You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Ian Duffy <ia...@ianduffy.ie> on 2013/05/03 18:35:28 UTC
[GSOC] LDAP User provisioning: Design document feedback
Hi,
I was wondering If I could get some feedback on the attached file labeled
"Cloudstack-LDAP.pdf". It outlines a design document for the project
labeled "LDAP user provisioning"
>From my current understanding of the single sign on mechanism implemented
in cloudstack a LDAP user must be created manually within the cloudstack
database. Would it be preferred to:
A) Create a service that polls LDAP every so often to check for new user
creation.
or
B) Extend the login page to check LDAP after failing to find a user within
the cloudstack database. On success of finding a user in LDAP a profile
would automatically be created within the cloudstack database.
Kind regards,
Ian
RE: [GSOC] LDAP User provisioning: Design document feedback
Posted by "Musayev, Ilya" <im...@webmd.net>.
Ian,
If you are implementing this logic, it would be awesome.
Keep in mind besides LDAP, these is also somewhat LDAP compatible Miscrosoft AD, please test against it as well.
Whenever you have a code, you need to test, I can gladly help.
Regards
ilya
> -----Original Message-----
> From: Ian Duffy [mailto:ian@ianduffy.ie]
> Sent: Friday, May 03, 2013 12:41 PM
> To: dev@cloudstack.apache.org
> Subject: Re: [GSOC] LDAP User provisioning: Design document feedback
>
> Hi,
>
> Sorry just noticed that the attachment appeared to have got stripped, here is
> the contents of the PDF. Alternatively I have uploaded it here:
> http://ianduffy.ie/Cloudstack-LDAP.pdf
>
> *Apache Cloudstack Google Summer of Code Project: LDAP user
> provisioning*
>
>
> Need to automate the way the LDAP users are provisioned into cloud stack.
> This will mean better integration with a LDAP server, ability to import users
> and a way to define how the LDAP user maps to the cloudstack users.
>
>
> Abstract
>
>
>
> The aim of this project is to provide an easier mechanism to provision users
> from LDAP into cloudstack. Currently cloudstack provides authentication
> LDAP authentication. In this authentication users must be first setup in
> cloudstack. Once the user is setup in cloudstack they can authenticate using
> their ldap username and password.
>
>
>
> This feature aims to extend the current functionality to make user setup align
> with LDAP group.
>
>
> Deliverables
>
> ñ Service that retrieves a list of ldap users from the configured group
>
> ñ Extension of cloudstack UI “Add User” screen to offer user list from LDAP
>
> ñ Add service for saving new user with details from LDAP
>
> ñ BDD unit and acceptance automated testing
>
> ñ Document change details
>
>
> Quantifiable results
>
>
> Given A need to add new user to cloudstack and LDAP is setup
>
> When
>
> You open the “Add User” screen
>
> Then
>
> A table of users appears for the current list of users (not already created on
> cloudstack) from the LDAP group displaying their a checkbox, username,
> name and email address. The timezone dropdown will still be available
> beside each user.
> Given A need to add new user to cloudstack and LDAP is not setup
>
> When
>
> You open the “Add User” screen
>
> Then
>
> The current add user screen and functionality is provided
> Given A need to add new user to cloudstack and LDAP is setup
>
> When
>
> You open the “Add User” screen and mandatory information is missing
>
> Then
>
> These fields will be editable to enable you populate the name or email
> address
>
>
> Given A need to add new user to cloudstack, LDAP is setup but user is in the
> ldap query group
>
> When
>
> You open the “Add User” screen
>
> Then
>
> There is a list of LDAP users displayed but your current user is present in the
> list
> Given A need to add new user to cloudstack, LDAP is setup but user is not
> in the query group
>
> When
>
> You open the “Add User” screen
>
> Then
>
> There is a list of LDAP users displayed but your current user is not in the list
> Given You need to add group of new users to cloudstack
>
> When
>
> You open the “Add User” screen, select the users and hit save
>
> Then
>
> The list of new users are saved to the database
>
>
> Given You need to add group of new users to cloudstack
>
> When
>
> You open the “Add User” screen, select the users and hit save
>
> Then
>
> The list of new users are saved to the database
>
>
> Given You have created a new LDAP user on cloudstack
>
> When
>
> The user authenticates against cloudstack with the right credentials
>
> Then
>
> They are authorised in cloudstack
> Given A user wants to edit an LDAP user
>
> When
>
> They open the Edit User screen
>
> Then
>
> The password fields are disabled and cannot be changed
> The design document *Ldap User List Service*
>
>
>
> *name*: ldapUserList
>
> *responseObject*: LDAPUserResponse {username, email, name}
>
> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
> option provided)
>
>
>
> Create a new API service call for retreiving the list of users from LDAP.
> This will call a new ConfigurationService which will retrieve the list of
> users using the configured search base and the query filter. The list may
> be filtered in the ConfigurationService based on listType parameter.
>
>
>
> *Ldap Available Service*
>
>
>
> *name*: ldapAvailable
>
> *responseObject*: LDAPAvailableResponse {available:boolean}
>
>
>
> Create a new API service call verifying LDAP is setup correctly verifying the
> following configuration elements are all set:
>
> ñ ldap.hostname
>
> ñ ldap.port
>
> ñ ldap.usessl
>
> ñ ldap.queryfilter
>
> ñ ldap.searchbase
>
> ñ ldap.dn
>
> ñ ldap.password
>
>
>
> The verification that all of these are set will return an available boolean true.
> If required this could perform a status check against LDAP first and provide
> warning if it fails.
>
>
> *Ldap Save Users Service*
>
>
>
> *name*: ldapSaveUsers
>
> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
>
> *parameter*: list of users
>
>
>
> Saves the list of objects instead. Following the functionality in
> CreateUserCmd it will
>
> ñ Create the user via the account service
>
> ñ Handle the response
>
>
>
> It will be decided whether a transation should remain over whole save or
> only over individual users. A list of UserResponse will be returned.
>
>
>
>
>
>
>
> *Extension of cloudstack UI “Add User” screen *
>
>
>
> Extend account.js to enable it add a user list with editable fields where
> required. The new “Add User” screen for LDAP setup.
>
> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
> ldapSaveUsers services
>
> ñ Validation will be maintained on username, email, firstname and lastname
>
>
>
> *Extension of cloudstack UI “Edit User” screen *
>
>
>
> Extend account.js to disable the password fields on the edit user screen if
> LDAP available.
>
> ñ This will make an ajax call to the ldapAvailable and updateUser services
>
> ñ Validation will be maintained on username, email, firstname and lastname.
> Additional server validation will ensure password has not changed.
>
>
>
>
> Approach
>
>
>
> To get started a development cloudstack environment with DevCloud used
> to verify changes. Then once the schedule agreed with the mentor the
> deliverables will be broken into smaller User stories with expected
> delivery dates set. The development cycle will focus on BDD enforcing all
> unit and acceptance tests written first.
>
>
>
> A build pipe line for continious delivery environment around cloudstack here
> will be created, the following stages will be adopted
>
>
>
> *Stage*
>
> *Action*
>
> Commit
>
> Runs unit tests
>
> Sonar
>
> Runs code quality metrics
>
> Acceptance
>
> Deploys the dev cloud and runs all acceptance tests
>
> Deployment
>
> Deploy a new management server using Chef
>
>
>
>
> About Me
>
>
>
> I am a Computer Science Student at Dublin City University in Ireland. I have
> interests in virtualization, automation, information systems, networking and
> web development.
>
>
>
> I was involved with a project in a K-12(educational) environment of moving
> their server systems over to a virtualized environment on ESXi. I have
> good knowledge of programming in Java, PHP and Scripting langages. During
> the configuration of an automation system for OS deployment I experienced
> some exposure to scripting in powershell, batch, vbs and bash and
> configuration of PXE images based of WinPE and Debian.
>
> Additionally I am also a mentor in an opensource teaching movement called
> CoderDojo, we teach kids from the age of 8 everything from web page,
> HTML 5 game and raspberry pi development.
>
>
>
> I’m excited at the opportunity and learning experience that cloudstack are
> offering with this project.
>
>
> References
>
>
>
> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
>
> ñ
> http://cloudstack.apache.org/docs/en-
> US/Apache_CloudStack/4.0.2/html/Admin_Guide/
>
> ñ
> http://cloudstack.apache.org/docs/en-
> US/Apache_CloudStack/4.0.2/html/API_Developers_Guide/index.html
>
> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
>
> ñ
> http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-
> summer-of-code
>
> ñ
> http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-
> cloudstack-v401.html
>
> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
>
> ñ http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-
> ldap.html
>
>
>
>
>
>
> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
>
> > Hi,
> >
> > I was wondering If I could get some feedback on the attached file
> > labeled "Cloudstack-LDAP.pdf". It outlines a design document for the
> > project labeled "LDAP user provisioning"
> >
> > From my current understanding of the single sign on mechanism
> > implemented in cloudstack a LDAP user must be created manually within
> > the cloudstack database. Would it be preferred to:
> >
> > A) Create a service that polls LDAP every so often to check for new
> > user creation.
> > or
> > B) Extend the login page to check LDAP after failing to find a user
> > within the cloudstack database. On success of finding a user in LDAP a
> > profile would automatically be created within the cloudstack database.
> >
> > Kind regards,
> > Ian
> >
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Sebastien Goasguen <ru...@gmail.com>.
Ian, we figured it out.
Abhi is able to see it.
thanks
On May 6, 2013, at 9:58 AM, Ian Duffy <ia...@ianduffy.ie> wrote:
> Hi Abhinandan,
>
> It should be there. I have it marked as public so the following link should
> work as well:
>
> https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/imduffy15/1
>
> Thanks!
> Ian
>
> On 6 May 2013 12:32, Abhinandan Prateek <ag...@hotmail.com> wrote:
>
>> I am unable to see the proposal in melange website. Am I missing something
>> ?
>>
>> -abhi
>>
>> On 04/05/13 6:56 PM, "Sebastien Goasguen" <ru...@gmail.com> wrote:
>>
>>> Ian thanks a lot for your proposal and submission.
>>>
>>> This project has been proposed by Abhinandan Prateek, so I am copying him
>>> in this email so he can comment.
>>>
>>> @Abhi, you need to access the google melange site and find Ian's proposal
>>>
>>> -Sebastien
>>>
>>> On May 3, 2013, at 12:40 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
>>>
>>>> Hi,
>>>>
>>>> Sorry just noticed that the attachment appeared to have got stripped,
>>>> here
>>>> is the contents of the PDF. Alternatively I have uploaded it here:
>>>> http://ianduffy.ie/Cloudstack-LDAP.pdf
>>>>
>>>> *Apache Cloudstack Google Summer of Code Project: LDAP user
>>>> provisioning*
>>>>
>>>>
>>>> Need to automate the way the LDAP users are provisioned into cloud
>>>> stack.
>>>> This will mean better integration with a LDAP server, ability to import
>>>> users and a way to define how the LDAP user maps to the cloudstack
>>>> users.
>>>>
>>>>
>>>> Abstract
>>>>
>>>>
>>>>
>>>> The aim of this project is to provide an easier mechanism to provision
>>>> users from LDAP into cloudstack. Currently cloudstack provides
>>>> authentication LDAP authentication. In this authentication users must
>>>> be
>>>> first setup in cloudstack. Once the user is setup in cloudstack they
>>>> can
>>>> authenticate using their ldap username and password.
>>>>
>>>>
>>>>
>>>> This feature aims to extend the current functionality to make user setup
>>>> align with LDAP group.
>>>>
>>>>
>>>> Deliverables
>>>>
>>>> ñ Service that retrieves a list of ldap users from the configured group
>>>>
>>>> ñ Extension of cloudstack UI ³Add User² screen to offer user list from
>>>> LDAP
>>>>
>>>> ñ Add service for saving new user with details from LDAP
>>>>
>>>> ñ BDD unit and acceptance automated testing
>>>>
>>>> ñ Document change details
>>>>
>>>>
>>>> Quantifiable results
>>>>
>>>>
>>>> Given A need to add new user to cloudstack and LDAP is setup
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen
>>>>
>>>> Then
>>>>
>>>> A table of users appears for the current list of users (not already
>>>> created
>>>> on cloudstack) from the LDAP group displaying their a checkbox,
>>>> username,
>>>> name and email address. The timezone dropdown will still be available
>>>> beside each user.
>>>> Given A need to add new user to cloudstack and LDAP is not setup
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen
>>>>
>>>> Then
>>>>
>>>> The current add user screen and functionality is provided
>>>> Given A need to add new user to cloudstack and LDAP is setup
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen and mandatory information is missing
>>>>
>>>> Then
>>>>
>>>> These fields will be editable to enable you populate the name or email
>>>> address
>>>>
>>>>
>>>> Given A need to add new user to cloudstack, LDAP is setup but user is
>>>> in
>>>> the ldap query group
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen
>>>>
>>>> Then
>>>>
>>>> There is a list of LDAP users displayed but your current user is
>>>> present in
>>>> the list
>>>> Given A need to add new user to cloudstack, LDAP is setup but user
>>>> is
>>>> not in the query group
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen
>>>>
>>>> Then
>>>>
>>>> There is a list of LDAP users displayed but your current user is not in
>>>> the
>>>> list
>>>> Given You need to add group of new users to cloudstack
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen, select the users and hit save
>>>>
>>>> Then
>>>>
>>>> The list of new users are saved to the database
>>>>
>>>>
>>>> Given You need to add group of new users to cloudstack
>>>>
>>>> When
>>>>
>>>> You open the ³Add User² screen, select the users and hit save
>>>>
>>>> Then
>>>>
>>>> The list of new users are saved to the database
>>>>
>>>>
>>>> Given You have created a new LDAP user on cloudstack
>>>>
>>>> When
>>>>
>>>> The user authenticates against cloudstack with the right credentials
>>>>
>>>> Then
>>>>
>>>> They are authorised in cloudstack
>>>> Given A user wants to edit an LDAP user
>>>>
>>>> When
>>>>
>>>> They open the Edit User screen
>>>>
>>>> Then
>>>>
>>>> The password fields are disabled and cannot be changed
>>>> The design document *Ldap User List Service*
>>>>
>>>>
>>>>
>>>> *name*: ldapUserList
>>>>
>>>> *responseObject*: LDAPUserResponse {username, email, name}
>>>>
>>>> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
>>>> option provided)
>>>>
>>>>
>>>>
>>>> Create a new API service call for retreiving the list of users from
>>>> LDAP.
>>>> This will call a new ConfigurationService which will retrieve the list
>>>> of
>>>> users using the configured search base and the query filter. The list
>>>> may
>>>> be filtered in the ConfigurationService based on listType parameter.
>>>>
>>>>
>>>>
>>>> *Ldap Available Service*
>>>>
>>>>
>>>>
>>>> *name*: ldapAvailable
>>>>
>>>> *responseObject*: LDAPAvailableResponse {available:boolean}
>>>>
>>>>
>>>>
>>>> Create a new API service call verifying LDAP is setup correctly
>>>> verifying
>>>> the following configuration elements are all set:
>>>>
>>>> ñ ldap.hostname
>>>>
>>>> ñ ldap.port
>>>>
>>>> ñ ldap.usessl
>>>>
>>>> ñ ldap.queryfilter
>>>>
>>>> ñ ldap.searchbase
>>>>
>>>> ñ ldap.dn
>>>>
>>>> ñ ldap.password
>>>>
>>>>
>>>>
>>>> The verification that all of these are set will return an available
>>>> boolean
>>>> true. If required this could perform a status check against LDAP first
>>>> and
>>>> provide warning if it fails.
>>>>
>>>>
>>>> *Ldap Save Users Service*
>>>>
>>>>
>>>>
>>>> *name*: ldapSaveUsers
>>>>
>>>> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
>>>>
>>>> *parameter*: list of users
>>>>
>>>>
>>>>
>>>> Saves the list of objects instead. Following the functionality in
>>>> CreateUserCmd it will
>>>>
>>>> ñ Create the user via the account service
>>>>
>>>> ñ Handle the response
>>>>
>>>>
>>>>
>>>> It will be decided whether a transation should remain over whole save or
>>>> only over individual users. A list of UserResponse will be returned.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Extension of cloudstack UI ³Add User² screen *
>>>>
>>>>
>>>>
>>>> Extend account.js to enable it add a user list with editable fields
>>>> where
>>>> required. The new ³Add User² screen for LDAP setup.
>>>>
>>>> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
>>>> ldapSaveUsers services
>>>>
>>>> ñ Validation will be maintained on username, email, firstname and
>>>> lastname
>>>>
>>>>
>>>>
>>>> *Extension of cloudstack UI ³Edit User² screen *
>>>>
>>>>
>>>>
>>>> Extend account.js to disable the password fields on the edit user
>>>> screen if
>>>> LDAP available.
