cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <>
Subject RE: Status of LDAP/AD integration and CS4
Date Wed, 31 Oct 2012 22:22:24 GMT

If you need a quick fix, please look for a thread named "[REVIEW] MS LDAP Auth patch  - UI
CSS and Architecture help needed". Its about 10 lines of code to change  and can be easily
done in VI. If you get stuck - let me know.

Hugo posted a longterm fix in master branch, you can also try that if you are willing to go
through rebuild process.  I will try Hugo's patch after we settle with aftermath of hurricane


-----Original Message-----
From: Roland Kool [] 
Sent: Wednesday, October 31, 2012 8:03 AM
Subject: RE: Status of LDAP/AD integration and CS4

Hi All,

I'm also having issues getting LDAP authentication to work, but not against AD but OpenLDAP.
Simple binds to OpenLDAP require password submitted in plaintext.
I've tried to disable the md5Hash variables in sharedFunctions.js but that does not seem to
work. So when reading about the PlainTextUserAuthenicator I wanted to try that as well, but
when making the change in components.xml and restarting the management server, I get a class
not found exception on PlainTextUserAuthenticator.
When I checked the contents of cloud-server.jar there is indeed no such class. This is on
Open Source CloudStack 3.0.2. 
Any idea why this is missing?


Roland Kool | Sr. Systems Engineer | TomTom TechOps |

From: Suresh Sadhu []
Sent: Thursday, October 25, 2012 8:35 AM
Subject: RE: Status of LDAP/AD integration and CS4

Can you try this:(refer this bug:    CS-14680 CS and Ldap user validation can't happen simultaneously
due to current limitation)

Jessica Tomechak added a comment - 04/Oct/12 12:17 PM Additional information from Abhinandan
Both cloudstack and LDAP account should work. In component.xml change this:

<adapter name="MD5" class=""/>


<adapter name="MD5" class=""/>

If not already done.



-----Original Message-----
From: Kelcey Damage (BBITS) []
Sent: 25 October 2012 03:19
Subject: RE: Status of LDAP/AD integration and CS4

This interests me greatly.

Infrastructure Systems Architect

address: 55 East 7th Ave, Vancouver, BC, V5T 1M4
tel: +1 604 713 8560 ext:114
fax: +1 604 605 0964
skype: kelcey.damage

-----Original Message-----
From: Musayev, Ilya []
Sent: Wednesday, October 24, 2012 2:36 PM
Subject: Status of LDAP/AD integration and CS4

In CS3.x, the Microsoft Active directory LDAP integration did not work because when password
was submitted on login page, the sharedFunctions.js file has md5hashedLogin set to true, which
in turn would encrypt user password as MD5  and then submit to management core to verify.
This auth method works fine for regular local auth and probably other LDAP servers but definitely
not with MS LDAP as it does not support MD5 hashed passwords as input.

Is it still the case with CS4 or has anything changed?

I wrote a fix for CS3.x and posted the solution on original/old bug tracker. I'm not certain
if I need to do the same fix for 4.0 or we have this addressed. I looked at sharedFunctions.js
file and it appears we are still doing the same thing. My AD login fails with invalid username
and password - because CS4 submits my password as MD5 hash.

As always, your feedback is appreciated.


View raw message