add isPerson check to query for AD

[DaanHoogland]

Description

This PR fixes a situation where child OUs are returned as users on queries to AD ...

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[Copilot]

Pull Request Overview

Adds an explicit person-category filter to the AD search query to prevent Organizational Units (OUs) from being returned as users.

• Include (objectCategory=person) in the AD group search filter to restrict results to person objects.
• Update unit tests (nested groups enabled/disabled) to assert the new filter format.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java	Add (objectCategory=person) to the composite LDAP filter in generateADGroupSearchFilter.
plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/ADLdapUserManagerImplTest.java	Update expected filter strings in tests to include the person category filter.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

❌ Patch coverage is 29.62963% with 38 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.56%. Comparing base (b1851ba) to head (ac14522).

Files with missing lines	Patch %	Lines
...pache/cloudstack/ldap/OpenLdapUserManagerImpl.java	15.90%	37 Missing ⚠️
.../apache/cloudstack/ldap/ADLdapUserManagerImpl.java	90.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #11843   +/-   ##
=========================================
  Coverage     17.56%   17.56%           
- Complexity    15533    15534    +1     
=========================================
  Files          5909     5909           
  Lines        529013   528994   -19     
  Branches      64605    64601    -4     
=========================================
+ Hits          92912    92925   +13     
+ Misses       425652   425622   -30     
+ Partials      10449    10447    -2     

Flag	Coverage Δ
uitests	3.58% <ø> (ø)
unittests	18.63% <29.62%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15467

[DaanHoogland]

@blueorangutan test keepEnv

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-14694)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 56088 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11843-t14694-kvm-ol8.zip
Smoke tests completed. 149 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[blueorangutan]

[LL] Trillian Build Failed (tid-7153)

[blueorangutan]

[LL] Trillian Build Failed (tid-7154)

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15506

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Calling getUserMemberOfAttribute() statically on LdapConfiguration suggests this method was changed from instance to static. If this is an instance method being called statically, this will cause a compilation error. Verify that the method signature has been properly updated to be static, or revert to calling it on the _ldapConfiguration instance.

Suggested change

	return LdapConfiguration.getUserMemberOfAttribute(domainId);
	return _ldapConfiguration.getUserMemberOfAttribute(domainId);

[Copilot]

Removing IOException from the throws clause is a breaking change to the method signature. If any calling code explicitly catches IOException from this method, it will cause compilation errors. Verify that all callers have been updated accordingly, or consider whether this exception should remain for backward compatibility.

[Copilot]

This method should be marked with @Override annotation since it overrides the parent class method in OpenLdapUserManagerImpl. Adding the annotation makes the inheritance relationship explicit and allows the compiler to verify the override.

Suggested change

	@Override

[Pearl1594]

code LGTM.