Guys,
Thanks for the info. My next step is to engage the dev mailing list to
see if there is any interest in my team contributing to add ldap or
radius (not familiar with the available plugins for open/strong swan)
support to the VR. I assume the SAML support in cloudstack is for the UI
just like the LDAP support?
In the meantime, I see two options that I want to run by you guys. The
first being creating a VM cluster in a special account that has access
to all of the isolated networks to use as a master VPN server.
Essentially, I would be replicate my current non-cloudstack setup as a
temporary solution. Given that I am more than qualified to manually
manipulate the api, db, and configs to associate this VM with all of the
isolated guest networks. Is this even possible?
The other, less appealing option is to override the current VR VM with
one I have configured with the ppp ldap plugin and configs I would need
to support what I want to do. Obviously, I don't like the idea of
breaking my ability to upgrade the VR as new versions are released but I
think this is doable in that the VR looks to be just a Debian VM. If I
am careful I should be able to add my changes without breaking it... but
given my current knowledge of the VR and networking internals of
Cloudstack I could easily break something in some subtle way that does
not present until we are in production. Not ideal.
What do you guys recommend as a course forward until we get a more
modular access/auth subsystem contributed to the project? I am so close
to having cloudstack do exactly what I want. It is 95% perfect for us. I
just need to figure out this other 5%.
Thanks,
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501
Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com
On 08/03/2016 12:48 AM, ilya wrote:
> VR VPN + LDAP access
|