_srcs
-    rgw/rgw_token.cc)
-
   set(radosgw_object_expirer_srcs
     rgw/rgw_object_expirer.cc)
 
@@ -1261,8 +1257,7 @@ if(${WITH_RADOSGW})
     cls_rgw_client cls_lock_client cls_refcount_client
     cls_log_client cls_statelog_client cls_timeindex_client
     cls_version_client cls_replica_log_client cls_user_client
-    curl expat global fcgi resolv ssl crypto ${BLKID_LIBRARIES} ${OPENLDAP_LIBS}
-    ${ALLOC_LIBS})
+    curl expat global fcgi resolv ssl crypto ${BLKID_LIBRARIES})
   install(TARGETS radosgw DESTINATION bin)
 
   add_executable(radosgw-admin ${radosgw_admin_srcs})
@@ -1274,11 +1269,6 @@ if(${WITH_RADOSGW})
 
   install(TARGETS radosgw-admin DESTINATION bin)
 
-  add_executable(radosgw-token ${radosgw_token_srcs})
-  target_link_libraries(radosgw-token librados
-    global ${ALLOC_LIBS})
-  install(TARGETS radosgw-token DESTINATION bin)
-
   add_executable(radosgw-object-expirer ${radosgw_object_expirer_srcs})
   target_link_libraries(radosgw-object-expirer rgw_a librados
     cls_rgw_client cls_lock_client cls_refcount_client

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
@@ -1237,21 +1237,6 @@ OPTION(rgw_keystone_revocation_interval, OPT_INT, 15 * 60)  // seconds between t
 OPTION(rgw_keystone_verify_ssl, OPT_BOOL, true) // should we try to verify keystone's ssl
 OPTION(rgw_s3_auth_use_rados, OPT_BOOL, true)  // should we try to use the internal credentials for s3?
 OPTION(rgw_s3_auth_use_keystone, OPT_BOOL, false)  // should we try to use keystone for s3?
-
-/* OpenLDAP-style LDAP parameter strings */
-/* rgw_ldap_uri  space-separated list of LDAP servers in URI format */
-OPTION(rgw_ldap_uri, OPT_STR, "ldaps://<ldap.your.domain>")
-/* rgw_ldap_binddn  LDAP entry RGW will bind with (user match) */
-OPTION(rgw_ldap_binddn, OPT_STR, "uid=admin,cn=users,dc=example,dc=com")
-/* rgw_ldap_searchdn  LDAP search base (basedn) */
-OPTION(rgw_ldap_searchdn, OPT_STR, "cn=users,cn=accounts,dc=example,dc=com")
-/* rgw_ldap_memberattr  LDAP attribute containing RGW user names */
-OPTION(rgw_ldap_memberattr, OPT_STR, "uid")
-/* rgw_ldap_secret  file containing credentials for rgw_ldap_binddn */
-OPTION(rgw_ldap_secret, OPT_STR, "/etc/openldap/secret")
-/* rgw_s3_auth_use_ldap  use LDAP for RGW auth? */
-OPTION(rgw_s3_auth_use_ldap, OPT_BOOL, false)
-
 OPTION(rgw_admin_entry, OPT_STR, "admin")  // entry point for which a url is considered an admin request
 OPTION(rgw_enforce_swift_acls, OPT_BOOL, true)
 OPTION(rgw_swift_token_expiration, OPT_INT, 24 * 3600) // time in seconds for swift token expiration

diff --git a/src/rgw/Makefile.am b/src/rgw/Makefile.am
@@ -44,7 +44,6 @@ librgw_la_SOURCES = \
 	rgw/rgw_http_client.cc \
 	rgw/rgw_json_enc.cc \
 	rgw/rgw_keystone.cc \
-	rgw/rgw_ldap.cc \
 	rgw/rgw_loadgen.cc \
 	rgw/rgw_log.cc \
 	rgw/rgw_metadata.cc \
@@ -153,10 +152,6 @@ radosgw_admin_SOURCES = rgw/rgw_admin.cc rgw/rgw_orphan.cc
 radosgw_admin_LDADD = $(LIBRGW) $(LIBRGW_DEPS) $(CEPH_GLOBAL)
 bin_PROGRAMS += radosgw-admin
 