>>>>
>>>> ñ This will make an ajax call to the ldapAvailable and updateUser
>>>> services
>>>>
>>>> ñ Validation will be maintained on username, email, firstname and
>>>> lastname. Additional server validation will ensure password has not
>>>> changed.
>>>>
>>>>
>>>>
>>>>
>>>> Approach
>>>>
>>>>
>>>>
>>>> To get started a development cloudstack environment with DevCloud used
>>>> to
>>>> verify changes. Then once the schedule agreed with the mentor the
>>>> deliverables will be broken into smaller User stories with expected
>>>> delivery dates set. The development cycle will focus on BDD enforcing
>>>> all
>>>> unit and acceptance tests written first.
>>>>
>>>>
>>>>
>>>> A build pipe line for continious delivery environment around cloudstack
>>>> here will be created, the following stages will be adopted
>>>>
>>>>
>>>>
>>>> *Stage*
>>>>
>>>> *Action*
>>>>
>>>> Commit
>>>>
>>>> Runs unit tests
>>>>
>>>> Sonar
>>>>
>>>> Runs code quality metrics
>>>>
>>>> Acceptance
>>>>
>>>> Deploys the dev cloud and runs all acceptance tests
>>>>
>>>> Deployment
>>>>
>>>> Deploy a new management server using Chef
>>>>
>>>>
>>>>
>>>>
>>>> About Me
>>>>
>>>>
>>>>
>>>> I am a Computer Science Student at Dublin City University in Ireland. I
>>>> have interests in virtualization, automation, information systems,
>>>> networking and web development.
>>>>
>>>>
>>>>
>>>> I was involved with a project in a K-12(educational) environment of
>>>> moving
>>>> their server systems over to a virtualized environment on ESXi. I have
>>>> good knowledge of programming in Java, PHP and Scripting langages.
>>>> During
>>>> the configuration of an automation system for OS deployment I
>>>> experienced
>>>> some exposure to scripting in powershell, batch, vbs and bash and
>>>> configuration of PXE images based of WinPE and Debian.
>>>>
>>>> Additionally I am also a mentor in an opensource teaching movement
>>>> called
>>>> CoderDojo, we teach kids from the age of 8 everything from web page,
>>>> HTML 5
>>>> game and raspberry pi development.
>>>>
>>>>
>>>>
>>>> I¹m excited at the opportunity and learning experience that cloudstack
>>>> are
>>>> offering with this project.
>>>>
>>>>
>>>> References
>>>>
>>>>
>>>>
>>>> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
>>>>
>>>> ñ
>>>>
>>>>
>> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi
>>>> n_Guide/
>>>>
>>>> ñ
>>>>
>>>>
>> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_
>>>> Developers_Guide/index.html
>>>>
>>>> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
>>>>
>>>> ñ
>>>>
>>>>
>> http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ
>>>> er-of-code
>>>>
>>>> ñ
>>>>
>>>>
>> http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta
>>>> ck-v401.html
>>>>
>>>> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
>>>>
>>>> ñ
>>>>
>> http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I was wondering If I could get some feedback on the attached file
>>>>> labeled
>>>>> "Cloudstack-LDAP.pdf". It outlines a design document for the project
>>>>> labeled "LDAP user provisioning"
>>>>>
>>>>> From my current understanding of the single sign on mechanism
>>>>> implemented
>>>>> in cloudstack a LDAP user must be created manually within the
>>>>> cloudstack
>>>>> database. Would it be preferred to:
>>>>>
>>>>> A) Create a service that polls LDAP every so often to check for new
>>>>> user
>>>>> creation.
>>>>> or
>>>>> B) Extend the login page to check LDAP after failing to find a user
>>>>> within
>>>>> the cloudstack database. On success of finding a user in LDAP a profile
>>>>> would automatically be created within the cloudstack database.
>>>>>
>>>>> Kind regards,
>>>>> Ian
>>>>>
>>>
>>>
>>
>>
>>
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Abhinandan Prateek <cl...@aprateek.com>.
Hi Ian,
The issue has been promptly resolved and now I have access to it.
Will follow up with more details on your proposal.
Thank you,
-abhi
On 06/05/13 7:28 PM, "Ian Duffy" <ia...@ianduffy.ie> wrote:
>Hi Abhinandan,
>
>It should be there. I have it marked as public so the following link
>should
>work as well:
>
>https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/im
>duffy15/1
>
>Thanks!
>Ian
>
>On 6 May 2013 12:32, Abhinandan Prateek <ag...@hotmail.com> wrote:
>
>> I am unable to see the proposal in melange website. Am I missing
>>something
>> ?
>>
>> -abhi
>>
>> On 04/05/13 6:56 PM, "Sebastien Goasguen" <ru...@gmail.com> wrote:
>>
>> >Ian thanks a lot for your proposal and submission.
>> >
>> >This project has been proposed by Abhinandan Prateek, so I am copying
>>him
>> >in this email so he can comment.
>> >
>> >@Abhi, you need to access the google melange site and find Ian's
>>proposal
>> >
>> >-Sebastien
>> >
>> >On May 3, 2013, at 12:40 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
>> >
>> >> Hi,
>> >>
>> >> Sorry just noticed that the attachment appeared to have got stripped,
>> >>here
>> >> is the contents of the PDF. Alternatively I have uploaded it here:
>> >> http://ianduffy.ie/Cloudstack-LDAP.pdf
>> >>
>> >> *Apache Cloudstack Google Summer of Code Project: LDAP user
>> >>provisioning*
>> >>
>> >>
>> >> Need to automate the way the LDAP users are provisioned into cloud
>> >>stack.
>> >> This will mean better integration with a LDAP server, ability to
>>import
>> >> users and a way to define how the LDAP user maps to the cloudstack
>> >>users.
>> >>
>> >>
>> >> Abstract
>> >>
>> >>
>> >>
>> >> The aim of this project is to provide an easier mechanism to
>>provision
>> >> users from LDAP into cloudstack. Currently cloudstack provides
>> >> authentication LDAP authentication. In this authentication users
>>must
>> >>be
>> >> first setup in cloudstack. Once the user is setup in cloudstack they
>> >>can
>> >> authenticate using their ldap username and password.
>> >>
>> >>
>> >>
>> >> This feature aims to extend the current functionality to make user
>>setup
>> >> align with LDAP group.
>> >>
>> >>
>> >> Deliverables
>> >>
>> >> ñ Service that retrieves a list of ldap users from the configured
>>group
>> >>
>> >> ñ Extension of cloudstack UI ³Add User² screen to offer user list
>>from
>> >> LDAP
>> >>
>> >> ñ Add service for saving new user with details from LDAP
>> >>
>> >> ñ BDD unit and acceptance automated testing
>> >>
>> >> ñ Document change details
>> >>
>> >>
>> >> Quantifiable results
>> >>
>> >>
>> >> Given A need to add new user to cloudstack and LDAP is setup
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen
>> >>
>> >> Then
>> >>
>> >> A table of users appears for the current list of users (not already
>> >>created
>> >> on cloudstack) from the LDAP group displaying their a checkbox,
>> >>username,
>> >> name and email address. The timezone dropdown will still be available
>> >> beside each user.
>> >> Given A need to add new user to cloudstack and LDAP is not setup
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen
>> >>
>> >> Then
>> >>
>> >> The current add user screen and functionality is provided
>> >> Given A need to add new user to cloudstack and LDAP is setup
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen and mandatory information is missing
>> >>
>> >> Then
>> >>
>> >> These fields will be editable to enable you populate the name or
>>email
>> >> address
>> >>
>> >>
>> >> Given A need to add new user to cloudstack, LDAP is setup but user
>>is
>> >>in
>> >> the ldap query group
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen
>> >>
>> >> Then
>> >>
>> >> There is a list of LDAP users displayed but your current user is
>> >>present in
>> >> the list
>> >> Given A need to add new user to cloudstack, LDAP is setup but
>>user
>> >>is
>> >> not in the query group
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen
>> >>
>> >> Then
>> >>
>> >> There is a list of LDAP users displayed but your current user is not
>>in
>> >>the
>> >> list
>> >> Given You need to add group of new users to cloudstack
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen, select the users and hit save
>> >>
>> >> Then
>> >>
>> >> The list of new users are saved to the database
>> >>
>> >>
>> >> Given You need to add group of new users to cloudstack
>> >>
>> >> When
>> >>
>> >> You open the ³Add User² screen, select the users and hit save
>> >>
>> >> Then
>> >>
>> >> The list of new users are saved to the database
>> >>
>> >>
>> >> Given You have created a new LDAP user on cloudstack
>> >>
>> >> When
>> >>
>> >> The user authenticates against cloudstack with the right credentials
>> >>
>> >> Then
>> >>
>> >> They are authorised in cloudstack
>> >> Given A user wants to edit an LDAP user
>> >>
>> >> When
>> >>
>> >> They open the Edit User screen
>> >>
>> >> Then
>> >>
>> >> The password fields are disabled and cannot be changed
>> >> The design document *Ldap User List Service*
>> >>
>> >>
>> >>
>> >> *name*: ldapUserList
>> >>
>> >> *responseObject*: LDAPUserResponse {username, email, name}
>> >>
>> >> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
>> >> option provided)
>> >>
>> >>
>> >>
>> >> Create a new API service call for retreiving the list of users from
>> >>LDAP.
>> >> This will call a new ConfigurationService which will retrieve the
>>list
>> >>of
>> >> users using the configured search base and the query filter. The
>>list
>> >>may
>> >> be filtered in the ConfigurationService based on listType parameter.
>> >>
>> >>
>> >>
>> >> *Ldap Available Service*
>> >>
>> >>
>> >>
>> >> *name*: ldapAvailable
>> >>
>> >> *responseObject*: LDAPAvailableResponse {available:boolean}
>> >>
>> >>
>> >>
>> >> Create a new API service call verifying LDAP is setup correctly
>> >>verifying
>> >> the following configuration elements are all set:
>> >>
>> >> ñ ldap.hostname
>> >>
>> >> ñ ldap.port
>> >>
>> >> ñ ldap.usessl
>> >>
>> >> ñ ldap.queryfilter
>> >>
>> >> ñ ldap.searchbase
>> >>
>> >> ñ ldap.dn
>> >>
>> >> ñ ldap.password
>> >>
>> >>
>> >>
>> >> The verification that all of these are set will return an available
>> >>boolean
>> >> true. If required this could perform a status check against LDAP
>>first
>> >>and
>> >> provide warning if it fails.
>> >>
>> >>
>> >> *Ldap Save Users Service*
>> >>
>> >>
>> >>
>> >> *name*: ldapSaveUsers
>> >>
>> >> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
>> >>
>> >> *parameter*: list of users
>> >>
>> >>
>> >>
>> >> Saves the list of objects instead. Following the functionality in
>> >> CreateUserCmd it will
>> >>
>> >> ñ Create the user via the account service
>> >>
>> >> ñ Handle the response
>> >>
>> >>
>> >>
>> >> It will be decided whether a transation should remain over whole
>>save or
>> >> only over individual users. A list of UserResponse will be returned.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> *Extension of cloudstack UI ³Add User² screen *
>> >>
>> >>
>> >>
>> >> Extend account.js to enable it add a user list with editable fields
>> >>where
>> >> required. The new ³Add User² screen for LDAP setup.
>> >>
>> >> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
>> >> ldapSaveUsers services
>> >>
>> >> ñ Validation will be maintained on username, email, firstname and
>> >>lastname
>> >>
>> >>
>> >>
>> >> *Extension of cloudstack UI ³Edit User² screen *
>> >>
>> >>
>> >>
>> >> Extend account.js to disable the password fields on the edit user
>> >>screen if
>> >> LDAP available.
>> >>
>> >> ñ This will make an ajax call to the ldapAvailable and updateUser
>> >>services
>> >>
>> >> ñ Validation will be maintained on username, email, firstname and
>> >> lastname. Additional server validation will ensure password has not
>> >> changed.
>> >>
>> >>
>> >>
>> >>
>> >> Approach
>> >>
>> >>
>> >>
>> >> To get started a development cloudstack environment with DevCloud
>>used
>> >>to
>> >> verify changes. Then once the schedule agreed with the mentor the
>> >> deliverables will be broken into smaller User stories with expected
>> >> delivery dates set. The development cycle will focus on BDD
>>enforcing
>> >>all
>> >> unit and acceptance tests written first.
>> >>
>> >>
>> >>
>> >> A build pipe line for continious delivery environment around
>>cloudstack
>> >> here will be created, the following stages will be adopted
>> >>
>> >>
>> >>
>> >> *Stage*
>> >>
>> >> *Action*
>> >>
>> >> Commit
>> >>
>> >> Runs unit tests
>> >>
>> >> Sonar
>> >>
>> >> Runs code quality metrics
>> >>
>> >> Acceptance
>> >>
>> >> Deploys the dev cloud and runs all acceptance tests
>> >>
>> >> Deployment
>> >>
>> >> Deploy a new management server using Chef
>> >>
>> >>
>> >>
>> >>
>> >> About Me
>> >>
>> >>
>> >>
>> >> I am a Computer Science Student at Dublin City University in
>>Ireland. I
>> >> have interests in virtualization, automation, information systems,
>> >> networking and web development.
>> >>
>> >>
>> >>
>> >> I was involved with a project in a K-12(educational) environment of
>> >>moving
>> >> their server systems over to a virtualized environment on ESXi. I
>>have
>> >> good knowledge of programming in Java, PHP and Scripting langages.
>> >>During
>> >> the configuration of an automation system for OS deployment I
>> >>experienced
>> >> some exposure to scripting in powershell, batch, vbs and bash and
>> >> configuration of PXE images based of WinPE and Debian.
>> >>
>> >> Additionally I am also a mentor in an opensource teaching movement
>> >>called
>> >> CoderDojo, we teach kids from the age of 8 everything from web page,
>> >>HTML 5
>> >> game and raspberry pi development.
>> >>
>> >>
>> >>
>> >> I¹m excited at the opportunity and learning experience that
>>cloudstack
>> >>are
>> >> offering with this project.
>> >>
>> >>
>> >> References
>> >>
>> >>
>> >>
>> >> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
>> >>
>> >> ñ
>> >>
>> >>
>>
>>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi
>> >>n_Guide/
>> >>
>> >> ñ
>> >>
>> >>
>>
>>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_
>> >>Developers_Guide/index.html
>> >>
>> >> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
>> >>
>> >> ñ
>> >>
>> >>
>>
>>http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ
>> >>er-of-code
>> >>
>> >> ñ
>> >>
>> >>
>>
>>http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta
>> >>ck-v401.html
>> >>
>> >> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
>> >>
>> >> ñ
>> >>
>>
>>http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> I was wondering If I could get some feedback on the attached file
>> >>>labeled
>> >>> "Cloudstack-LDAP.pdf". It outlines a design document for the project
>> >>> labeled "LDAP user provisioning"
>> >>>
>> >>> From my current understanding of the single sign on mechanism
>> >>>implemented
>> >>> in cloudstack a LDAP user must be created manually within the
>> >>>cloudstack
>> >>> database. Would it be preferred to:
>> >>>
>> >>> A) Create a service that polls LDAP every so often to check for new
>> >>>user
>> >>> creation.
>> >>> or
>> >>> B) Extend the login page to check LDAP after failing to find a user
>> >>>within
>> >>> the cloudstack database. On success of finding a user in LDAP a
>>profile
>> >>> would automatically be created within the cloudstack database.
>> >>>
>> >>> Kind regards,
>> >>> Ian
>> >>>
>> >
>> >
>>
>>
>>
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Ian Duffy <ia...@ianduffy.ie>.
Hi Abhinandan,
It should be there. I have it marked as public so the following link should
work as well:
https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/imduffy15/1
Thanks!
Ian
On 6 May 2013 12:32, Abhinandan Prateek <ag...@hotmail.com> wrote:
> I am unable to see the proposal in melange website. Am I missing something
> ?
>
> -abhi
>
> On 04/05/13 6:56 PM, "Sebastien Goasguen" <ru...@gmail.com> wrote:
>
> >Ian thanks a lot for your proposal and submission.
> >
> >This project has been proposed by Abhinandan Prateek, so I am copying him
> >in this email so he can comment.
> >
> >@Abhi, you need to access the google melange site and find Ian's proposal
> >
> >-Sebastien
> >
> >On May 3, 2013, at 12:40 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
> >
> >> Hi,
> >>
> >> Sorry just noticed that the attachment appeared to have got stripped,
> >>here
> >> is the contents of the PDF. Alternatively I have uploaded it here:
> >> http://ianduffy.ie/Cloudstack-LDAP.pdf
> >>
> >> *Apache Cloudstack Google Summer of Code Project: LDAP user
> >>provisioning*
> >>
> >>
> >> Need to automate the way the LDAP users are provisioned into cloud
> >>stack.
