Hi Ilya, SSL is now done. Still need to do more testing on it but it appears to be working.
> I want to backport this into my customized 4.1 cloudstack edition called > cloudsand. CloudSand is a hybrid of > CloudStack stable version with some > urgently needed features pulled from master to speed up cloudstack > > adoption by enterprises. The work you do on LDAP will be a great addition! Cool. I didn't realise you had the project on github until I seen your earlier emails on another subject today, love what you have done with it. I have forked your repo and added in the features to date along with making modifications to the code where necessary to support 4.1.1 Enjoy: https://github.com/imduffy15/cloudsand Will send you a merge request in [a|few] week(s). Ian On 31 July 2013 09:49, Ian Duffy <i...@ianduffy.ie> wrote: > Moving along faster than expected with this. > > The pending patches do the following: > > - Disable UI password changes when LDAP is enabled. > - Disable API password changes when LDAP is enabled. > - Add support for the memberof filter. > > Hope to get SSL done before the week is out. > > On 26 July 2013 18:39, Ian Duffy <i...@ianduffy.ie> wrote: >> Its all good :-) just don't want to make promises. Can't trust my home >> internet at all. >> >> Cool will keep an eye out for it. I'd imagine it'd be fairly easy to >> implement. >> >> On 26 Jul 2013 18:25, "Musayev, Ilya" <imusa...@webmd.net> wrote: >>> >>> I understand, I guess do the best you can, sorry you are losing office >>> space, if would've have been in NYC, we could have helped you with it :) >>> >>> I've also sent an email asking for help with scheduled tasks, perhaps >>> someone can respond. >>> >>> Regards >>> ilya >>> >>> > -----Original Message----- >>> > From: Ian Duffy [mailto:i...@ianduffy.ie] >>> > Sent: Friday, July 26, 2013 1:10 PM >>> > To: dev@cloudstack.apache.org >>> > Subject: RE: [GSoC] (Screencast/Demo) LDAP user provisioning >>> > >>> > Hi llya, >>> > >>> > Apologies in advanced for lack of formatting, currently replying from >>> > mobile. >>> > >>> > Those UI features are present in 4.2 under LDAP configuration within >>> > global >>> > settings as far as I am aware. They are buggy if I remember correctly. >>> > >>> > For deactivating users I haven't looked into it yet and have not sent >>> > out an >>> > email asking for help on creating a scheduled task. It is not included >>> > within >>> > the project proposal so I was leaving it as a 'if I have time at the >>> > end' type of >>> > thing. I lose office space and a decent internet connection come august >>> > 20th >>> > so I'm pushing to get all proposed features done before then. >>> > >>> > Check out 1:25 such messages exist. >>> > >>> > Yes has been tested against Apache DS, openldap and active directory. >>> > I'm a >>> > little worried about implementing a member of filter, I've yet to figure >>> > out >>> > how to enable that in openldap, active directory has it by default >>> > thankfully. >>> > You'll need to set your LDAP attributes for active directory within >>> > global >>> > settings, by default they are at POSIX compliant ones... So.. >>> > User object to user username to samAccountName. >>> > On 26 Jul 2013 17:20, "Musayev, Ilya" <imusa...@webmd.net> wrote: >>> > >>> > > Ian >>> > > >>> > > Watched screencast and you did an amazing job! I want to backport this >>> > > into my customized 4.1 cloudstack edition called cloudsand. CloudSand >>> > > is a hybrid of CloudStack stable version with some urgently needed >>> > > features pulled from master to speed up cloudstack adoption by >>> > > enterprises. The work you do on LDAP will be a great addition! >>> > > >>> > > With that said, I have few questions: >>> > > >>> > > Back several months aqgo, I recall some work done on LDAP where a >>> > > patch was introduced to configure LDAP through UI. Not in Global >>> > > Settings like you did for basedn, but in separate window where you >>> > > defined hostname and port. Would you know what happened to that? >>> > > Where do you stand with scheduled task on checking which ldap users >>> > > have been deactivated and deactivate them in CS as well? >>> > > Also, it would be nice to mention "User XYZ could not be added due to >>> > > missing email (or whatever else is missing)". >>> > > Have you tried testing this on Windows AD, unfortunately, many >>> > > enterprises use Microsoft Active Directory. >>> > > >>> > > Thank again for improving CloudStack, >>> > > >>> > > Regards >>> > > -ilya >>> > > >>> > > >>> > > > -----Original Message----- >>> > > > From: Ian Duffy [mailto:i...@ianduffy.ie] >>> > > > Sent: Friday, July 26, 2013 11:52 AM >>> > > > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev >>> > > > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning >>> > > > >>> > > > Hi Guys, >>> > > > >>> > > > The latest patch I uploaded to review board ( >>> > > > https://reviews.apache.org/r/12969/ ) brings the "LDAP user >>> > > provisioning" >>> > > > project to a "prototype" stage. >>> > > > >>> > > > If anybody wants to give feedback the ldapplugin branch should have >>> > > > all features shown in the screencast once the above patch is >>> > > > shipped. >>> > > > Support still needs to be added for ldap over SSL, memberof filters >>> > > > and >>> > > only >>> > > > show users that exist within ldap but not cloudstack on the add user >>> > > screen. >>> > > > >>> > > > This includes: >>> > > > - A new plugin for configuring ldap, authenticating against LDAP >>> > > > and >>> > > getting a >>> > > > list of users from LDAP. >>> > > > - Modified UI >>> > > > - Global Settings - Global LDAP configuration options. >>> > > > BaseDN, >>> > > Bind >>> > > > username, Bind password, etc. >>> > > > - Global settings -> LDAP Configuration. Lets you add >>> > > > multiple >>> > > LDAP >>> > > > servers for failover support. >>> > > > - Accounts -> Add Account. Brings up a table of LDAP users, >>> > > > lets >>> > > you select >>> > > > one to many LDAP users, set the same domain/network >>> > > > domain/timezone/etc. for them and create them. >>> > > > >>> > > > Quick 2min screencast at >>> > > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing off >>> > these >>> > > > additions. >>> > > > >>> > > > This screencast was created using the embedded LDAP server I added >>> > > > in for the sake of integration tests. Its based of ApacheDS, and can >>> > > > be started >>> > > with >>> > > > >>> > > > mvn -pl plugins/user-authenticators/ldap ldap:run >>> > > > >>> > > > Thanks for all the help! >>> > > > Ian >>> > > >>> > >
