You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Yordan Kostov <Yo...@NSOGROUP.COM> on 2021/05/13 12:58:08 UTC
alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://imgur.com/K4fN2Ax
* Old https://imgur.com/WuAvq4N
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
RE: alternative Active directory config?
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
Hi David,
I added LDAP servers as well as some configuration in Global settings but nothing appeared after relogging to the system.
Reboot of management did not help either. This is on CS 4.15.
Any tips on how to verify LDAP is being connected properly? May be that is the cause?
Best regards,
Jordan
-----Original Message-----
From: David Jumani <Da...@shapeblue.com>
Sent: Monday, May 17, 2021 6:52 AM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
LDAP is enabled in the UI, it'll show up after you add an LDAP server under Configurations -> LDAP Configurations. Once you've added it log out and log back in again. You'll then be able to add LDAP users in the accounts section ________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 6:28 PM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!2jofJ4n37vUc_2DvJ48HQLuLnW7s4a1lzIpweetHQqz7GqaUMyyQoUrdSEzRCUhHqDCYuntS6Qas$
* Old https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!2jofJ4n37vUc_2DvJ48HQLuLnW7s4a1lzIpweetHQqz7GqaUMyyQoUrdSEzRCUhHqDCYuhaIU699$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
Re: alternative Active directory config?
Posted by David Jumani <Da...@shapeblue.com>.
Hi Yordan,
LDAP is enabled in the UI, it'll show up after you add an LDAP server under Configurations -> LDAP Configurations. Once you've added it log out and log back in again. You'll then be able to add LDAP users in the accounts section
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 6:28 PM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://imgur.com/K4fN2Ax
* Old https://imgur.com/WuAvq4N
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
RE: alternative Active directory config?
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
I figured it out.
Regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Wednesday, May 19, 2021 11:03 AM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Hey everyone,
Is there a CLI command that can query LDAP/active directory configuration?
For example to list all users that ACS see based on the current config?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Tuesday, May 18, 2021 3:52 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Hey everyone,
I do work on adding ldap to CS 4.15 through CLI but there is something I do not understand.
From this guide -> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html*using-an-ldap-server-for-user-authentication__;Iw!!A6UyJA!0Zv6ffRfmVx3Nf2cwDpJVh17jH9cC5Hvo2CIyFjRrN4RokV05GlJjNgHf1Mg2XcQ$
I do try to configure option 3 - autosync of user groups.
The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' type=GROUP
Here is the commands I use - cloudmonkey -d json ldap createaccount account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
Does the command require the username variable to exist ? Example from the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Thank you Nicolas,
I am on it!
Regards,
Jordan
-----Original Message-----
From: Nicolas Vazquez <Ni...@shapeblue.com>
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP accounts through the API. For example by installing CloudMonkey https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$ you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
* Old https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
<font size="2"><font color="#D8D8D8">11!</font>
<font size="2"><font color="#D8D8D8">11!</font>
RE: alternative Active directory config?
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
Hey everyone,
Is there a CLI command that can query LDAP/active directory configuration?
For example to list all users that ACS see based on the current config?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Tuesday, May 18, 2021 3:52 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Hey everyone,
I do work on adding ldap to CS 4.15 through CLI but there is something I do not understand.
From this guide -> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html*using-an-ldap-server-for-user-authentication__;Iw!!A6UyJA!0Zv6ffRfmVx3Nf2cwDpJVh17jH9cC5Hvo2CIyFjRrN4RokV05GlJjNgHf1Mg2XcQ$
I do try to configure option 3 - autosync of user groups.
The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' type=GROUP
Here is the commands I use - cloudmonkey -d json ldap createaccount account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
Does the command require the username variable to exist ? Example from the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Thank you Nicolas,
I am on it!
Regards,
Jordan
-----Original Message-----
From: Nicolas Vazquez <Ni...@shapeblue.com>
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP accounts through the API. For example by installing CloudMonkey https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$ you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
* Old https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
<font size="2"><font color="#D8D8D8">11!</font>
<font size="2"><font color="#D8D8D8">11!</font>
RE: alternative Active directory config?
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
Hey everyone,
I do work on adding ldap to CS 4.15 through CLI but there is something I do not understand.
From this guide -> http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html#using-an-ldap-server-for-user-authentication
I do try to configure option 3 - autosync of user groups.
The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' accounttype=0 domainid=$MAPPEDDOMAIN1 ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' type=GROUP
Here is the commands I use - cloudmonkey -d json ldap createaccount account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
Does the command require the username variable to exist ? Example from the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Thank you Nicolas,
I am on it!
Regards,
Jordan
-----Original Message-----
From: Nicolas Vazquez <Ni...@shapeblue.com>
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP accounts through the API. For example by installing CloudMonkey https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$ you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
* Old https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
<font size="2"><font color="#D8D8D8">11!</font>
RE: alternative Active directory config?
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
Thank you Nicolas,
I am on it!
Regards,
Jordan
-----Original Message-----
From: Nicolas Vazquez <Ni...@shapeblue.com>
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP accounts through the API. For example by installing CloudMonkey https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$ you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
* Old https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
Re: alternative Active directory config?
Posted by Nicolas Vazquez <Ni...@shapeblue.com>.
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP accounts through the API. For example by installing CloudMonkey https://github.com/apache/cloudstack-cloudmonkey/wiki you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <Yo...@NSOGROUP.COM>
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI or the old GUI, so after LDAP sources are pointed and global config is set there is no way to actually pin groups to accounts.
* New https://imgur.com/K4fN2Ax
* Old https://imgur.com/WuAvq4N
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan