Ian thanks a lot for your proposal and submission. This project has been proposed by Abhinandan Prateek, so I am copying him in this email so he can comment.
@Abhi, you need to access the google melange site and find Ian's proposal -Sebastien On May 3, 2013, at 12:40 PM, Ian Duffy <i...@ianduffy.ie> wrote: > Hi, > > Sorry just noticed that the attachment appeared to have got stripped, here > is the contents of the PDF. Alternatively I have uploaded it here: > http://ianduffy.ie/Cloudstack-LDAP.pdf > > *Apache Cloudstack Google Summer of Code Project: LDAP user provisioning* > > > Need to automate the way the LDAP users are provisioned into cloud stack. > This will mean better integration with a LDAP server, ability to import > users and a way to define how the LDAP user maps to the cloudstack users. > > > Abstract > > > > The aim of this project is to provide an easier mechanism to provision > users from LDAP into cloudstack. Currently cloudstack provides > authentication LDAP authentication. In this authentication users must be > first setup in cloudstack. Once the user is setup in cloudstack they can > authenticate using their ldap username and password. > > > > This feature aims to extend the current functionality to make user setup > align with LDAP group. > > > Deliverables > > ñ Service that retrieves a list of ldap users from the configured group > > ñ Extension of cloudstack UI “Add User” screen to offer user list from > LDAP > > ñ Add service for saving new user with details from LDAP > > ñ BDD unit and acceptance automated testing > > ñ Document change details > > > Quantifiable results > > > Given A need to add new user to cloudstack and LDAP is setup > > When > > You open the “Add User” screen > > Then > > A table of users appears for the current list of users (not already created > on cloudstack) from the LDAP group displaying their a checkbox, username, > name and email address. The timezone dropdown will still be available > beside each user. > Given A need to add new user to cloudstack and LDAP is not setup > > When > > You open the “Add User” screen > > Then > > The current add user screen and functionality is provided > Given A need to add new user to cloudstack and LDAP is setup > > When > > You open the “Add User” screen and mandatory information is missing > > Then > > These fields will be editable to enable you populate the name or email > address > > > Given A need to add new user to cloudstack, LDAP is setup but user is in > the ldap query group > > When > > You open the “Add User” screen > > Then > > There is a list of LDAP users displayed but your current user is present in > the list > Given A need to add new user to cloudstack, LDAP is setup but user is > not in the query group > > When > > You open the “Add User” screen > > Then > > There is a list of LDAP users displayed but your current user is not in the > list > Given You need to add group of new users to cloudstack > > When > > You open the “Add User” screen, select the users and hit save > > Then > > The list of new users are saved to the database > > > Given You need to add group of new users to cloudstack > > When > > You open the “Add User” screen, select the users and hit save > > Then > > The list of new users are saved to the database > > > Given You have created a new LDAP user on cloudstack > > When > > The user authenticates against cloudstack with the right credentials > > Then > > They are authorised in cloudstack > Given A user wants to edit an LDAP user > > When > > They open the Edit User screen > > Then > > The password fields are disabled and cannot be changed > The design document *Ldap User List Service* > > > > *name*: ldapUserList > > *responseObject*: LDAPUserResponse {username, email, name} > > *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no > option provided) > > > > Create a new API service call for retreiving the list of users from LDAP. > This will call a new ConfigurationService which will retrieve the list of > users using the configured search base and the query filter. The list may > be filtered in the ConfigurationService based on listType parameter. > > > > *Ldap Available Service* > > > > *name*: ldapAvailable > > *responseObject*: LDAPAvailableResponse {available:boolean} > > > > Create a new API service call verifying LDAP is setup correctly verifying > the following configuration elements are all set: > > ñ ldap.hostname > > ñ ldap.port > > ñ ldap.usessl > > ñ ldap.queryfilter > > ñ ldap.searchbase > > ñ ldap.dn > > ñ ldap.password > > > > The verification that all of these are set will return an available boolean > true. If required this could perform a status check against LDAP first and > provide warning if it fails. > > > *Ldap Save Users Service* > > > > *name*: ldapSaveUsers > > *responseObject*: LDAPSaveUsersResponse {list<UserResponse>} > > *parameter*: list of users > > > > Saves the list of objects instead. Following the functionality in > CreateUserCmd it will > > ñ Create the user via the account service > > ñ Handle the response > > > > It will be decided whether a transation should remain over whole save or > only over individual users. A list of UserResponse will be returned. > > > > > > > > *Extension of cloudstack UI “Add User” screen * > > > > Extend account.js to enable it add a user list with editable fields where > required. The new “Add User” screen for LDAP setup. > > ñ This will make an ajax call to the ldapAvailable, ldapUserList and > ldapSaveUsers services > > ñ Validation will be maintained on username, email, firstname and lastname > > > > *Extension of cloudstack UI “Edit User” screen * > > > > Extend account.js to disable the password fields on the edit user screen if > LDAP available. > > ñ This will make an ajax call to the ldapAvailable and updateUser services > > ñ Validation will be maintained on username, email, firstname and > lastname. Additional server validation will ensure password has not > changed. > > > > > Approach > > > > To get started a development cloudstack environment with DevCloud used to > verify changes. Then once the schedule agreed with the mentor the > deliverables will be broken into smaller User stories with expected > delivery dates set. The development cycle will focus on BDD enforcing all > unit and acceptance tests written first. > > > > A build pipe line for continious delivery environment around cloudstack > here will be created, the following stages will be adopted > > > > *Stage* > > *Action* > > Commit > > Runs unit tests > > Sonar > > Runs code quality metrics > > Acceptance > > Deploys the dev cloud and runs all acceptance tests > > Deployment > > Deploy a new management server using Chef > > > > > About Me > > > > I am a Computer Science Student at Dublin City University in Ireland. I > have interests in virtualization, automation, information systems, > networking and web development. > > > > I was involved with a project in a K-12(educational) environment of moving > their server systems over to a virtualized environment on ESXi. I have > good knowledge of programming in Java, PHP and Scripting langages. During > the configuration of an automation system for OS deployment I experienced > some exposure to scripting in powershell, batch, vbs and bash and > configuration of PXE images based of WinPE and Debian. > > Additionally I am also a mentor in an opensource teaching movement called > CoderDojo, we teach kids from the age of 8 everything from web page, HTML 5 > game and raspberry pi development. > > > > I’m excited at the opportunity and learning experience that cloudstack are > offering with this project. > > > References > > > > ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html > > ñ > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admin_Guide/ > > ñ > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_Developers_Guide/index.html > > ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014 > > ñ > http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summer-of-code > > ñ > http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudstack-v401.html > > ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html > > ñ http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html > > > > > > > On 3 May 2013 17:35, Ian Duffy <i...@ianduffy.ie> wrote: > >> Hi, >> >> I was wondering If I could get some feedback on the attached file labeled >> "Cloudstack-LDAP.pdf". It outlines a design document for the project >> labeled "LDAP user provisioning" >> >> From my current understanding of the single sign on mechanism implemented >> in cloudstack a LDAP user must be created manually within the cloudstack >> database. Would it be preferred to: >> >> A) Create a service that polls LDAP every so often to check for new user >> creation. >> or >> B) Extend the login page to check LDAP after failing to find a user within >> the cloudstack database. On success of finding a user in LDAP a profile >> would automatically be created within the cloudstack database. >> >> Kind regards, >> Ian >>
