Hi Ian, The issue has been promptly resolved and now I have access to it. Will follow up with more details on your proposal.
Thank you, -abhi On 06/05/13 7:28 PM, "Ian Duffy" <i...@ianduffy.ie> wrote: >Hi Abhinandan, > >It should be there. I have it marked as public so the following link >should >work as well: > >https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/im >duffy15/1 > >Thanks! >Ian > >On 6 May 2013 12:32, Abhinandan Prateek <agneya2...@hotmail.com> wrote: > >> I am unable to see the proposal in melange website. Am I missing >>something >> ? >> >> -abhi >> >> On 04/05/13 6:56 PM, "Sebastien Goasguen" <run...@gmail.com> wrote: >> >> >Ian thanks a lot for your proposal and submission. >> > >> >This project has been proposed by Abhinandan Prateek, so I am copying >>him >> >in this email so he can comment. >> > >> >@Abhi, you need to access the google melange site and find Ian's >>proposal >> > >> >-Sebastien >> > >> >On May 3, 2013, at 12:40 PM, Ian Duffy <i...@ianduffy.ie> wrote: >> > >> >> Hi, >> >> >> >> Sorry just noticed that the attachment appeared to have got stripped, >> >>here >> >> is the contents of the PDF. Alternatively I have uploaded it here: >> >> http://ianduffy.ie/Cloudstack-LDAP.pdf >> >> >> >> *Apache Cloudstack Google Summer of Code Project: LDAP user >> >>provisioning* >> >> >> >> >> >> Need to automate the way the LDAP users are provisioned into cloud >> >>stack. >> >> This will mean better integration with a LDAP server, ability to >>import >> >> users and a way to define how the LDAP user maps to the cloudstack >> >>users. >> >> >> >> >> >> Abstract >> >> >> >> >> >> >> >> The aim of this project is to provide an easier mechanism to >>provision >> >> users from LDAP into cloudstack. Currently cloudstack provides >> >> authentication LDAP authentication. In this authentication users >>must >> >>be >> >> first setup in cloudstack. Once the user is setup in cloudstack they >> >>can >> >> authenticate using their ldap username and password. >> >> >> >> >> >> >> >> This feature aims to extend the current functionality to make user >>setup >> >> align with LDAP group. >> >> >> >> >> >> Deliverables >> >> >> >> ñ Service that retrieves a list of ldap users from the configured >>group >> >> >> >> ñ Extension of cloudstack UI ³Add User² screen to offer user list >>from >> >> LDAP >> >> >> >> ñ Add service for saving new user with details from LDAP >> >> >> >> ñ BDD unit and acceptance automated testing >> >> >> >> ñ Document change details >> >> >> >> >> >> Quantifiable results >> >> >> >> >> >> Given A need to add new user to cloudstack and LDAP is setup >> >> >> >> When >> >> >> >> You open the ³Add User² screen >> >> >> >> Then >> >> >> >> A table of users appears for the current list of users (not already >> >>created >> >> on cloudstack) from the LDAP group displaying their a checkbox, >> >>username, >> >> name and email address. The timezone dropdown will still be available >> >> beside each user. >> >> Given A need to add new user to cloudstack and LDAP is not setup >> >> >> >> When >> >> >> >> You open the ³Add User² screen >> >> >> >> Then >> >> >> >> The current add user screen and functionality is provided >> >> Given A need to add new user to cloudstack and LDAP is setup >> >> >> >> When >> >> >> >> You open the ³Add User² screen and mandatory information is missing >> >> >> >> Then >> >> >> >> These fields will be editable to enable you populate the name or >>email >> >> address >> >> >> >> >> >> Given A need to add new user to cloudstack, LDAP is setup but user >>is >> >>in >> >> the ldap query group >> >> >> >> When >> >> >> >> You open the ³Add User² screen >> >> >> >> Then >> >> >> >> There is a list of LDAP users displayed but your current user is >> >>present in >> >> the list >> >> Given A need to add new user to cloudstack, LDAP is setup but >>user >> >>is >> >> not in the query group >> >> >> >> When >> >> >> >> You open the ³Add User² screen >> >> >> >> Then >> >> >> >> There is a list of LDAP users displayed but your current user is not >>in >> >>the >> >> list >> >> Given You need to add group of new users to cloudstack >> >> >> >> When >> >> >> >> You open the ³Add User² screen, select the users and hit save >> >> >> >> Then >> >> >> >> The list of new users are saved to the database >> >> >> >> >> >> Given You need to add group of new users to cloudstack >> >> >> >> When >> >> >> >> You open the ³Add User² screen, select the users and hit save >> >> >> >> Then >> >> >> >> The list of new users are saved to the database >> >> >> >> >> >> Given You have created a new LDAP user on cloudstack >> >> >> >> When >> >> >> >> The user authenticates against cloudstack with the right credentials >> >> >> >> Then >> >> >> >> They are authorised in cloudstack >> >> Given A user wants to edit an LDAP user >> >> >> >> When >> >> >> >> They open the Edit User screen >> >> >> >> Then >> >> >> >> The password fields are disabled and cannot be changed >> >> The design document *Ldap User List Service* >> >> >> >> >> >> >> >> *name*: ldapUserList >> >> >> >> *responseObject*: LDAPUserResponse {username, email, name} >> >> >> >> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no >> >> option provided) >> >> >> >> >> >> >> >> Create a new API service call for retreiving the list of users from >> >>LDAP. >> >> This will call a new ConfigurationService which will retrieve the >>list >> >>of >> >> users using the configured search base and the query filter. The >>list >> >>may >> >> be filtered in the ConfigurationService based on listType parameter. >> >> >> >> >> >> >> >> *Ldap Available Service* >> >> >> >> >> >> >> >> *name*: ldapAvailable >> >> >> >> *responseObject*: LDAPAvailableResponse {available:boolean} >> >> >> >> >> >> >> >> Create