cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <...@ianduffy.ie>
Subject RE: [GSoC] (Screencast/Demo) LDAP user provisioning
Date Fri, 26 Jul 2013 17:09:32 GMT
Hi llya,

Apologies in advanced for lack of formatting, currently replying from
mobile.

Those UI features are present in 4.2 under LDAP configuration within global
settings as far as I am aware. They are buggy if I remember correctly.

For deactivating users I haven't looked into it yet and have not sent out
an email asking for help on creating a scheduled task. It is not included
within the project proposal so I was leaving it as a 'if I have time at the
end' type of thing. I lose office space and a decent internet connection
come august 20th so I'm pushing to get all proposed features done before
then.

Check out 1:25 such messages exist.

Yes has been tested against Apache DS, openldap and active directory. I'm a
little worried about implementing a member of filter, I've yet to figure
out how to enable that in openldap, active directory has it by default
thankfully. You'll need to set your LDAP attributes for active directory
within global settings, by default they are at POSIX compliant ones... So..
User object to user username to samAccountName.
On 26 Jul 2013 17:20, "Musayev, Ilya" <imusayev@webmd.net> wrote:

> Ian
>
> Watched screencast and you did an amazing job! I want to backport this
> into my customized 4.1 cloudstack edition called cloudsand. CloudSand is a
> hybrid of CloudStack stable version with some urgently needed features
> pulled from master to speed up cloudstack adoption by enterprises. The work
> you do on LDAP will be a great addition!
>
> With that said, I have few questions:
>
> Back several months aqgo, I recall some work done on LDAP where a patch
> was introduced to configure LDAP through UI. Not in Global Settings like
> you did for basedn, but in separate window where you defined hostname and
> port. Would you know what happened to that?
> Where do you stand with scheduled task on checking which ldap users have
> been deactivated and deactivate them in CS as well?
> Also, it would be nice to mention "User XYZ could not be added due to
> missing email (or whatever else is missing)".
> Have you tried testing this on Windows AD, unfortunately, many enterprises
> use Microsoft Active Directory.
>
> Thank again for improving CloudStack,
>
> Regards
> -ilya
>
>
> > -----Original Message-----
> > From: Ian Duffy [mailto:ian@ianduffy.ie]
> > Sent: Friday, July 26, 2013 11:52 AM
> > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev
> > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning
> >
> > Hi Guys,
> >
> > The latest patch I uploaded to review board (
> > https://reviews.apache.org/r/12969/ ) brings the "LDAP user
> provisioning"
> > project to a "prototype" stage.
> >
> > If anybody wants to give feedback the ldapplugin branch should have all
> > features shown in the screencast once the above patch is shipped.
> > Support still needs to be added for ldap over SSL, memberof filters and
> only
> > show users that exist within ldap but not cloudstack on the add user
> screen.
> >
> > This includes:
> >  - A new plugin for configuring ldap, authenticating against LDAP and
> getting a
> > list of users from LDAP.
> >  - Modified UI
> >        - Global Settings - Global LDAP configuration options. BaseDN,
> Bind
> > username, Bind password, etc.
> >        - Global settings -> LDAP Configuration. Lets you add multiple
> LDAP
> > servers for failover support.
> >        - Accounts -> Add Account. Brings up a table of LDAP users, lets
> you select
> > one to many LDAP users, set the same domain/network
> > domain/timezone/etc. for them and create them.
> >
> > Quick 2min screencast at
> > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing off these
> > additions.
> >
> > This screencast was created using the embedded LDAP server I added in for
> > the sake of integration tests. Its based of ApacheDS, and can be started
> with
> >
> > mvn -pl plugins/user-authenticators/ldap ldap:run
> >
> > Thanks for all the help!
> > Ian
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message