> >> This will mean better integration with a LDAP server, ability to import
> >> users and a way to define how the LDAP user maps to the cloudstack
> >>users.
> >>
> >>
> >> Abstract
> >>
> >>
> >>
> >> The aim of this project is to provide an easier mechanism to provision
> >> users from LDAP into cloudstack. Currently cloudstack provides
> >> authentication LDAP authentication. In this authentication users must
> >>be
> >> first setup in cloudstack. Once the user is setup in cloudstack they
> >>can
> >> authenticate using their ldap username and password.
> >>
> >>
> >>
> >> This feature aims to extend the current functionality to make user setup
> >> align with LDAP group.
> >>
> >>
> >> Deliverables
> >>
> >> ñ Service that retrieves a list of ldap users from the configured group
> >>
> >> ñ Extension of cloudstack UI ³Add User² screen to offer user list from
> >> LDAP
> >>
> >> ñ Add service for saving new user with details from LDAP
> >>
> >> ñ BDD unit and acceptance automated testing
> >>
> >> ñ Document change details
> >>
> >>
> >> Quantifiable results
> >>
> >>
> >> Given A need to add new user to cloudstack and LDAP is setup
> >>
> >> When
> >>
> >> You open the ³Add User² screen
> >>
> >> Then
> >>
> >> A table of users appears for the current list of users (not already
> >>created
> >> on cloudstack) from the LDAP group displaying their a checkbox,
> >>username,
> >> name and email address. The timezone dropdown will still be available
> >> beside each user.
> >> Given A need to add new user to cloudstack and LDAP is not setup
> >>
> >> When
> >>
> >> You open the ³Add User² screen
> >>
> >> Then
> >>
> >> The current add user screen and functionality is provided
> >> Given A need to add new user to cloudstack and LDAP is setup
> >>
> >> When
> >>
> >> You open the ³Add User² screen and mandatory information is missing
> >>
> >> Then
> >>
> >> These fields will be editable to enable you populate the name or email
> >> address
> >>
> >>
> >> Given A need to add new user to cloudstack, LDAP is setup but user is
> >>in
> >> the ldap query group
> >>
> >> When
> >>
> >> You open the ³Add User² screen
> >>
> >> Then
> >>
> >> There is a list of LDAP users displayed but your current user is
> >>present in
> >> the list
> >> Given A need to add new user to cloudstack, LDAP is setup but user
> >>is
> >> not in the query group
> >>
> >> When
> >>
> >> You open the ³Add User² screen
> >>
> >> Then
> >>
> >> There is a list of LDAP users displayed but your current user is not in
> >>the
> >> list
> >> Given You need to add group of new users to cloudstack
> >>
> >> When
> >>
> >> You open the ³Add User² screen, select the users and hit save
> >>
> >> Then
> >>
> >> The list of new users are saved to the database
> >>
> >>
> >> Given You need to add group of new users to cloudstack
> >>
> >> When
> >>
> >> You open the ³Add User² screen, select the users and hit save
> >>
> >> Then
> >>
> >> The list of new users are saved to the database
> >>
> >>
> >> Given You have created a new LDAP user on cloudstack
> >>
> >> When
> >>
> >> The user authenticates against cloudstack with the right credentials
> >>
> >> Then
> >>
> >> They are authorised in cloudstack
> >> Given A user wants to edit an LDAP user
> >>
> >> When
> >>
> >> They open the Edit User screen
> >>
> >> Then
> >>
> >> The password fields are disabled and cannot be changed
> >> The design document *Ldap User List Service*
> >>
> >>
> >>
> >> *name*: ldapUserList
> >>
> >> *responseObject*: LDAPUserResponse {username, email, name}
> >>
> >> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
> >> option provided)
> >>
> >>
> >>
> >> Create a new API service call for retreiving the list of users from
> >>LDAP.
> >> This will call a new ConfigurationService which will retrieve the list
> >>of
> >> users using the configured search base and the query filter. The list
> >>may
> >> be filtered in the ConfigurationService based on listType parameter.
> >>
> >>
> >>
> >> *Ldap Available Service*
> >>
> >>
> >>
> >> *name*: ldapAvailable
> >>
> >> *responseObject*: LDAPAvailableResponse {available:boolean}
> >>
> >>
> >>
> >> Create a new API service call verifying LDAP is setup correctly
> >>verifying
> >> the following configuration elements are all set:
> >>
> >> ñ ldap.hostname
> >>
> >> ñ ldap.port
> >>
> >> ñ ldap.usessl
> >>
> >> ñ ldap.queryfilter
> >>
> >> ñ ldap.searchbase
> >>
> >> ñ ldap.dn
> >>
> >> ñ ldap.password
> >>
> >>
> >>
> >> The verification that all of these are set will return an available
> >>boolean
> >> true. If required this could perform a status check against LDAP first
> >>and
> >> provide warning if it fails.
> >>
> >>
> >> *Ldap Save Users Service*
> >>
> >>
> >>
> >> *name*: ldapSaveUsers
> >>
> >> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
> >>
> >> *parameter*: list of users
> >>
> >>
> >>
> >> Saves the list of objects instead. Following the functionality in
> >> CreateUserCmd it will
> >>
> >> ñ Create the user via the account service
> >>
> >> ñ Handle the response
> >>
> >>
> >>
> >> It will be decided whether a transation should remain over whole save or
> >> only over individual users. A list of UserResponse will be returned.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> *Extension of cloudstack UI ³Add User² screen *
> >>
> >>
> >>
> >> Extend account.js to enable it add a user list with editable fields
> >>where
> >> required. The new ³Add User² screen for LDAP setup.
> >>
> >> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
> >> ldapSaveUsers services
> >>
> >> ñ Validation will be maintained on username, email, firstname and
> >>lastname
> >>
> >>
> >>
> >> *Extension of cloudstack UI ³Edit User² screen *
> >>
> >>
> >>
> >> Extend account.js to disable the password fields on the edit user
> >>screen if
> >> LDAP available.
> >>
> >> ñ This will make an ajax call to the ldapAvailable and updateUser
> >>services
> >>
> >> ñ Validation will be maintained on username, email, firstname and
> >> lastname. Additional server validation will ensure password has not
> >> changed.
> >>
> >>
> >>
> >>
> >> Approach
> >>
> >>
> >>
> >> To get started a development cloudstack environment with DevCloud used
> >>to
> >> verify changes. Then once the schedule agreed with the mentor the
> >> deliverables will be broken into smaller User stories with expected
> >> delivery dates set. The development cycle will focus on BDD enforcing
> >>all
> >> unit and acceptance tests written first.
> >>
> >>
> >>
> >> A build pipe line for continious delivery environment around cloudstack
> >> here will be created, the following stages will be adopted
> >>
> >>
> >>
> >> *Stage*
> >>
> >> *Action*
> >>
> >> Commit
> >>
> >> Runs unit tests
> >>
> >> Sonar
> >>
> >> Runs code quality metrics
> >>
> >> Acceptance
> >>
> >> Deploys the dev cloud and runs all acceptance tests
> >>
> >> Deployment
> >>
> >> Deploy a new management server using Chef
> >>
> >>
> >>
> >>
> >> About Me
> >>
> >>
> >>
> >> I am a Computer Science Student at Dublin City University in Ireland. I
> >> have interests in virtualization, automation, information systems,
> >> networking and web development.
> >>
> >>
> >>
> >> I was involved with a project in a K-12(educational) environment of
> >>moving
> >> their server systems over to a virtualized environment on ESXi. I have
> >> good knowledge of programming in Java, PHP and Scripting langages.
> >>During
> >> the configuration of an automation system for OS deployment I
> >>experienced
> >> some exposure to scripting in powershell, batch, vbs and bash and
> >> configuration of PXE images based of WinPE and Debian.
> >>
> >> Additionally I am also a mentor in an opensource teaching movement
> >>called
> >> CoderDojo, we teach kids from the age of 8 everything from web page,
> >>HTML 5
> >> game and raspberry pi development.
> >>
> >>
> >>
> >> I¹m excited at the opportunity and learning experience that cloudstack
> >>are
> >> offering with this project.
