You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Apache CloudStack Integration with LDAP

This approach is to introduce LDAP as the authentication system for CloudStack.
When seeing into the implementations of LDAP within an organization there are basically 2 approaches in which it is used

  1. A set of applications are authorized to create users. Here cloudstack is also given the authority to create users in LDAP.
  2. No applications are given write access to create users in LDAP, cloudstack in not given authority to create users in given LDAP but can read from it.

To get a generic implementation for handling both the cases in Cloudstack

In case Cloudstack is given access to create users into cloudstack
When a user is created in the Cloudstack, there are 2 cases in this context
If the user already exists in the LDAP provided then the user roles are defined in cloudstack and it acts as a registration process for cloudstack
Secondly, if the user is not present in LDAP then ldap plugin takes the info and converts it into the required format based on LDAP and creates a user into the LDAP user base and creates the required roles in cloudstack.

In case Cloudstack is not given access to create users in LDAP
In this case cloudstack does only user registration.
When a user is created in CloudStack the user existence is verified from LDAP and if the user exists then the user is registered to cloudstack.
If the user is not registered then an email is sent to the configured LDAP authority for user creation.

  • No labels