cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Smart <msm...@smartsoftwareinc.com>
Subject Re: VR VPN + LDAP access
Date Fri, 05 Aug 2016 18:39:08 GMT
Abhi,

What we want is to add LDAP support to openswan (ppp plugin maybe?) on 
the VR so that users can be authenticated and authorized via our ldap 
server. I have been digging through the code and familiarizing myself 
with it. Should I move this conversation to the dev list before I get 
into the use case I am working on?

Thanks,

Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501

Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com

On 08/05/2016 04:17 AM, Abhinandan Prateek wrote:
> Hi Matthew,
>
>    What is the use case to add ldap (server ?) to VR ?
>
> The system vms are stateless and any support needs to be build into system vm template
which as you rightly pointed out, is debian based.
>
> The way to get started on this is to first familiarise yourself with the process of building
system vm templates. (In tools/appliance )
> And next step will be to figure out how you can send configuration information from management
server to a VR. (You can check how firewall rules are configured etc)
>
> -abhi
>
>
>
>
> abhinandan.prateek@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>    
>   
>
> On 04/08/16, 11:36 PM, "Matthew Smart" <msmart@smartsoftwareinc.com> wrote:
>
>> Guys,
>>
>> Thanks for the info. My next step is to engage the dev mailing list to
>> see if there is any interest in my team contributing to add ldap or
>> radius (not familiar with the available plugins for open/strong swan)
>> support to the VR. I assume the SAML support in cloudstack is for the UI
>> just like the LDAP support?
>>
>> In the meantime, I see two options that I want to run by you guys. The
>> first being creating a VM cluster in a special account that has access
>> to all of the isolated networks to use as a master VPN server.
>> Essentially, I would be replicate my current non-cloudstack setup as a
>> temporary solution. Given that I am more than qualified to manually
>> manipulate the api, db, and configs to associate this VM with all of the
>> isolated guest networks. Is this even possible?
>>
>> The other, less appealing option is to override the current VR VM with
>> one I have configured with the ppp ldap plugin and configs I would need
>> to support what I want to do. Obviously, I don't like the idea of
>> breaking my ability to upgrade the VR as new versions are released but I
>> think this is doable in that the VR looks to be just a Debian VM. If I
>> am careful I should be able to add my changes without breaking it... but
>> given my current knowledge of the VR and networking internals of
>> Cloudstack I could easily break something in some subtle way that does
>> not present until we are in production. Not ideal.
>>
>> What do you guys recommend as a course forward until we get a more
>> modular access/auth subsystem contributed to the project? I am so close
>> to having cloudstack do exactly what I want. It is 95% perfect for us. I
>> just need to figure out this other 5%.
>>
>> Thanks,
>>
>> Matthew Smart
>> President
>> Smart Software Solutions Inc.
>> 108 S Pierre St.
>> Pierre, SD 57501
>>
>> Phone: (605) 280-0383
>> Skype: msmart13
>> Email: msmart@smartsoftwareinc.com
>>
>> On 08/03/2016 12:48 AM, ilya wrote:
>>> VR VPN + LDAP access


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message