Bug Reference

CLOUDSTACK-4866

Branch

master, 4.3

Introduction

This will improve cloudstack LDAP integration by enabling import of LDAP users.

Current Scenario

Right now, LDAP users accounts are created in cloudstack manually and once added, the user will be able to login with LDAP username,password

Feature Specifications

Requirements

  1. Ability to add multiple LDAP servers.
    1. From the Global Settings -> Ldap Configuration page, multiple LDAP servers can be added by providing hostname, port
  2. Ability to Configure global LDAP params
    1. global LDAP params such as the basedn, password, etc. will be available in the global settings. filtering by ldap will list all the available options.
  3. Ability to import Users into LDAP based on some filtering/manual selection
    1. After LDAP integrations is enabled by following the above two steps, if you access Account->add Account a dialog will be displayed to selectively import LDAP users. Ability to filter by group name and import all the users within a group will be added in this dialog.

New APIs

Java Class

API call

Description

params

LdapUserSearchCmd

searchLdap

Searches LDAP based on the username attribute

  • query - username to search using
    it does the search like the mysql 'like' ie %username%

LdapListUsersCmd

listLdapUsers

Lists all LDAP Users

  • listType - if "all" returns all users else only non-cloudstack users

LdapAddConfigurationCmd

addLdapConfiguration

Add a new Ldap Configuration

  • hostname - Host name of the ldap server
  • port - port number

LdapDeleteConfigurationCmd

deleteLdapConfiguration

Remove an Ldap Configuration

  • hostname - the hostname of the configuration to delete

LdapListConfigurationCmd

listLdapConfigurations

Lists all LDAP configurations

  • hostname - Host name of the ldap server
  • port - port number

LdapCreateAccountCmd

ldapCreateAccount

Creates an account from an LDAP user

  • accountName - Creates the user under the specified account. If no account is specified, the username will be used as the account name.
  • accountType - Type of the account.  Specify 0 for user, 1 for root admin, and 2 for domain admin
  • domainId - Creates the user under the specified domain.
  • timezone - the timezone of the user
  • username - Unique username.
  • networkDomain - Network domain for the account's networks
  • details - details for account used to store specific parameters
  • accountUUID - Account UUID
  • userUUID - User UUID

LdapImportUsersCmd

importLdapUsers

Import LDAP users to cloudstack

  • timezone - the timezone for the imported users
  • accountType - Type of the account.  Specify 0 for user, 1 for root admin, and 2 for domain admin
  • details - details for account used to store specific parameters
  • group - Specifies the group name from which the ldap users are to be imported. If no group is specified, all the users will be imported.
  • domainId - Specifies the domain to which the ldap users are to be imported. If no domain is specified, a domain will created using group parameter. If the group is also not specified, a domain name based on the OU information will be created. If no OU hierarchy exists, will be defaulted to ROOT domain

References

Student Projects -> Ian Duffy -> LDAP Integration

  • No labels