You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Francois Gaudreault <fg...@cloudops.com> on 2013/04/01 19:42:24 UTC
CloudStack and AD
Hi,
That might be a dumb question, but the documentation is not very verbose
about how the integration with AD works in CloudStack. I understand
that we need to use the API for doing that, but the exact flow is not
documented (or I didn't see it) (e.g do we need to create users in CS
first, and then run the API call, etc). Can someone explain what we need
to achieved or point us a wiki page with a (kinda) working howto?
Thanks!!
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: CloudStack and AD
Posted by Francois Gaudreault <fg...@cloudops.com>.
Actually I do :)
I ran the API call using our python script, I get a response, but I
don't see the settings in the Global Settings within the UI. Is this normal?
On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
> Thanks David! Francois - ping me if you have any questions. Apologies I
> haven't submitted to have the documentation updated.
>
>
> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>
>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>> <fg...@cloudops.com> wrote:
>>> Hi,
>>>
>>> That might be a dumb question, but the documentation is not very verbose
>>> about how the integration with AD works in CloudStack. I understand
>> that we
>>> need to use the API for doing that, but the exact flow is not documented
>> (or
>>> I didn't see it) (e.g do we need to create users in CS first, and then
>> run
>>> the API call, etc). Can someone explain what we need to achieved or
>> point us
>>> a wiki page with a (kinda) working howto?
>>>
>>> Thanks!!
>>>
>> Hi Francois:
>>
>> Check out Kirk's blog post here:
>>
>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
>>
>> If you are looking for something to automate the adding of users from
>> LDAP to ACS - check out the script in this blog post here:
>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>
>> --David
>>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: CloudStack and AD
Posted by Abhinandan Prateek <Ab...@citrix.com>.
You get this error if you ssl certificate is not created using java tools.
You don't have to import server certificate in the ire's cacert keystone,
but give the path to the truststore.
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.1-incubating/
html/Admin_Guide/LDAPserver-for-user-authentication.html
-abhi
On 03/04/13 6:57 PM, "Francois Gaudreault" <fg...@cloudops.com>
wrote:
>Sorry to bother again :)
>
>Did you ever make LDAP work using SSL? While working fine using
>plaintext, I keep getting 431 errors when I try to use SSL even if we
>specify the truststore location. Something like :
>
>/Caused by: java.security.InvalidAlgorithmParameterException: the
>trustAnchors parameter must be non-empty/
>
>I read that this can also be related to OpenJDK 7. Anyone has an idea
>how to fix this (without importing the server certificates in the
>default JRE cacert keystore)?
>
>Thanks!
>
>On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
>> Thanks David! Francois - ping me if you have any questions. Apologies I
>> haven't submitted to have the documentation updated.
>>
>>
>> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>>
>>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>>> <fg...@cloudops.com> wrote:
>>>> Hi,
>>>>
>>>> That might be a dumb question, but the documentation is not very
>>>>verbose
>>>> about how the integration with AD works in CloudStack. I understand
>>> that we
>>>> need to use the API for doing that, but the exact flow is not
>>>>documented
>>> (or
>>>> I didn't see it) (e.g do we need to create users in CS first, and then
>>> run
>>>> the API call, etc). Can someone explain what we need to achieved or
>>> point us
>>>> a wiki page with a (kinda) working howto?
>>>>
>>>> Thanks!!
>>>>
>>> Hi Francois:
>>>
>>> Check out Kirk's blog post here:
>>>
>>>
>>>http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstac
>>>k-v401.html
>>>
>>> If you are looking for something to automate the adding of users from
>>> LDAP to ACS - check out the script in this blog post here:
>>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>>
>>> --David
>>>
>>
>>
>
>
>--
>Francois Gaudreault
>Architecte de Solution Cloud | Cloud Solutions Architect
>fgaudreault@cloudops.com
>514-629-6775
>- - -
>CloudOps
>420 rue Guy
>Montréal QC H3J 1S6
>www.cloudops.com
>@CloudOps_
>
Re: CloudStack and AD
Posted by Francois Gaudreault <fg...@cloudops.com>.
Sorry to bother again :)
Did you ever make LDAP work using SSL? While working fine using
plaintext, I keep getting 431 errors when I try to use SSL even if we
specify the truststore location. Something like :
/Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty/
I read that this can also be related to OpenJDK 7. Anyone has an idea
how to fix this (without importing the server certificates in the
default JRE cacert keystore)?
Thanks!
On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
> Thanks David! Francois - ping me if you have any questions. Apologies I
> haven't submitted to have the documentation updated.
>
>
> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>
>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>> <fg...@cloudops.com> wrote:
>>> Hi,
>>>
>>> That might be a dumb question, but the documentation is not very verbose
>>> about how the integration with AD works in CloudStack. I understand
>> that we
>>> need to use the API for doing that, but the exact flow is not documented
>> (or
>>> I didn't see it) (e.g do we need to create users in CS first, and then
>> run
>>> the API call, etc). Can someone explain what we need to achieved or
>> point us
>>> a wiki page with a (kinda) working howto?
>>>
>>> Thanks!!
