You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Pranav Saxena <pr...@citrix.com> on 2013/02/15 16:50:31 UTC
RE: [ACS4.2] LDAP UI - UI Integration Complete
Abhi ,
I have completed the server side and front end integration for the LDAP requirement . I have done a basic sanity testing and the API call goes successfully and returns an incorrect response since the LDAP isn't configured on my machine .Also , for listing the LDAP configuration in the list View ,you would need to provide me with the list API call. Currently the entire code is in my feature branch and we'll integrate it with asf/master once the feature is perfectly tested.
I would request someone who could configure LDAP server and test out the functionality .
Thanks,
Pranav
-----Original Message-----
From: Abhinandan Prateek
Sent: Friday, February 15, 2013 7:54 PM
To: Pranav Saxena
Cc: cloudstack-dev@incubator.apache.org
Subject: Re: [ACS4.2] LDAP UI
Yep, it's not there will add one.
-abhi
On 15-Feb-2013, at 7:36 PM, "Pranav Saxena" <pr...@citrix.com> wrote:
> Abhi ,
>
> Just wanted to check with you if we have a list LDAP configuration API call in CS ? Because I would need this to list the current LDAP configuration on the UI , if it exists .
>
> Regards,
> Pranav
>
> -----Original Message-----
> From: Abhinandan Prateek [mailto:Abhinandan.Prateek@citrix.com]
> Sent: Thursday, February 14, 2013 12:27 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: [ACS4.2] LDAP UI
>
>
> On 14/02/13 11:30 AM, "David Nalley" <da...@gnsa.us> wrote:
>
>> On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena
>> <pr...@citrix.com> wrote:
>>> To configure LDAP , we need to pass in few multiple mandatory
>>> parameters -
>>>
>>> hostname Hostname or ip address of the ldap server eg:
>>> my.ldap.com
>>> queryfilter You specify a query filter here, which narrows down the
>>> users, who can be part of this domain.
>>> searchbase The search base defines the starting point for the
>>> search in the directory tree
>>>
>>> If you are referring to Global settings , that can be done but then
>>> we'll have to have three Ldap config parameters there . if that is a
>>> good design to handle this , then yes we can do that. Perhaps , the
>>> idea is to have a single dialog box where a user could supply three
>>> values and configure and debug them if something goes wrong.
>>
>>
>> Those are the mandatory API inputs for CloudStack.
>> But almost all environments will require username/password for
>> binding at a minimum, and you should probably, and prolly offer the
>> SSL option as well. Port should probably be an option too.
>>
>> Without at least bind creds, the API configuration is practically
>> useless on any modern LDAP server.
>>
>> --David
>
> The admin guide documents the LDAP API. SSL is supported.
> http://incubator.apache.org/cloudstack/docs/en-US/Apache_CloudStack/4.
> 0.0-i
> ncubating/pdf/Admin_Guide/Apache_CloudStack-4.0.0-incubating-Admin_Gui
> de-en
> -US.pdf
>
> Look for LDAP configuration. In short you have following config params:
>
> hostname
> searchbase
> queryfilter
> binddn
> bindpass
> port
> ssl
> truststore
> truststorepass
> response
>
>
>
> -abhi
>
>
>
>>
>
RE: [ACS4.2] LDAP UI - UI Integration Complete
Posted by Pranav Saxena <pr...@citrix.com>.
Hi Abhi ,
How about any changes in the parameters being passed in the createAccount API call ? May be something to reflect if it's an external account ?
Regards,
Pranav
-----Original Message-----
From: Abhinandan Prateek
Sent: Wednesday, February 20, 2013 9:37 AM
To: Pranav Saxena
Cc: cloudstack-dev@incubator.apache.org; Musayev, Ilya <im...@webmd.net> (imusayev@webmd.net)
Subject: Re: [ACS4.2] LDAP UI - UI Integration Complete
Pranav,
I think we also need to modify the account/user creation a bit so that we can create accounts that will be validated external to cloudstack.
I think a checkbox in account create dialog that says that these accounts are external and then disable the password field would be great.
-abhi
On 15/02/13 9:20 PM, "Pranav Saxena" <pr...@citrix.com> wrote:
>Abhi ,
>
>I have completed the server side and front end integration for the LDAP
>requirement . I have done a basic sanity testing and the API call goes
>successfully and returns an incorrect response since the LDAP isn't
>configured on my machine .Also , for listing the LDAP configuration in
>the list View ,you would need to provide me with the list API call.
>Currently the entire code is in my feature branch and we'll integrate
>it with asf/master once the feature is perfectly tested.
>
>I would request someone who could configure LDAP server and test out
>the functionality .
>
>Thanks,
>Pranav
>
>-----Original Message-----
>From: Abhinandan Prateek
>Sent: Friday, February 15, 2013 7:54 PM
>To: Pranav Saxena
>Cc: cloudstack-dev@incubator.apache.org
>Subject: Re: [ACS4.2] LDAP UI
>
>Yep, it's not there will add one.
>
>-abhi
>
>
>
>On 15-Feb-2013, at 7:36 PM, "Pranav Saxena" <pr...@citrix.com>
>wrote:
>
>> Abhi ,
>>
>> Just wanted to check with you if we have a list LDAP configuration
>>API call in CS ? Because I would need this to list the current LDAP
>>configuration on the UI , if it exists .
>>
>> Regards,
>> Pranav
>>
>> -----Original Message-----
>> From: Abhinandan Prateek [mailto:Abhinandan.Prateek@citrix.com]
>> Sent: Thursday, February 14, 2013 12:27 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: [ACS4.2] LDAP UI
>>
>>
>> On 14/02/13 11:30 AM, "David Nalley" <da...@gnsa.us> wrote:
>>
>>> On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena
>>> <pr...@citrix.com> wrote:
>>>> To configure LDAP , we need to pass in few multiple mandatory
>>>> parameters -
>>>>
>>>> hostname Hostname or ip address of the ldap server eg:
>>>> my.ldap.com
>>>> queryfilter You specify a query filter here, which narrows down
>>>>the
>>>> users, who can be part of this domain.
>>>> searchbase The search base defines the starting point for the
>>>> search in the directory tree
>>>>
>>>> If you are referring to Global settings , that can be done but then
>>>> we'll have to have three Ldap config parameters there . if that is
>>>> a good design to handle this , then yes we can do that. Perhaps ,
>>>> the idea is to have a single dialog box where a user could supply
>>>> three values and configure and debug them if something goes wrong.
>>>
>>>
>>> Those are the mandatory API inputs for CloudStack.
>>> But almost all environments will require username/password for
>>> binding at a minimum, and you should probably, and prolly offer the
>>> SSL option as well. Port should probably be an option too.
>>>
>>> Without at least bind creds, the API configuration is practically
>>> useless on any modern LDAP server.
>>>
>>> --David
>>
>> The admin guide documents the LDAP API. SSL is supported.
>> http://incubator.apache.org/cloudstack/docs/en-US/Apache_CloudStack/4.
>> 0.0-i
>> ncubating/pdf/Admin_Guide/Apache_CloudStack-4.0.0-incubating-Admin_Gu
>> i
>> de-en
>> -US.pdf
>>
>> Look for LDAP configuration. In short you have following config params:
>>
>> hostname
>> searchbase
>> queryfilter
>> binddn
>> bindpass
>> port
>> ssl
>> truststore
>> truststorepass
>> response
>>
>>
>>
>> -abhi
>>
>>
>>
>>>
>>
Re: [ACS4.2] LDAP UI - UI Integration Complete
Posted by Abhinandan Prateek <Ab...@citrix.com>.
Pranav,
I think we also need to modify the account/user creation a bit so that
we can create accounts that will be validated external to cloudstack.
I think a checkbox in account create dialog that says that these accounts
are external and then disable the password field would be great.
-abhi
On 15/02/13 9:20 PM, "Pranav Saxena" <pr...@citrix.com> wrote:
>Abhi ,
>
>I have completed the server side and front end integration for the LDAP
>requirement . I have done a basic sanity testing and the API call goes
>successfully and returns an incorrect response since the LDAP isn't
>configured on my machine .Also , for listing the LDAP configuration in
>the list View ,you would need to provide me with the list API call.
>Currently the entire code is in my feature branch and we'll integrate it
>with asf/master once the feature is perfectly tested.
>
>I would request someone who could configure LDAP server and test out the
>functionality .
>
>Thanks,
>Pranav
>
>-----Original Message-----
>From: Abhinandan Prateek
>Sent: Friday, February 15, 2013 7:54 PM
>To: Pranav Saxena
>Cc: cloudstack-dev@incubator.apache.org
>Subject: Re: [ACS4.2] LDAP UI
>
>Yep, it's not there will add one.
>
>-abhi
>
>
>
>On 15-Feb-2013, at 7:36 PM, "Pranav Saxena" <pr...@citrix.com>
>wrote:
>
>> Abhi ,
>>
>> Just wanted to check with you if we have a list LDAP configuration API
>>call in CS ? Because I would need this to list the current LDAP
>>configuration on the UI , if it exists .
>>
>> Regards,
>> Pranav
>>
>> -----Original Message-----
>> From: Abhinandan Prateek [mailto:Abhinandan.Prateek@citrix.com]
>> Sent: Thursday, February 14, 2013 12:27 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: [ACS4.2] LDAP UI
>>
>>
>> On 14/02/13 11:30 AM, "David Nalley" <da...@gnsa.us> wrote:
>>
>>> On Thu, Feb 14, 2013 at 12:51 AM, Pranav Saxena
>>> <pr...@citrix.com> wrote:
>>>> To configure LDAP , we need to pass in few multiple mandatory
>>>> parameters -
>>>>
>>>> hostname Hostname or ip address of the ldap server eg:
>>>> my.ldap.com
>>>> queryfilter You specify a query filter here, which narrows down
>>>>the
>>>> users, who can be part of this domain.
>>>> searchbase The search base defines the starting point for the
>>>> search in the directory tree
>>>>
>>>> If you are referring to Global settings , that can be done but then
>>>> we'll have to have three Ldap config parameters there . if that is a
>>>> good design to handle this , then yes we can do that. Perhaps , the
>>>> idea is to have a single dialog box where a user could supply three
>>>> values and configure and debug them if something goes wrong.
>>>
>>>
>>> Those are the mandatory API inputs for CloudStack.
>>> But almost all environments will require username/password for
>>> binding at a minimum, and you should probably, and prolly offer the
>>> SSL option as well. Port should probably be an option too.
>>>
>>> Without at least bind creds, the API configuration is practically
>>> useless on any modern LDAP server.
>>>
>>> --David
>>
>> The admin guide documents the LDAP API. SSL is supported.
>> http://incubator.apache.org/cloudstack/docs/en-US/Apache_CloudStack/4.
>> 0.0-i
>> ncubating/pdf/Admin_Guide/Apache_CloudStack-4.0.0-incubating-Admin_Gui
>> de-en
>> -US.pdf
>>
>> Look for LDAP configuration. In short you have following config params:
>>
>> hostname
>> searchbase
>> queryfilter
>> binddn
>> bindpass
>> port
>> ssl
>> truststore
>> truststorepass
>> response
>>
>>
>>
>> -abhi
>>
>>
>>
>>>
>>