a new API service call verifying LDAP is setup correctly >> >>verifying >> >> the following configuration elements are all set: >> >> >> >> ñ ldap.hostname >> >> >> >> ñ ldap.port >> >> >> >> ñ ldap.usessl >> >> >> >> ñ ldap.queryfilter >> >> >> >> ñ ldap.searchbase >> >> >> >> ñ ldap.dn >> >> >> >> ñ ldap.password >> >> >> >> >> >> >> >> The verification that all of these are set will return an available >> >>boolean >> >> true. If required this could perform a status check against LDAP >>first >> >>and >> >> provide warning if it fails. >> >> >> >> >> >> *Ldap Save Users Service* >> >> >> >> >> >> >> >> *name*: ldapSaveUsers >> >> >> >> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>} >> >> >> >> *parameter*: list of users >> >> >> >> >> >> >> >> Saves the list of objects instead. Following the functionality in >> >> CreateUserCmd it will >> >> >> >> ñ Create the user via the account service >> >> >> >> ñ Handle the response >> >> >> >> >> >> >> >> It will be decided whether a transation should remain over whole >>save or >> >> only over individual users. A list of UserResponse will be returned. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *Extension of cloudstack UI ³Add User² screen * >> >> >> >> >> >> >> >> Extend account.js to enable it add a user list with editable fields >> >>where >> >> required. The new ³Add User² screen for LDAP setup. >> >> >> >> ñ This will make an ajax call to the ldapAvailable, ldapUserList and >> >> ldapSaveUsers services >> >> >> >> ñ Validation will be maintained on username, email, firstname and >> >>lastname >> >> >> >> >> >> >> >> *Extension of cloudstack UI ³Edit User² screen * >> >> >> >> >> >> >> >> Extend account.js to disable the password fields on the edit user >> >>screen if >> >> LDAP available. >> >> >> >> ñ This will make an ajax call to the ldapAvailable and updateUser >> >>services >> >> >> >> ñ Validation will be maintained on username, email, firstname and >> >> lastname. Additional server validation will ensure password has not >> >> changed. >> >> >> >> >> >> >> >> >> >> Approach >> >> >> >> >> >> >> >> To get started a development cloudstack environment with DevCloud >>used >> >>to >> >> verify changes. Then once the schedule agreed with the mentor the >> >> deliverables will be broken into smaller User stories with expected >> >> delivery dates set. The development cycle will focus on BDD >>enforcing >> >>all >> >> unit and acceptance tests written first. >> >> >> >> >> >> >> >> A build pipe line for continious delivery environment around >>cloudstack >> >> here will be created, the following stages will be adopted >> >> >> >> >> >> >> >> *Stage* >> >> >> >> *Action* >> >> >> >> Commit >> >> >> >> Runs unit tests >> >> >> >> Sonar >> >> >> >> Runs code quality metrics >> >> >> >> Acceptance >> >> >> >> Deploys the dev cloud and runs all acceptance tests >> >> >> >> Deployment >> >> >> >> Deploy a new management server using Chef >> >> >> >> >> >> >> >> >> >> About Me >> >> >> >> >> >> >> >> I am a Computer Science Student at Dublin City University in >>Ireland. I >> >> have interests in virtualization, automation, information systems, >> >> networking and web development. >> >> >> >> >> >> >> >> I was involved with a project in a K-12(educational) environment of >> >>moving >> >> their server systems over to a virtualized environment on ESXi. I >>have >> >> good knowledge of programming in Java, PHP and Scripting langages. >> >>During >> >> the configuration of an automation system for OS deployment I >> >>experienced >> >> some exposure to scripting in powershell, batch, vbs and bash and >> >> configuration of PXE images based of WinPE and Debian. >> >> >> >> Additionally I am also a mentor in an opensource teaching movement >> >>called >> >> CoderDojo, we teach kids from the age of 8 everything from web page, >> >>HTML 5 >> >> game and raspberry pi development. >> >> >> >> >> >> >> >> I¹m excited at the opportunity and learning experience that >>cloudstack >> >>are >> >> offering with this project. >> >> >> >> >> >> References >> >> >> >> >> >> >> >> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html >> >> >> >> ñ >> >> >> >> >> >>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi >> >>n_Guide/ >> >> >> >> ñ >> >> >> >> >> >>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_ >> >>Developers_Guide/index.html >> >> >> >> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014 >> >> >> >> ñ >> >> >> >> >> >>http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ >> >>er-of-code >> >> >> >> ñ >> >> >> >> >> >>http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta >> >>ck-v401.html >> >> >> >> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html >> >> >> >> ñ >> >> >> >>http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html >> >> >> >> >> >> >> >> >> >> >> >> >> >> On 3 May 2013 17:35, Ian Duffy <i...@ianduffy.ie> wrote: >> >> >> >>> Hi, >> >>> >> >>> I was wondering If I could get some feedback on the attached file >> >>>labeled >> >>> "Cloudstack-LDAP.pdf". It outlines a design document for the project >> >>> labeled "LDAP user provisioning" >> >>> >> >>> From my current understanding of the single sign on mechanism >> >>>implemented >> >>> in cloudstack a LDAP user must be created manually within the >> >>>cloudstack >> >>> database. Would it be preferred to: >> >>> >> >>> A) Create a service that polls LDAP every so often to check for new >> >>>user >> >>> creation. >> >>> or >> >>> B) Extend the login page to check LDAP after failing to find a user >> >>>within >> >>> the cloudstack database. On success of finding a user in LDAP a >>profile >> >>> would automatically be created within the cloudstack database. >> >>> >> >>> Kind regards, >> >>> Ian >> >>> >> > >> > >> >> >>