> >>
> >>
> >> References
> >>
> >>
> >>
> >> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
> >>
> >> ñ
> >>
> >>
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi
> >>n_Guide/
> >>
> >> ñ
> >>
> >>
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_
> >>Developers_Guide/index.html
> >>
> >> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
> >>
> >> ñ
> >>
> >>
> http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ
> >>er-of-code
> >>
> >> ñ
> >>
> >>
> http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta
> >>ck-v401.html
> >>
> >> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
> >>
> >> ñ
> >>
> http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
> >>
> >>
> >>
> >>
> >>
> >>
> >> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
> >>
> >>> Hi,
> >>>
> >>> I was wondering If I could get some feedback on the attached file
> >>>labeled
> >>> "Cloudstack-LDAP.pdf". It outlines a design document for the project
> >>> labeled "LDAP user provisioning"
> >>>
> >>> From my current understanding of the single sign on mechanism
> >>>implemented
> >>> in cloudstack a LDAP user must be created manually within the
> >>>cloudstack
> >>> database. Would it be preferred to:
> >>>
> >>> A) Create a service that polls LDAP every so often to check for new
> >>>user
> >>> creation.
> >>> or
> >>> B) Extend the login page to check LDAP after failing to find a user
> >>>within
> >>> the cloudstack database. On success of finding a user in LDAP a profile
> >>> would automatically be created within the cloudstack database.
> >>>
> >>> Kind regards,
> >>> Ian
> >>>
> >
> >
>
>
>
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Abhinandan Prateek <ag...@hotmail.com>.
I am unable to see the proposal in melange website. Am I missing something
?
-abhi
On 04/05/13 6:56 PM, "Sebastien Goasguen" <ru...@gmail.com> wrote:
>Ian thanks a lot for your proposal and submission.
>
>This project has been proposed by Abhinandan Prateek, so I am copying him
>in this email so he can comment.
>
>@Abhi, you need to access the google melange site and find Ian's proposal
>
>-Sebastien
>
>On May 3, 2013, at 12:40 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
>
>> Hi,
>>
>> Sorry just noticed that the attachment appeared to have got stripped,
>>here
>> is the contents of the PDF. Alternatively I have uploaded it here:
>> http://ianduffy.ie/Cloudstack-LDAP.pdf
>>
>> *Apache Cloudstack Google Summer of Code Project: LDAP user
>>provisioning*
>>
>>
>> Need to automate the way the LDAP users are provisioned into cloud
>>stack.
>> This will mean better integration with a LDAP server, ability to import
>> users and a way to define how the LDAP user maps to the cloudstack
>>users.
>>
>>
>> Abstract
>>
>>
>>
>> The aim of this project is to provide an easier mechanism to provision
>> users from LDAP into cloudstack. Currently cloudstack provides
>> authentication LDAP authentication. In this authentication users must
>>be
>> first setup in cloudstack. Once the user is setup in cloudstack they
>>can
>> authenticate using their ldap username and password.
>>
>>
>>
>> This feature aims to extend the current functionality to make user setup
>> align with LDAP group.
>>
>>
>> Deliverables
>>
>> ñ Service that retrieves a list of ldap users from the configured group
>>
>> ñ Extension of cloudstack UI ³Add User² screen to offer user list from
>> LDAP
>>
>> ñ Add service for saving new user with details from LDAP
>>
>> ñ BDD unit and acceptance automated testing
>>
>> ñ Document change details
>>
>>
>> Quantifiable results
>>
>>
>> Given A need to add new user to cloudstack and LDAP is setup
>>
>> When
>>
>> You open the ³Add User² screen
>>
>> Then
>>
>> A table of users appears for the current list of users (not already
>>created
>> on cloudstack) from the LDAP group displaying their a checkbox,
>>username,
>> name and email address. The timezone dropdown will still be available
>> beside each user.
>> Given A need to add new user to cloudstack and LDAP is not setup
>>
>> When
>>
>> You open the ³Add User² screen
>>
>> Then
>>
>> The current add user screen and functionality is provided
>> Given A need to add new user to cloudstack and LDAP is setup
>>
>> When
>>
>> You open the ³Add User² screen and mandatory information is missing
>>
>> Then
>>
>> These fields will be editable to enable you populate the name or email
>> address
>>
>>
>> Given A need to add new user to cloudstack, LDAP is setup but user is
>>in
>> the ldap query group
>>
>> When
>>
>> You open the ³Add User² screen
>>
>> Then
>>
>> There is a list of LDAP users displayed but your current user is
>>present in
>> the list
>> Given A need to add new user to cloudstack, LDAP is setup but user
>>is
>> not in the query group
>>
>> When
>>
>> You open the ³Add User² screen
>>
>> Then
>>
>> There is a list of LDAP users displayed but your current user is not in
>>the
>> list
>> Given You need to add group of new users to cloudstack
>>
>> When
>>
>> You open the ³Add User² screen, select the users and hit save
>>
>> Then
>>
>> The list of new users are saved to the database
>>
>>
>> Given You need to add group of new users to cloudstack
>>
>> When
>>
>> You open the ³Add User² screen, select the users and hit save
>>
>> Then
>>
>> The list of new users are saved to the database
>>
>>
>> Given You have created a new LDAP user on cloudstack
>>
>> When
>>
>> The user authenticates against cloudstack with the right credentials
>>
>> Then
>>
>> They are authorised in cloudstack
>> Given A user wants to edit an LDAP user
>>
>> When
>>
>> They open the Edit User screen
>>
>> Then
>>
>> The password fields are disabled and cannot be changed
>> The design document *Ldap User List Service*
>>
>>
>>
>> *name*: ldapUserList
>>
>> *responseObject*: LDAPUserResponse {username, email, name}
>>
>> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
>> option provided)
>>
>>
>>
>> Create a new API service call for retreiving the list of users from
>>LDAP.
>> This will call a new ConfigurationService which will retrieve the list
>>of
>> users using the configured search base and the query filter. The list
>>may
>> be filtered in the ConfigurationService based on listType parameter.
>>
>>
>>
>> *Ldap Available Service*
>>
>>
>>
>> *name*: ldapAvailable
>>
>> *responseObject*: LDAPAvailableResponse {available:boolean}
>>
>>
>>
>> Create a new API service call verifying LDAP is setup correctly
>>verifying
>> the following configuration elements are all set:
>>
>> ñ ldap.hostname
>>
>> ñ ldap.port
>>
>> ñ ldap.usessl
>>
>> ñ ldap.queryfilter
>>
>> ñ ldap.searchbase
>>
>> ñ ldap.dn
>>
>> ñ ldap.password
>>
>>
>>
>> The verification that all of these are set will return an available
>>boolean
>> true. If required this could perform a status check against LDAP first
>>and
>> provide warning if it fails.
>>
>>
>> *Ldap Save Users Service*
>>
>>
>>
>> *name*: ldapSaveUsers
>>
>> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
>>
>> *parameter*: list of users
>>
>>
>>
>> Saves the list of objects instead. Following the functionality in
>> CreateUserCmd it will
>>
>> ñ Create the user via the account service
>>
>> ñ Handle the response
>>
>>
>>
>> It will be decided whether a transation should remain over whole save or
>> only over individual users. A list of UserResponse will be returned.
>>
>>
>>
>>
>>
>>
>>
>> *Extension of cloudstack UI ³Add User² screen *
>>
>>
>>
>> Extend account.js to enable it add a user list with editable fields
>>where
>> required. The new ³Add User² screen for LDAP setup.
>>
>> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
>> ldapSaveUsers services
>>
>> ñ Validation will be maintained on username, email, firstname and
>>lastname
>>
>>
>>
>> *Extension of cloudstack UI ³Edit User² screen *
>>
>>
>>
>> Extend account.js to disable the password fields on the edit user
>>screen if
>> LDAP available.
>>
>> ñ This will make an ajax call to the ldapAvailable and updateUser
>>services
>>
>> ñ Validation will be maintained on username, email, firstname and
>> lastname. Additional server validation will ensure password has not
>> changed.
>>
>>
>>
>>
>> Approach
>>
>>
>>
>> To get started a development cloudstack environment with DevCloud used
>>to
>> verify changes. Then once the schedule agreed with the mentor the
>> deliverables will be broken into smaller User stories with expected
>> delivery dates set. The development cycle will focus on BDD enforcing
>>all
>> unit and acceptance tests written first.
>>
>>
>>
>> A build pipe line for continious delivery environment around cloudstack
>> here will be created, the following stages will be adopted
>>
>>
>>
>> *Stage*
>>
>> *Action*
>>
>> Commit
>>
>> Runs unit tests
>>
>> Sonar
>>
>> Runs code quality metrics
>>
>> Acceptance
>>
>> Deploys the dev cloud and runs all acceptance tests
>>
>> Deployment
>>
>> Deploy a new management server using Chef
>>
>>
>>
>>
>> About Me
>>
>>
>>
>> I am a Computer Science Student at Dublin City University in Ireland. I
>> have interests in virtualization, automation, information systems,
>> networking and web development.
>>
>>
>>
>> I was involved with a project in a K-12(educational) environment of
>>moving
>> their server systems over to a virtualized environment on ESXi. I have
>> good knowledge of programming in Java, PHP and Scripting langages.
>>During
>> the configuration of an automation system for OS deployment I
>>experienced
>> some exposure to scripting in powershell, batch, vbs and bash and
>> configuration of PXE images based of WinPE and Debian.
>>
>> Additionally I am also a mentor in an opensource teaching movement
>>called
>> CoderDojo, we teach kids from the age of 8 everything from web page,
>>HTML 5
>> game and raspberry pi development.
>>
>>
>>
>> I¹m excited at the opportunity and learning experience that cloudstack
>>are
>> offering with this project.
>>
>>
>> References
>>
>>
>>
>> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
>>
>> ñ
>>
>>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi
>>n_Guide/
>>
>> ñ
>>
>>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_
>>Developers_Guide/index.html
>>
>> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
>>
>> ñ
>>
>>http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ
>>er-of-code
>>
>> ñ
>>
>>http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta
>>ck-v401.html
>>
>> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
>>
>> ñ
>>http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
>>
>>
>>
>>
>>
>>
>> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
>>
>>> Hi,
>>>
>>> I was wondering If I could get some feedback on the attached file
>>>labeled
>>> "Cloudstack-LDAP.pdf". It outlines a design document for the project
>>> labeled "LDAP user provisioning"
>>>
>>> From my current understanding of the single sign on mechanism
>>>implemented
>>> in cloudstack a LDAP user must be created manually within the
>>>cloudstack
>>> database. Would it be preferred to:
>>>
>>> A) Create a service that polls LDAP every so often to check for new
>>>user
>>> creation.
>>> or
>>> B) Extend the login page to check LDAP after failing to find a user
>>>within
>>> the cloudstack database. On success of finding a user in LDAP a profile
>>> would automatically be created within the cloudstack database.
>>>
>>> Kind regards,
>>> Ian
>>>
>
>
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Sebastien Goasguen <ru...@gmail.com>.
Ian thanks a lot for your proposal and submission.
This project has been proposed by Abhinandan Prateek, so I am copying him in this email so he can comment.
@Abhi, you need to access the google melange site and find Ian's proposal
-Sebastien
On May 3, 2013, at 12:40 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
> Hi,
>
> Sorry just noticed that the attachment appeared to have got stripped, here
> is the contents of the PDF. Alternatively I have uploaded it here:
> http://ianduffy.ie/Cloudstack-LDAP.pdf
>
> *Apache Cloudstack Google Summer of Code Project: LDAP user provisioning*
>
>
> Need to automate the way the LDAP users are provisioned into cloud stack.
> This will mean better integration with a LDAP server, ability to import
> users and a way to define how the LDAP user maps to the cloudstack users.
>
>
> Abstract
>
>
>
> The aim of this project is to provide an easier mechanism to provision
> users from LDAP into cloudstack. Currently cloudstack provides
> authentication LDAP authentication. In this authentication users must be
> first setup in cloudstack. Once the user is setup in cloudstack they can
> authenticate using their ldap username and password.
>
>
>
> This feature aims to extend the current functionality to make user setup
> align with LDAP group.
>
>
> Deliverables
>
> ñ Service that retrieves a list of ldap users from the configured group
>
> ñ Extension of cloudstack UI “Add User” screen to offer user list from
> LDAP
>
> ñ Add service for saving new user with details from LDAP
>
> ñ BDD unit and acceptance automated testing
>
> ñ Document change details
>
>
> Quantifiable results
>
>
> Given A need to add new user to cloudstack and LDAP is setup
>
> When
>
> You open the “Add User” screen
>
> Then
>
> A table of users appears for the current list of users (not already created
> on cloudstack) from the LDAP group displaying their a checkbox, username,
> name and email address. The timezone dropdown will still be available
> beside each user.
> Given A need to add new user to cloudstack and LDAP is not setup
>
> When
>
> You open the “Add User” screen
>
> Then
>
> The current add user screen and functionality is provided
> Given A need to add new user to cloudstack and LDAP is setup
>
> When
>
> You open the “Add User” screen and mandatory information is missing
>
> Then
>
> These fields will be editable to enable you populate the name or email
> address
>
>
> Given A need to add new user to cloudstack, LDAP is setup but user is in
> the ldap query group
>
> When
>
> You open the “Add User” screen
>
> Then
>
> There is a list of LDAP users displayed but your current user is present in
> the list
> Given A need to add new user to cloudstack, LDAP is setup but user is
> not in the query group
>
> When
>
> You open the “Add User” screen
>
> Then
>
> There is a list of LDAP users displayed but your current user is not in the
> list
> Given You need to add group of new users to cloudstack
>
> When
>
> You open the “Add User” screen, select the users and hit save
>
> Then
>
> The list of new users are saved to the database
>
>
> Given You need to add group of new users to cloudstack
>
> When
>
> You open the “Add User” screen, select the users and hit save
>
> Then
>
> The list of new users are saved to the database
>
>
> Given You have created a new LDAP user on cloudstack
>
> When
>
> The user authenticates against cloudstack with the right credentials
>
> Then
>
> They are authorised in cloudstack
> Given A user wants to edit an LDAP user
>
> When
>
> They open the Edit User screen
>
> Then
>
> The password fields are disabled and cannot be changed
> The design document *Ldap User List Service*
>
>
>
> *name*: ldapUserList
>
> *responseObject*: LDAPUserResponse {username, email, name}
>
> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
> option provided)
>
>
>
> Create a new API service call for retreiving the list of users from LDAP.
> This will call a new ConfigurationService which will retrieve the list of
> users using the configured search base and the query filter. The list may
> be filtered in the ConfigurationService based on listType parameter.
>
>
>
> *Ldap Available Service*
>
>
>
> *name*: ldapAvailable
>
> *responseObject*: LDAPAvailableResponse {available:boolean}
>
>
>
> Create a new API service call verifying LDAP is setup correctly verifying
> the following configuration elements are all set:
>
> ñ ldap.hostname
>
> ñ ldap.port
>
> ñ ldap.usessl
>
> ñ ldap.queryfilter
>
> ñ ldap.searchbase
>
> ñ ldap.dn
>
> ñ ldap.password
>
>
>
> The verification that all of these are set will return an available boolean
> true. If required this could perform a status check against LDAP first and
> provide warning if it fails.
>
>
> *Ldap Save Users Service*
>
>
>
> *name*: ldapSaveUsers
>
> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
>
> *parameter*: list of users
>
>
>
> Saves the list of objects instead. Following the functionality in
> CreateUserCmd it will
>
> ñ Create the user via the account service
>
> ñ Handle the response
>
>
>
> It will be decided whether a transation should remain over whole save or
> only over individual users. A list of UserResponse will be returned.
>
>
>
>
>
>
>
> *Extension of cloudstack UI “Add User” screen *
>
>
>
> Extend account.js to enable it add a user list with editable fields where
> required. The new “Add User” screen for LDAP setup.
>
> ñ This will make an ajax call to the ldapAvailable, ldapUserList and
> ldapSaveUsers services
>
> ñ Validation will be maintained on username, email, firstname and lastname
>
>
>
> *Extension of cloudstack UI “Edit User” screen *
>
>
>
> Extend account.js to disable the password fields on the edit user screen if
> LDAP available.
>
> ñ This will make an ajax call to the ldapAvailable and updateUser services
>
> ñ Validation will be maintained on username, email, firstname and
> lastname. Additional server validation will ensure password has not
> changed.
>
>
>
>
> Approach
>
>
>
> To get started a development cloudstack environment with DevCloud used to
> verify changes. Then once the schedule agreed with the mentor the
> deliverables will be broken into smaller User stories with expected
> delivery dates set. The development cycle will focus on BDD enforcing all
> unit and acceptance tests written first.
>
>
>
> A build pipe line for continious delivery environment around cloudstack
> here will be created, the following stages will be adopted
>
>
>
> *Stage*
>
> *Action*
>
> Commit
>
> Runs unit tests
>
> Sonar
>
> Runs code quality metrics
>
> Acceptance
>
> Deploys the dev cloud and runs all acceptance tests
>
> Deployment
>
> Deploy a new management server using Chef
>
>
>
>
> About Me
>
>
>
> I am a Computer Science Student at Dublin City University in Ireland. I
> have interests in virtualization, automation, information systems,
> networking and web development.
>
>
>
> I was involved with a project in a K-12(educational) environment of moving
> their server systems over to a virtualized environment on ESXi. I have
> good knowledge of programming in Java, PHP and Scripting langages. During
> the configuration of an automation system for OS deployment I experienced
> some exposure to scripting in powershell, batch, vbs and bash and
> configuration of PXE images based of WinPE and Debian.
>
> Additionally I am also a mentor in an opensource teaching movement called
> CoderDojo, we teach kids from the age of 8 everything from web page, HTML 5
> game and raspberry pi development.
>
>
>
> I’m excited at the opportunity and learning experience that cloudstack are
> offering with this project.
>
>
> References
>
>
>
> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
>
> ñ
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admin_Guide/
>
> ñ
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_Developers_Guide/index.html
>
> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
>
> ñ
> http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summer-of-code
>
> ñ
> http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudstack-v401.html
>
> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
>
> ñ http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
>
>
>
>
>
>
> On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
>
>> Hi,
>>
>> I was wondering If I could get some feedback on the attached file labeled
>> "Cloudstack-LDAP.pdf". It outlines a design document for the project
>> labeled "LDAP user provisioning"
>>
>> From my current understanding of the single sign on mechanism implemented
>> in cloudstack a LDAP user must be created manually within the cloudstack
>> database. Would it be preferred to:
>>
>> A) Create a service that polls LDAP every so often to check for new user
>> creation.
>> or
>> B) Extend the login page to check LDAP after failing to find a user within
>> the cloudstack database. On success of finding a user in LDAP a profile
>> would automatically be created within the cloudstack database.
>>
>> Kind regards,
>> Ian
>>
Re: [GSOC] LDAP User provisioning: Design document feedback
Posted by Ian Duffy <ia...@ianduffy.ie>.
Hi,
Sorry just noticed that the attachment appeared to have got stripped, here
is the contents of the PDF. Alternatively I have uploaded it here:
http://ianduffy.ie/Cloudstack-LDAP.pdf
*Apache Cloudstack Google Summer of Code Project: LDAP user provisioning*
Need to automate the way the LDAP users are provisioned into cloud stack.
This will mean better integration with a LDAP server, ability to import
users and a way to define how the LDAP user maps to the cloudstack users.
Abstract
The aim of this project is to provide an easier mechanism to provision
users from LDAP into cloudstack. Currently cloudstack provides
authentication LDAP authentication. In this authentication users must be
first setup in cloudstack. Once the user is setup in cloudstack they can
authenticate using their ldap username and password.
This feature aims to extend the current functionality to make user setup
align with LDAP group.
Deliverables
ñ Service that retrieves a list of ldap users from the configured group
ñ Extension of cloudstack UI “Add User” screen to offer user list from
LDAP
ñ Add service for saving new user with details from LDAP
ñ BDD unit and acceptance automated testing
ñ Document change details
Quantifiable results
Given A need to add new user to cloudstack and LDAP is setup
When
You open the “Add User” screen
Then
A table of users appears for the current list of users (not already created
on cloudstack) from the LDAP group displaying their a checkbox, username,
name and email address. The timezone dropdown will still be available
beside each user.
Given A need to add new user to cloudstack and LDAP is not setup
When
You open the “Add User” screen
Then
The current add user screen and functionality is provided
Given A need to add new user to cloudstack and LDAP is setup
When
You open the “Add User” screen and mandatory information is missing
Then
These fields will be editable to enable you populate the name or email
address
Given A need to add new user to cloudstack, LDAP is setup but user is in
the ldap query group
When
You open the “Add User” screen
Then
There is a list of LDAP users displayed but your current user is present in
the list
Given A need to add new user to cloudstack, LDAP is setup but user is
not in the query group
When
You open the “Add User” screen
Then
There is a list of LDAP users displayed but your current user is not in the
list
Given You need to add group of new users to cloudstack
When
You open the “Add User” screen, select the users and hit save
Then
The list of new users are saved to the database
Given You need to add group of new users to cloudstack
When
You open the “Add User” screen, select the users and hit save
Then
The list of new users are saved to the database
Given You have created a new LDAP user on cloudstack
When
The user authenticates against cloudstack with the right credentials
Then
They are authorised in cloudstack
Given A user wants to edit an LDAP user
When
They open the Edit User screen
Then
The password fields are disabled and cannot be changed
The design document *Ldap User List Service*
*name*: ldapUserList
*responseObject*: LDAPUserResponse {username, email, name}
*parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no
option provided)
Create a new API service call for retreiving the list of users from LDAP.
This will call a new ConfigurationService which will retrieve the list of
users using the configured search base and the query filter. The list may
be filtered in the ConfigurationService based on listType parameter.
*Ldap Available Service*
*name*: ldapAvailable
*responseObject*: LDAPAvailableResponse {available:boolean}
Create a new API service call verifying LDAP is setup correctly verifying
the following configuration elements are all set:
ñ ldap.hostname
ñ ldap.port
ñ ldap.usessl
ñ ldap.queryfilter
ñ ldap.searchbase
ñ ldap.dn
ñ ldap.password
The verification that all of these are set will return an available boolean
true. If required this could perform a status check against LDAP first and
provide warning if it fails.
*Ldap Save Users Service*
*name*: ldapSaveUsers
*responseObject*: LDAPSaveUsersResponse {list<UserResponse>}
*parameter*: list of users
Saves the list of objects instead. Following the functionality in
CreateUserCmd it will
ñ Create the user via the account service
ñ Handle the response
It will be decided whether a transation should remain over whole save or
only over individual users. A list of UserResponse will be returned.
*Extension of cloudstack UI “Add User” screen *
Extend account.js to enable it add a user list with editable fields where
required. The new “Add User” screen for LDAP setup.
ñ This will make an ajax call to the ldapAvailable, ldapUserList and
ldapSaveUsers services
ñ Validation will be maintained on username, email, firstname and lastname
*Extension of cloudstack UI “Edit User” screen *
Extend account.js to disable the password fields on the edit user screen if
LDAP available.
ñ This will make an ajax call to the ldapAvailable and updateUser services
ñ Validation will be maintained on username, email, firstname and
lastname. Additional server validation will ensure password has not
changed.
Approach
To get started a development cloudstack environment with DevCloud used to
verify changes. Then once the schedule agreed with the mentor the
deliverables will be broken into smaller User stories with expected
delivery dates set. The development cycle will focus on BDD enforcing all
unit and acceptance tests written first.
A build pipe line for continious delivery environment around cloudstack
here will be created, the following stages will be adopted
*Stage*
*Action*
Commit
Runs unit tests
Sonar
Runs code quality metrics
Acceptance
Deploys the dev cloud and runs all acceptance tests
Deployment
Deploy a new management server using Chef
About Me
I am a Computer Science Student at Dublin City University in Ireland. I
have interests in virtualization, automation, information systems,
networking and web development.
I was involved with a project in a K-12(educational) environment of moving
their server systems over to a virtualized environment on ESXi. I have
good knowledge of programming in Java, PHP and Scripting langages. During
the configuration of an automation system for OS deployment I experienced
some exposure to scripting in powershell, batch, vbs and bash and
configuration of PXE images based of WinPE and Debian.
Additionally I am also a mentor in an opensource teaching movement called
CoderDojo, we teach kids from the age of 8 everything from web page, HTML 5
game and raspberry pi development.
I’m excited at the opportunity and learning experience that cloudstack are
offering with this project.
References
ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html
ñ
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admin_Guide/
ñ
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_Developers_Guide/index.html
ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014
ñ
http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summer-of-code
ñ
http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudstack-v401.html
ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html
ñ http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html
On 3 May 2013 17:35, Ian Duffy <ia...@ianduffy.ie> wrote:
> Hi,
>
> I was wondering If I could get some feedback on the attached file labeled
> "Cloudstack-LDAP.pdf". It outlines a design document for the project
> labeled "LDAP user provisioning"
>
> From my current understanding of the single sign on mechanism implemented
> in cloudstack a LDAP user must be created manually within the cloudstack
> database. Would it be preferred to:
>
> A) Create a service that polls LDAP every so often to check for new user
> creation.
> or
> B) Extend the login page to check LDAP after failing to find a user within
> the cloudstack database. On success of finding a user in LDAP a profile
> would automatically be created within the cloudstack database.
>
> Kind regards,
> Ian
>