On Thu, Feb 14, 2013 at 12:23:16PM +0530, Pranav Saxena wrote: > Abhi, > > I just completed the front end for configuring LDAP . You can see the > screenshots attached with this ticket - > https://issues.apache.org/jira/browse/CLOUDSTACK-1271 > > Let me know if this looks ok to you .
+1 looks good to me > > > Regards, > Pranav > -----Original Message----- > From: Pranav Saxena [mailto:pranav.sax...@citrix.com] > Sent: Thursday, February 14, 2013 11:39 AM > To: cloudstack-dev@incubator.apache.org > Cc: Musayev, Ilya > Subject: RE: [ACS4.2] LDAP UI > > Sure David . That's right , with the default port for LDAP over SSL set to > 636 and the default port for the LDAP server being 389 , I guess . > > -----Original Message----- > From: David Nalley [mailto:da...@gnsa.us] > Sent: Thursday, February 14, 2013 11:30 AM > To: cloudstack-dev@incubator.apache.org > Cc: Musayev, Ilya > Subject: Re: [ACS4.2] LDAP UI > > On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena <pranav.sax...@citrix.com> > wrote: > > To configure LDAP , we need to pass in few multiple mandatory > > parameters - > > > > hostname Hostname or ip address of the ldap server eg: my.ldap.com > > queryfilter You specify a query filter here, which narrows down the > > users, who can be part of this domain. > > searchbase The search base defines the starting point for the search > > in the directory tree > > > > If you are referring to Global settings , that can be done but then we'll > > have to have three Ldap config parameters there . if that is a good design > > to handle this , then yes we can do that. Perhaps , the idea is to have a > > single dialog box where a user could supply three values and configure and > > debug them if something goes wrong. > > > Those are the mandatory API inputs for CloudStack. > But almost all environments will require username/password for binding at a > minimum, and you should probably, and prolly offer the SSL option as well. > Port should probably be an option too. > > Without at least bind creds, the API configuration is practically useless on > any modern LDAP server. > > --David >