-radosgw_token_SOURCES = rgw/rgw_token.cc
-radosgw_token_LDADD = $(LIBRGW) $(LIBRGW_DEPS) $(CEPH_GLOBAL)
-bin_PROGRAMS += radosgw-token
-
 radosgw_object_expirer_SOURCES = rgw/rgw_object_expirer.cc
 radosgw_object_expirer_LDADD = $(LIBRGW) $(LIBRGW_DEPS) $(CEPH_GLOBAL)
 bin_PROGRAMS += radosgw-object-expirer
@@ -177,14 +172,12 @@ noinst_HEADERS += \
 	rgw/rgw_acl.h \
 	rgw/rgw_acl_s3.h \
 	rgw/rgw_acl_swift.h \
-	rgw/rgw_b64.h \
 	rgw/rgw_client_io.h \
 	rgw/rgw_coroutine.h \
 	rgw/rgw_cr_rados.h \
 	rgw/rgw_cr_rest.h \
 	rgw/rgw_fcgi.h \
 	rgw/rgw_xml.h \
-	rgw/rgw_token.h \
 	rgw/rgw_basic_types.h \
 	rgw/rgw_cache.h \
 	rgw/rgw_common.h \

diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
@@ -464,17 +464,6 @@ namespace rgw {
     if (r)
       return -EIO;
 
-    const string& ldap_uri = store->ctx()->_conf->rgw_ldap_uri;
-    const string& ldap_binddn = store->ctx()->_conf->rgw_ldap_binddn;
-    const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
-    const string& ldap_memberattr =
-      store->ctx()->_conf->rgw_ldap_memberattr;
-
-    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
-			      ldap_memberattr);
-    ldh->init();
-    ldh->bind();
-
     rgw_user_init(store);
     rgw_bucket_init(store->meta_mgr);
     rgw_log_usage_init(g_ceph_context, store);
@@ -512,8 +501,6 @@ namespace rgw {
     fe->join();
 
     delete fe;
-    delete fec;
-    delete ldh;
 
     rgw_log_usage_finalize();
 

diff --git a/src/rgw/rgw_b64.h b/src/rgw/rgw_b64.h
diff --git a/src/rgw/rgw_file.h b/src/rgw/rgw_file.h
@@ -31,9 +31,6 @@
 #include "rgw_common.h"
 #include "rgw_user.h"
 #include "rgw_lib.h"
-#include "rgw_ldap.h"
-#include "rgw_token.h"
-
 
 /* XXX
  * ASSERT_H somehow not defined after all the above (which bring
@@ -672,25 +669,9 @@ namespace rgw {
 	  return -EINVAL;
 	if (user.suspended)
 	  return -ERR_USER_SUSPENDED;
-      } else {
-	/* try external authenticators (ldap for now) */
-	rgw::LDAPHelper* ldh = rgwlib.get_ldh(); /* !nullptr */
-	RGWToken token{from_base64(key.id)};
-	if (ldh->auth(token.id, token.key) == 0) {
-	  /* try to store user if it doesn't already exist */
-	  if (rgw_get_user_info_by_uid(store, token.id, user) < 0) {
-	    int ret = rgw_store_user_info(store, user, NULL, NULL, 0,
-					  true);
-	    if (ret < 0) {
-	      lsubdout(get_context(), rgw, 10)
-		<< "NOTICE: failed to store new user's info: ret=" << ret
-		<< dendl;
-	    }
-	  }
-	} /* auth success */
       }
       return ret;
-    } /* authorize */
+    }
 
     /* find or create an RGWFileHandle */
     LookupFHResult lookup_fh(RGWFileHandle* parent, const char *name,

diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc