You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Ian Duffy <ia...@ianduffy.ie> on 2013/08/01 02:58:15 UTC
Re: [GSoC] (Screencast/Demo) LDAP user provisioning
Hi Ilya,
SSL is now done. Still need to do more testing on it but it appears to
be working.
> I want to backport this into my customized 4.1 cloudstack edition called cloudsand. CloudSand is a hybrid of > CloudStack stable version with some urgently needed features pulled from master to speed up cloudstack > adoption by enterprises. The work you do on LDAP will be a great addition!
Cool. I didn't realise you had the project on github until I seen your
earlier emails on another subject today, love what you have done with
it. I have forked your repo and added in the features to date along
with making modifications to the code where necessary to support 4.1.1
Enjoy: https://github.com/imduffy15/cloudsand
Will send you a merge request in [a|few] week(s).
Ian
On 31 July 2013 09:49, Ian Duffy <ia...@ianduffy.ie> wrote:
> Moving along faster than expected with this.
>
> The pending patches do the following:
>
> - Disable UI password changes when LDAP is enabled.
> - Disable API password changes when LDAP is enabled.
> - Add support for the memberof filter.
>
> Hope to get SSL done before the week is out.
>
> On 26 July 2013 18:39, Ian Duffy <ia...@ianduffy.ie> wrote:
>> Its all good :-) just don't want to make promises. Can't trust my home
>> internet at all.
>>
>> Cool will keep an eye out for it. I'd imagine it'd be fairly easy to
>> implement.
>>
>> On 26 Jul 2013 18:25, "Musayev, Ilya" <im...@webmd.net> wrote:
>>>
>>> I understand, I guess do the best you can, sorry you are losing office
>>> space, if would've have been in NYC, we could have helped you with it :)
>>>
>>> I've also sent an email asking for help with scheduled tasks, perhaps
>>> someone can respond.
>>>
>>> Regards
>>> ilya
>>>
>>> > -----Original Message-----
>>> > From: Ian Duffy [mailto:ian@ianduffy.ie]
>>> > Sent: Friday, July 26, 2013 1:10 PM
>>> > To: dev@cloudstack.apache.org
>>> > Subject: RE: [GSoC] (Screencast/Demo) LDAP user provisioning
>>> >
>>> > Hi llya,
>>> >
>>> > Apologies in advanced for lack of formatting, currently replying from
>>> > mobile.
>>> >
>>> > Those UI features are present in 4.2 under LDAP configuration within
>>> > global
>>> > settings as far as I am aware. They are buggy if I remember correctly.
>>> >
>>> > For deactivating users I haven't looked into it yet and have not sent
>>> > out an
>>> > email asking for help on creating a scheduled task. It is not included
>>> > within
>>> > the project proposal so I was leaving it as a 'if I have time at the
>>> > end' type of
>>> > thing. I lose office space and a decent internet connection come august
>>> > 20th
>>> > so I'm pushing to get all proposed features done before then.
>>> >
>>> > Check out 1:25 such messages exist.
>>> >
>>> > Yes has been tested against Apache DS, openldap and active directory.
>>> > I'm a
>>> > little worried about implementing a member of filter, I've yet to figure
>>> > out
>>> > how to enable that in openldap, active directory has it by default
>>> > thankfully.
>>> > You'll need to set your LDAP attributes for active directory within
>>> > global
>>> > settings, by default they are at POSIX compliant ones... So..
>>> > User object to user username to samAccountName.
>>> > On 26 Jul 2013 17:20, "Musayev, Ilya" <im...@webmd.net> wrote:
>>> >
>>> > > Ian
>>> > >
>>> > > Watched screencast and you did an amazing job! I want to backport this
>>> > > into my customized 4.1 cloudstack edition called cloudsand. CloudSand
>>> > > is a hybrid of CloudStack stable version with some urgently needed
>>> > > features pulled from master to speed up cloudstack adoption by
>>> > > enterprises. The work you do on LDAP will be a great addition!
>>> > >
>>> > > With that said, I have few questions:
>>> > >
>>> > > Back several months aqgo, I recall some work done on LDAP where a
>>> > > patch was introduced to configure LDAP through UI. Not in Global
>>> > > Settings like you did for basedn, but in separate window where you
>>> > > defined hostname and port. Would you know what happened to that?
>>> > > Where do you stand with scheduled task on checking which ldap users
>>> > > have been deactivated and deactivate them in CS as well?
>>> > > Also, it would be nice to mention "User XYZ could not be added due to
>>> > > missing email (or whatever else is missing)".
>>> > > Have you tried testing this on Windows AD, unfortunately, many
>>> > > enterprises use Microsoft Active Directory.
>>> > >
>>> > > Thank again for improving CloudStack,
>>> > >
>>> > > Regards
>>> > > -ilya
>>> > >
>>> > >
>>> > > > -----Original Message-----
>>> > > > From: Ian Duffy [mailto:ian@ianduffy.ie]
>>> > > > Sent: Friday, July 26, 2013 11:52 AM
>>> > > > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev
>>> > > > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning
>>> > > >
>>> > > > Hi Guys,
>>> > > >
>>> > > > The latest patch I uploaded to review board (
>>> > > > https://reviews.apache.org/r/12969/ ) brings the "LDAP user
>>> > > provisioning"
>>> > > > project to a "prototype" stage.
>>> > > >
>>> > > > If anybody wants to give feedback the ldapplugin branch should have
>>> > > > all features shown in the screencast once the above patch is
>>> > > > shipped.
>>> > > > Support still needs to be added for ldap over SSL, memberof filters
>>> > > > and
>>> > > only
>>> > > > show users that exist within ldap but not cloudstack on the add user
>>> > > screen.
>>> > > >
>>> > > > This includes:
>>> > > > - A new plugin for configuring ldap, authenticating against LDAP
>>> > > > and
>>> > > getting a
>>> > > > list of users from LDAP.
>>> > > > - Modified UI
>>> > > > - Global Settings - Global LDAP configuration options.
>>> > > > BaseDN,
>>> > > Bind
>>> > > > username, Bind password, etc.
>>> > > > - Global settings -> LDAP Configuration. Lets you add
>>> > > > multiple
>>> > > LDAP
>>> > > > servers for failover support.
>>> > > > - Accounts -> Add Account. Brings up a table of LDAP users,
>>> > > > lets
>>> > > you select
>>> > > > one to many LDAP users, set the same domain/network
>>> > > > domain/timezone/etc. for them and create them.
>>> > > >
>>> > > > Quick 2min screencast at
>>> > > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing off
>>> > these
>>> > > > additions.
>>> > > >
>>> > > > This screencast was created using the embedded LDAP server I added
>>> > > > in for the sake of integration tests. Its based of ApacheDS, and can
>>> > > > be started
>>> > > with
>>> > > >
>>> > > > mvn -pl plugins/user-authenticators/ldap ldap:run
>>> > > >
>>> > > > Thanks for all the help!
>>> > > > Ian
>>> > >
>>> > >
RE: [GSoC] (Screencast/Demo) LDAP user provisioning
Posted by "Musayev, Ilya" <im...@webmd.net>.
Ian,
Much appreciated,
Can't wait to put this into real world QA :)
Thanks
ilya
> -----Original Message-----
> From: Ian Duffy [mailto:ian@ianduffy.ie]
> Sent: Wednesday, July 31, 2013 8:58 PM
> To: Musayev, Ilya
> Cc: dev@cloudstack.apache.org
> Subject: Re: [GSoC] (Screencast/Demo) LDAP user provisioning
>
> Hi Ilya,
>
> SSL is now done. Still need to do more testing on it but it appears to be
> working.
>
> > I want to backport this into my customized 4.1 cloudstack edition called
> cloudsand. CloudSand is a hybrid of > CloudStack stable version with some
> urgently needed features pulled from master to speed up cloudstack >
> adoption by enterprises. The work you do on LDAP will be a great addition!
>
> Cool. I didn't realise you had the project on github until I seen your earlier
> emails on another subject today, love what you have done with it. I have
> forked your repo and added in the features to date along with making
> modifications to the code where necessary to support 4.1.1
>
> Enjoy: https://github.com/imduffy15/cloudsand
>
> Will send you a merge request in [a|few] week(s).
>
> Ian
>
> On 31 July 2013 09:49, Ian Duffy <ia...@ianduffy.ie> wrote:
> > Moving along faster than expected with this.
> >
> > The pending patches do the following:
> >
> > - Disable UI password changes when LDAP is enabled.
> > - Disable API password changes when LDAP is enabled.
> > - Add support for the memberof filter.
> >
> > Hope to get SSL done before the week is out.
> >
> > On 26 July 2013 18:39, Ian Duffy <ia...@ianduffy.ie> wrote:
> >> Its all good :-) just don't want to make promises. Can't trust my
> >> home internet at all.
> >>
> >> Cool will keep an eye out for it. I'd imagine it'd be fairly easy to
> >> implement.
> >>
> >> On 26 Jul 2013 18:25, "Musayev, Ilya" <im...@webmd.net> wrote:
> >>>
> >>> I understand, I guess do the best you can, sorry you are losing
> >>> office space, if would've have been in NYC, we could have helped you
> >>> with it :)
> >>>
> >>> I've also sent an email asking for help with scheduled tasks,
> >>> perhaps someone can respond.
> >>>
> >>> Regards
> >>> ilya
> >>>
> >>> > -----Original Message-----
> >>> > From: Ian Duffy [mailto:ian@ianduffy.ie]
> >>> > Sent: Friday, July 26, 2013 1:10 PM
> >>> > To: dev@cloudstack.apache.org
> >>> > Subject: RE: [GSoC] (Screencast/Demo) LDAP user provisioning
> >>> >
> >>> > Hi llya,
> >>> >
> >>> > Apologies in advanced for lack of formatting, currently replying
> >>> > from mobile.
> >>> >
> >>> > Those UI features are present in 4.2 under LDAP configuration
> >>> > within global settings as far as I am aware. They are buggy if I
> >>> > remember correctly.
> >>> >
> >>> > For deactivating users I haven't looked into it yet and have not
> >>> > sent out an email asking for help on creating a scheduled task. It
> >>> > is not included within the project proposal so I was leaving it as
> >>> > a 'if I have time at the end' type of thing. I lose office space
> >>> > and a decent internet connection come august 20th so I'm pushing
> >>> > to get all proposed features done before then.
> >>> >
> >>> > Check out 1:25 such messages exist.
> >>> >
> >>> > Yes has been tested against Apache DS, openldap and active directory.
> >>> > I'm a
> >>> > little worried about implementing a member of filter, I've yet to
> >>> > figure out how to enable that in openldap, active directory has it
> >>> > by default thankfully.
> >>> > You'll need to set your LDAP attributes for active directory
> >>> > within global settings, by default they are at POSIX compliant
> >>> > ones... So..
> >>> > User object to user username to samAccountName.
> >>> > On 26 Jul 2013 17:20, "Musayev, Ilya" <im...@webmd.net> wrote:
> >>> >
> >>> > > Ian
> >>> > >
> >>> > > Watched screencast and you did an amazing job! I want to
> >>> > > backport this into my customized 4.1 cloudstack edition called
> >>> > > cloudsand. CloudSand is a hybrid of CloudStack stable version
> >>> > > with some urgently needed features pulled from master to speed
> >>> > > up cloudstack adoption by enterprises. The work you do on LDAP will
> be a great addition!
> >>> > >
> >>> > > With that said, I have few questions:
> >>> > >
> >>> > > Back several months aqgo, I recall some work done on LDAP where
> >>> > > a patch was introduced to configure LDAP through UI. Not in
> >>> > > Global Settings like you did for basedn, but in separate window
> >>> > > where you defined hostname and port. Would you know what
> happened to that?
> >>> > > Where do you stand with scheduled task on checking which ldap
> >>> > > users have been deactivated and deactivate them in CS as well?
> >>> > > Also, it would be nice to mention "User XYZ could not be added
> >>> > > due to missing email (or whatever else is missing)".
> >>> > > Have you tried testing this on Windows AD, unfortunately, many
> >>> > > enterprises use Microsoft Active Directory.
> >>> > >
> >>> > > Thank again for improving CloudStack,
> >>> > >
> >>> > > Regards
> >>> > > -ilya
> >>> > >
> >>> > >
> >>> > > > -----Original Message-----
> >>> > > > From: Ian Duffy [mailto:ian@ianduffy.ie]
> >>> > > > Sent: Friday, July 26, 2013 11:52 AM
> >>> > > > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev
> >>> > > > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning
> >>> > > >
> >>> > > > Hi Guys,
> >>> > > >
> >>> > > > The latest patch I uploaded to review board (
> >>> > > > https://reviews.apache.org/r/12969/ ) brings the "LDAP user
> >>> > > provisioning"
> >>> > > > project to a "prototype" stage.
> >>> > > >
> >>> > > > If anybody wants to give feedback the ldapplugin branch should
> >>> > > > have all features shown in the screencast once the above patch
> >>> > > > is shipped.
> >>> > > > Support still needs to be added for ldap over SSL, memberof
> >>> > > > filters and
> >>> > > only
> >>> > > > show users that exist within ldap but not cloudstack on the
> >>> > > > add user
> >>> > > screen.
> >>> > > >
> >>> > > > This includes:
> >>> > > > - A new plugin for configuring ldap, authenticating against
> >>> > > > LDAP and
> >>> > > getting a
> >>> > > > list of users from LDAP.
> >>> > > > - Modified UI
> >>> > > > - Global Settings - Global LDAP configuration options.
> >>> > > > BaseDN,
> >>> > > Bind
> >>> > > > username, Bind password, etc.
> >>> > > > - Global settings -> LDAP Configuration. Lets you add
> >>> > > > multiple
> >>> > > LDAP
> >>> > > > servers for failover support.
> >>> > > > - Accounts -> Add Account. Brings up a table of LDAP
> >>> > > > users, lets
> >>> > > you select
> >>> > > > one to many LDAP users, set the same domain/network
> >>> > > > domain/timezone/etc. for them and create them.
> >>> > > >
> >>> > > > Quick 2min screencast at
> >>> > > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing
> off
> >>> > these
> >>> > > > additions.
> >>> > > >
> >>> > > > This screencast was created using the embedded LDAP server I
> >>> > > > added in for the sake of integration tests. Its based of
> >>> > > > ApacheDS, and can be started
> >>> > > with
> >>> > > >
> >>> > > > mvn -pl plugins/user-authenticators/ldap ldap:run
> >>> > > >
> >>> > > > Thanks for all the help!
> >>> > > > Ian
> >>> > >
> >>> > >