THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
Design
Flowchart
DB Changes
ldap_
...
| id | 1 |
|---|---|
| hostname | localhost |
| port | 10389 |
| bind_principal | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net |
| bind_password | Passw0rd |
| email_attribute | |
| firstname_attribute | givenname |
| lastname_attribute | sn |
| group_object | group |
| group_user_uniquemember | member |
| truststore | |
| truststore_password | |
| user_object | user |
| username_attribute | sAMAccountName |
| search_group_principle | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net |
| basedn | dc=ccp,dc=example,dc=net |
| read_timeout | 1000 |
| request_page_size | 1000 |
ldap_trust_map
| id | 1 | 2 |
|---|---|---|
| type | GROUP | OU |
| name | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net |
| domain_id | 2 | 3 |
API Changes
...
Config changes
New configuration ldap.nested.groups.enable which can be either true or false. true indicates that the nested groups can be queried while false means only direct users are queried.
API Changes
...
- domainId - the domain which has to be linked
- type - OU/GROUP
- name - common name of group or OU
- admin - domain admin username in LDAP - optional
...
- return the domainId on success
- error message if its not successful
...
A new api to link ldap OU/domain with a CloudStack domain
...
- linkDomainToLdap - Admin only Api
...
- domainId - the domain which has to be linked
...
- type - OU/GROUP
...
- name - common name of group or OU
...
- accounttype - account type to be used while auto importing the accounts
...
- admin - domain admin username in LDAP - optional
...
- Response
...
- return the domainId, name, type, accountType on success (will also return accountid if account import of the user admin is successful)
...
- error message if its not successful
...
- Sample Api and response
...
...
- link domain and make rajanik admin
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accountid": "13",
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
...
...
- link domain and make rajanik admin - rajanik already exists in domain
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
...
}
...
- link domain
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP"
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
}
...
UI Changes
a pop to link ou/group to cloudstack
this should show list of domains in cloudstack and provide text fields for type, name, admin(optional) and on save call the connectDomainToLdap api
Testing
LDAP : Trust AD and Auto Import Test Plan
Open Issues
When a user is disabled in LDAP, authentication in CloudStack will fail immediately. But, he will disabled in CloudStack only when he tries to login.
References
https://technet.microsoft.com/en-us/library/cc977992.aspx
...
Overview
Content Tools
Apps