HPCC-15963 mechanism for providing "working" permissions

Currently LDAP OU created by HPCC are granted permission for Administrators
only. Therefore standing up a new LDAP, the admin is forced to log onto
the LDAP console and manually grant access to Authenticated Users for all of these
OU. This PR creates them with access granted to both Administrators and
Authenticated Users

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>

esp/services/ws_access/ws_accessService.cpp

@@ -1977,7 +1977,7 @@ bool Cws_accessEx::onResourceAdd(IEspContext &context, IEspResourceAddRequest &r
 
             ISecResource* r = rlist->addResource(namebuf.str());
             r->setDescription(req.getDescription());
-            secmgr->addResourcesEx(rtype, *usr, rlist, PT_ADMINISTRATORS_ONLY, req.getBasedn());
+            secmgr->addResourcesEx(rtype, *usr, rlist, PT_DEFAULT, req.getBasedn());
 
             if(str2type(req.getRtype()) == RT_FILE_SCOPE && newResources.ordinality())
             {

system/security/LdapSecurity/ldapconnection.cpp

@@ -1433,14 +1433,14 @@ public:
                 {
                 }
             }
-            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_DEFAULT), PT_ADMINISTRATORS_ONLY);
-            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_FILE_SCOPE), PT_ADMINISTRATORS_ONLY);
-            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_VIEW_SCOPE), PT_ADMINISTRATORS_ONLY);
-            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_WORKUNIT_SCOPE), PT_ADMINISTRATORS_ONLY);
-            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_SUDOERS), PT_ADMINISTRATORS_ONLY);
-
-            createLdapBasedn(NULL, m_ldapconfig->getUserBasedn(), PT_ADMINISTRATORS_ONLY);
-            createLdapBasedn(NULL, m_ldapconfig->getGroupBasedn(), PT_ADMINISTRATORS_ONLY);
+            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_DEFAULT), PT_DEFAULT);
+            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_FILE_SCOPE), PT_DEFAULT);
+            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_VIEW_SCOPE), PT_DEFAULT);
+            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_WORKUNIT_SCOPE), PT_DEFAULT);
+            createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_SUDOERS), PT_DEFAULT);
+
+            createLdapBasedn(NULL, m_ldapconfig->getUserBasedn(), PT_DEFAULT);
+            createLdapBasedn(NULL, m_ldapconfig->getGroupBasedn(), PT_DEFAULT);
             createdOU = true;
         }
     }
@@ -1458,7 +1458,7 @@ public:
     virtual void setResourceBasedn(const char* rbasedn, SecResourceType rtype)
     {
         m_ldapconfig->setResourceBasedn(rbasedn, rtype);
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(rtype), PT_ADMINISTRATORS_ONLY);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(rtype), PT_DEFAULT);
     }
 
     void calcPWExpiry(CDateTime &dt, unsigned len, char * val)
@@ -4499,7 +4499,7 @@ public:
         
         ISecUser* user = NULL;
         CLdapSecResource resource(newname);
-        addResource(rtype, *user, &resource, PT_ADMINISTRATORS_ONLY, basedn, sd.get(), false);
+        addResource(rtype, *user, &resource, PT_DEFAULT, basedn, sd.get(), false);
     }
 
     void normalizeDn(const char* dn, StringBuffer& ndn)

system/security/LdapSecurity/ldapsecurity.ipp

@@ -377,8 +377,8 @@ public:
     virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources);
     virtual bool addResources(ISecUser& sec_user, ISecResourceList * resources);
     virtual SecAccessFlags getAccessFlagsEx(SecResourceType rtype, ISecUser & user, const char * resourcename);
-    virtual bool addResourcesEx(SecResourceType rtype, ISecUser &user, ISecResourceList* resources, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn = NULL);
-    virtual bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn = NULL);
+    virtual bool addResourcesEx(SecResourceType rtype, ISecUser &user, ISecResourceList* resources, SecPermissionType ptype = PT_DEFAULT, const char* basedn = NULL);
+    virtual bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_DEFAULT, const char* basedn = NULL);
     virtual bool updateResources(ISecUser& sec_user, ISecResourceList * resources){return false;}
     virtual bool addUser(ISecUser & user);
     virtual ISecUser * lookupUser(unsigned uid);

system/security/test/ldapsecuritytest/ldapsecuritytest.cpp

@@ -350,7 +350,7 @@ int main(int argc, char* argv[])
             if(username != NULL && *username != '\0')
                 usr.setown(secmgr->createUser(username));
 
-            bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_ADMINISTRATORS_ONLY, NULL);
+            bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_DEFAULT, NULL);
             if(!ok)
                 printf("resource not added\n");
             else