>>>
>> Hi Francois:
>>
>> Check out Kirk's blog post here:
>>
>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
>>
>> If you are looking for something to automate the adding of users from
>> LDAP to ACS - check out the script in this blog post here:
>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>
>> --David
>>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
RE: CloudStack and AD
Posted by "Musayev, Ilya" <im...@webmd.net>.
There are several,
Take a look here, I think you can cherry-pick them if code base has not diverged much.
https://git-wip-us.apache.org/repos/asf?p=cloudstack.git&a=search&h=HEAD&st=commit&s=LDAP
-----Original Message-----
From: Francois Gaudreault [mailto:fgaudreault@cloudops.com]
Sent: Monday, April 01, 2013 2:14 PM
To: Musayev, Ilya
Cc: users@cloudstack.apache.org; Kirk Jantzer
Subject: Re: CloudStack and AD
Interesting. Do you have the commit/s to cherry-pick around you?
Otherwise, I'll make a search.
Thanks!
On 2013-04-01 2:00 PM, Musayev, Ilya wrote:
> Francois,
>
> Tiny suggestion - you can pull in the patch from master that has this
> built into a gui, no need for API conifgs :)
>
> When I post CloudSand edition of CS publicly, it will have GUI integration as well.
>
> Regards
> ilya
>
> -----Original Message-----
> From: Francois Gaudreault [mailto:fgaudreault@cloudops.com]
> Sent: Monday, April 01, 2013 1:55 PM
> To: users@cloudstack.apache.org
> Cc: Kirk Jantzer
> Subject: Re: CloudStack and AD
>
> Will do if needed!
>
> Thanks for the pointer guys :) You just saved me a lot of time hehe ;)
>
> Francois
>
> On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
>> Thanks David! Francois - ping me if you have any questions. Apologies
>> I haven't submitted to have the documentation updated.
>>
>>
>> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>>
>>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>>> <fg...@cloudops.com> wrote:
>>>> Hi,
>>>>
>>>> That might be a dumb question, but the documentation is not very
>>>> verbose about how the integration with AD works in CloudStack. I
>>>> understand
>>> that we
>>>> need to use the API for doing that, but the exact flow is not
>>>> documented
>>> (or
>>>> I didn't see it) (e.g do we need to create users in CS first, and
>>>> then
>>> run
>>>> the API call, etc). Can someone explain what we need to achieved or
>>> point us
>>>> a wiki page with a (kinda) working howto?
>>>>
>>>> Thanks!!
>>>>
>>> Hi Francois:
>>>
>>> Check out Kirk's blog post here:
>>>
>>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloud
>>> s
>>> tack-v401.html
>>>
>>> If you are looking for something to automate the adding of users
>>> from LDAP to ACS - check out the script in this blog post here:
>>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>>
>>> --David
>>>
>>
>
> --
> Francois Gaudreault
> Architecte de Solution Cloud | Cloud Solutions Architect
> fgaudreault@cloudops.com
> 514-629-6775
> - - -
> CloudOps
> 420 rue Guy
> Montréal QC H3J 1S6
> www.cloudops.com
> @CloudOps_
>
>
>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: CloudStack and AD
Posted by Francois Gaudreault <fg...@cloudops.com>.
Interesting. Do you have the commit/s to cherry-pick around you?
Otherwise, I'll make a search.
Thanks!
On 2013-04-01 2:00 PM, Musayev, Ilya wrote:
> Francois,
>
> Tiny suggestion - you can pull in the patch from master that has this built into a gui, no need for API conifgs :)
>
> When I post CloudSand edition of CS publicly, it will have GUI integration as well.
>
> Regards
> ilya
>
> -----Original Message-----
> From: Francois Gaudreault [mailto:fgaudreault@cloudops.com]
> Sent: Monday, April 01, 2013 1:55 PM
> To: users@cloudstack.apache.org
> Cc: Kirk Jantzer
> Subject: Re: CloudStack and AD
>
> Will do if needed!
>
> Thanks for the pointer guys :) You just saved me a lot of time hehe ;)
>
> Francois
>
> On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
>> Thanks David! Francois - ping me if you have any questions. Apologies
>> I haven't submitted to have the documentation updated.
>>
>>
>> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>>
>>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>>> <fg...@cloudops.com> wrote:
>>>> Hi,
>>>>
>>>> That might be a dumb question, but the documentation is not very
>>>> verbose about how the integration with AD works in CloudStack. I
>>>> understand
>>> that we
>>>> need to use the API for doing that, but the exact flow is not
>>>> documented
>>> (or
>>>> I didn't see it) (e.g do we need to create users in CS first, and
>>>> then
>>> run
>>>> the API call, etc). Can someone explain what we need to achieved or
>>> point us
>>>> a wiki page with a (kinda) working howto?
>>>>
>>>> Thanks!!
