cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhinandan Prateek <abhinandan.prat...@shapeblue.com>
Subject Re: VR VPN + LDAP access
Date Fri, 05 Aug 2016 09:17:42 GMT
Hi Matthew,

  What is the use case to add ldap (server ?) to VR ? 

The system vms are stateless and any support needs to be build into system vm template which
as you rightly pointed out, is debian based.

The way to get started on this is to first familiarise yourself with the process of building
system vm templates. (In tools/appliance )
And next step will be to figure out how you can send configuration information from management
server to a VR. (You can check how firewall rules are configured etc)

-abhi




abhinandan.prateek@shapeblue.comĀ 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On 04/08/16, 11:36 PM, "Matthew Smart" <msmart@smartsoftwareinc.com> wrote:

>Guys,
>
>Thanks for the info. My next step is to engage the dev mailing list to 
>see if there is any interest in my team contributing to add ldap or 
>radius (not familiar with the available plugins for open/strong swan) 
>support to the VR. I assume the SAML support in cloudstack is for the UI 
>just like the LDAP support?
>
>In the meantime, I see two options that I want to run by you guys. The 
>first being creating a VM cluster in a special account that has access 
>to all of the isolated networks to use as a master VPN server. 
>Essentially, I would be replicate my current non-cloudstack setup as a 
>temporary solution. Given that I am more than qualified to manually 
>manipulate the api, db, and configs to associate this VM with all of the 
>isolated guest networks. Is this even possible?
>
>The other, less appealing option is to override the current VR VM with 
>one I have configured with the ppp ldap plugin and configs I would need 
>to support what I want to do. Obviously, I don't like the idea of 
>breaking my ability to upgrade the VR as new versions are released but I 
>think this is doable in that the VR looks to be just a Debian VM. If I 
>am careful I should be able to add my changes without breaking it... but 
>given my current knowledge of the VR and networking internals of 
>Cloudstack I could easily break something in some subtle way that does 
>not present until we are in production. Not ideal.
>
>What do you guys recommend as a course forward until we get a more 
>modular access/auth subsystem contributed to the project? I am so close 
>to having cloudstack do exactly what I want. It is 95% perfect for us. I 
>just need to figure out this other 5%.
>
>Thanks,
>
>Matthew Smart
>President
>Smart Software Solutions Inc.
>108 S Pierre St.
>Pierre, SD 57501
>
>Phone: (605) 280-0383
>Skype: msmart13
>Email: msmart@smartsoftwareinc.com
>
>On 08/03/2016 12:48 AM, ilya wrote:
>> VR VPN + LDAP access
>
Mime
View raw message