Pranav, I think we also need to modify the account/user creation a bit so that we can create accounts that will be validated external to cloudstack. I think a checkbox in account create dialog that says that these accounts are external and then disable the password field would be great.
-abhi On 15/02/13 9:20 PM, "Pranav Saxena" <[email protected]> wrote: >Abhi , > >I have completed the server side and front end integration for the LDAP >requirement . I have done a basic sanity testing and the API call goes >successfully and returns an incorrect response since the LDAP isn't >configured on my machine .Also , for listing the LDAP configuration in >the list View ,you would need to provide me with the list API call. >Currently the entire code is in my feature branch and we'll integrate it >with asf/master once the feature is perfectly tested. > >I would request someone who could configure LDAP server and test out the >functionality . > >Thanks, >Pranav > >-----Original Message----- >From: Abhinandan Prateek >Sent: Friday, February 15, 2013 7:54 PM >To: Pranav Saxena >Cc: [email protected] >Subject: Re: [ACS4.2] LDAP UI > >Yep, it's not there will add one. > >-abhi > > > >On 15-Feb-2013, at 7:36 PM, "Pranav Saxena" <[email protected]> >wrote: > >> Abhi , >> >> Just wanted to check with you if we have a list LDAP configuration API >>call in CS ? Because I would need this to list the current LDAP >>configuration on the UI , if it exists . >> >> Regards, >> Pranav >> >> -----Original Message----- >> From: Abhinandan Prateek [mailto:[email protected]] >> Sent: Thursday, February 14, 2013 12:27 PM >> To: [email protected] >> Subject: Re: [ACS4.2] LDAP UI >> >> >> On 14/02/13 11:30 AM, "David Nalley" <[email protected]> wrote: >> >>> On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena >>> <[email protected]> wrote: >>>> To configure LDAP , we need to pass in few multiple mandatory >>>> parameters - >>>> >>>> hostname Hostname or ip address of the ldap server eg: >>>> my.ldap.com >>>> queryfilter You specify a query filter here, which narrows down >>>>the >>>> users, who can be part of this domain. >>>> searchbase The search base defines the starting point for the >>>> search in the directory tree >>>> >>>> If you are referring to Global settings , that can be done but then >>>> we'll have to have three Ldap config parameters there . if that is a >>>> good design to handle this , then yes we can do that. Perhaps , the >>>> idea is to have a single dialog box where a user could supply three >>>> values and configure and debug them if something goes wrong. >>> >>> >>> Those are the mandatory API inputs for CloudStack. >>> But almost all environments will require username/password for >>> binding at a minimum, and you should probably, and prolly offer the >>> SSL option as well. Port should probably be an option too. >>> >>> Without at least bind creds, the API configuration is practically >>> useless on any modern LDAP server. >>> >>> --David >> >> The admin guide documents the LDAP API. SSL is supported. >> http://incubator.apache.org/cloudstack/docs/en-US/Apache_CloudStack/4. >> 0.0-i >> ncubating/pdf/Admin_Guide/Apache_CloudStack-4.0.0-incubating-Admin_Gui >> de-en >> -US.pdf >> >> Look for LDAP configuration. In short you have following config params: >> >> hostname >> searchbase >> queryfilter >> binddn >> bindpass >> port >> ssl >> truststore >> truststorepass >> response >> >> >> >> -abhi >> >> >> >>> >>