>>>>
>>> Hi Francois:
>>>
>>> Check out Kirk's blog post here:
>>>
>>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-clouds
>>> tack-v401.html
>>>
>>> If you are looking for something to automate the adding of users from
>>> LDAP to ACS - check out the script in this blog post here:
>>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>>
>>> --David
>>>
>>
>
> --
> Francois Gaudreault
> Architecte de Solution Cloud | Cloud Solutions Architect fgaudreault@cloudops.com
> 514-629-6775
> - - -
> CloudOps
> 420 rue Guy
> Montréal QC H3J 1S6
> www.cloudops.com
> @CloudOps_
>
>
>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
RE: CloudStack and AD
Posted by "Musayev, Ilya" <im...@webmd.net>.
Francois,
Tiny suggestion - you can pull in the patch from master that has this built into a gui, no need for API conifgs :)
When I post CloudSand edition of CS publicly, it will have GUI integration as well.
Regards
ilya
-----Original Message-----
From: Francois Gaudreault [mailto:fgaudreault@cloudops.com]
Sent: Monday, April 01, 2013 1:55 PM
To: users@cloudstack.apache.org
Cc: Kirk Jantzer
Subject: Re: CloudStack and AD
Will do if needed!
Thanks for the pointer guys :) You just saved me a lot of time hehe ;)
Francois
On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
> Thanks David! Francois - ping me if you have any questions. Apologies
> I haven't submitted to have the documentation updated.
>
>
> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>
>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>> <fg...@cloudops.com> wrote:
>>> Hi,
>>>
>>> That might be a dumb question, but the documentation is not very
>>> verbose about how the integration with AD works in CloudStack. I
>>> understand
>> that we
>>> need to use the API for doing that, but the exact flow is not
>>> documented
>> (or
>>> I didn't see it) (e.g do we need to create users in CS first, and
>>> then
>> run
>>> the API call, etc). Can someone explain what we need to achieved or
>> point us
>>> a wiki page with a (kinda) working howto?
>>>
>>> Thanks!!
>>>
>> Hi Francois:
>>
>> Check out Kirk's blog post here:
>>
>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-clouds
>> tack-v401.html
>>
>> If you are looking for something to automate the adding of users from
>> LDAP to ACS - check out the script in this blog post here:
>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>
>> --David
>>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: CloudStack and AD
Posted by Francois Gaudreault <fg...@cloudops.com>.
Will do if needed!
Thanks for the pointer guys :) You just saved me a lot of time hehe ;)
Francois
On 2013-04-01 1:49 PM, Kirk Jantzer wrote:
> Thanks David! Francois - ping me if you have any questions. Apologies I
> haven't submitted to have the documentation updated.
>
>
> On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
>
>> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
>> <fg...@cloudops.com> wrote:
>>> Hi,
>>>
>>> That might be a dumb question, but the documentation is not very verbose
>>> about how the integration with AD works in CloudStack. I understand
>> that we
>>> need to use the API for doing that, but the exact flow is not documented
>> (or
>>> I didn't see it) (e.g do we need to create users in CS first, and then
>> run
>>> the API call, etc). Can someone explain what we need to achieved or
>> point us
>>> a wiki page with a (kinda) working howto?
>>>
>>> Thanks!!
>>>
>> Hi Francois:
>>
>> Check out Kirk's blog post here:
>>
>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
>>
>> If you are looking for something to automate the adding of users from
>> LDAP to ACS - check out the script in this blog post here:
>> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>>
>> --David
>>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: CloudStack and AD
Posted by Kirk Jantzer <ki...@gmail.com>.
Thanks David! Francois - ping me if you have any questions. Apologies I
haven't submitted to have the documentation updated.
On Mon, Apr 1, 2013 at 1:45 PM, David Nalley <da...@gnsa.us> wrote:
> On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
> <fg...@cloudops.com> wrote:
> > Hi,
> >
> > That might be a dumb question, but the documentation is not very verbose
> > about how the integration with AD works in CloudStack. I understand
> that we
> > need to use the API for doing that, but the exact flow is not documented
> (or
> > I didn't see it) (e.g do we need to create users in CS first, and then
> run
> > the API call, etc). Can someone explain what we need to achieved or
> point us
> > a wiki page with a (kinda) working howto?
> >
> > Thanks!!
> >
>
> Hi Francois:
>
> Check out Kirk's blog post here:
>
> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
>
> If you are looking for something to automate the adding of users from
> LDAP to ACS - check out the script in this blog post here:
> http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
>
> --David
>
--
Regards,
Kirk Jantzer
c: (678) 561-5475
Re: CloudStack and AD
Posted by David Nalley <da...@gnsa.us>.
On Mon, Apr 1, 2013 at 1:42 PM, Francois Gaudreault
<fg...@cloudops.com> wrote:
> Hi,
>
> That might be a dumb question, but the documentation is not very verbose
> about how the integration with AD works in CloudStack. I understand that we
> need to use the API for doing that, but the exact flow is not documented (or
> I didn't see it) (e.g do we need to create users in CS first, and then run
> the API call, etc). Can someone explain what we need to achieved or point us
> a wiki page with a (kinda) working howto?
>
> Thanks!!
>
Hi Francois:
Check out Kirk's blog post here:
http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
If you are looking for something to automate the adding of users from
LDAP to ACS - check out the script in this blog post here:
http://sysadminnotebook.blogspot.com/2012/03/cloudstack-ldap.html
--David