incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pranav Saxena <pranav.sax...@citrix.com>
Subject RE: [ACS4.2] LDAP UI
Date Thu, 14 Feb 2013 06:53:16 GMT
Abhi,

I just completed the front end for configuring LDAP . You can see the screenshots attached
with this ticket - https://issues.apache.org/jira/browse/CLOUDSTACK-1271

Let me know if this looks ok to you . 


Regards,
Pranav
-----Original Message-----
From: Pranav Saxena [mailto:pranav.saxena@citrix.com] 
Sent: Thursday, February 14, 2013 11:39 AM
To: cloudstack-dev@incubator.apache.org
Cc: Musayev, Ilya
Subject: RE: [ACS4.2] LDAP UI

Sure David . That's right , with the default port for LDAP over SSL set to  636  and the default
port for the LDAP server being 389  , I guess . 

-----Original Message-----
From: David Nalley [mailto:david@gnsa.us]
Sent: Thursday, February 14, 2013 11:30 AM
To: cloudstack-dev@incubator.apache.org
Cc: Musayev, Ilya
Subject: Re: [ACS4.2] LDAP UI

On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena <pranav.saxena@citrix.com> wrote:
> To configure LDAP  , we need to pass in few multiple mandatory 
> parameters -
>
> hostname        Hostname or ip address of the ldap server eg: my.ldap.com
> queryfilter     You specify a query filter here, which narrows down the users, who can
be part of this domain.
> searchbase      The search base defines the starting point for the search in the directory
tree
>
> If you are referring to Global settings , that can be done but then we'll have to have
three Ldap config parameters there . if that is a good design to handle this , then yes we
can do that. Perhaps , the idea is to have a single dialog box where a user could supply three
values and configure and debug them if something goes wrong.


Those are the mandatory API inputs for CloudStack.
But almost all environments will require username/password for binding at a minimum, and you
should probably, and prolly offer the SSL option as well. Port should probably be an option
too.

Without at least bind creds, the API configuration is practically useless on any modern LDAP
server.

--David

Mime
View raw message