THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
The API changes required me to update the UI interface within Cloudstack. With the improved API implementation this was easier. The Global Settings -> Ldap Configuration page has support for multiple LDAP servers however it only requires a hostname and port. All "global" ldap settings are set within the global settings page.
Security Concerns
I have a few security concerns around the implementation of the security authenticators within Cloudstack. From testing I have done it seems to work on a fail over basessystem. That is:
User attempts to authenticate with a password, authentication attempts to happen against the internal Cloudstack database, it fails, it moves onto LDAP.
This raises a concern for me as it means if an LDAP user is deleted, . Initially the user will be given a randomly generated password within the Cloudstack database. However if they have changed their Cloudstack Passwordpassword they will still be able to login. Along with this they will be able to authenticate using their API keys. I believe this is a issue beyond the scope of this project but if somebody has advice to fix this I'm all ears. I do not plan to make it easy for a user to change their password. When LDAP is enabled i.e. listLdapConfiguration returns 1 or more results the UI will disable/change account ui features accordingly. That said they will be able to execute the API function of updateUser.
I do realise I could implement checks within the updateUser API command to disable the updating of passwords within the Cloudstack database when LDAP is enabled however I feel this is imposing on the codebase too much.
Plans for the future.
Look at UI features.
Overview
Content Tools
Apps