Moving along faster than expected with this. The pending patches do the following:
- Disable UI password changes when LDAP is enabled. - Disable API password changes when LDAP is enabled. - Add support for the memberof filter. Hope to get SSL done before the week is out. On 26 July 2013 18:39, Ian Duffy <i...@ianduffy.ie> wrote: > Its all good :-) just don't want to make promises. Can't trust my home > internet at all. > > Cool will keep an eye out for it. I'd imagine it'd be fairly easy to > implement. > > On 26 Jul 2013 18:25, "Musayev, Ilya" <imusa...@webmd.net> wrote: >> >> I understand, I guess do the best you can, sorry you are losing office >> space, if would've have been in NYC, we could have helped you with it :) >> >> I've also sent an email asking for help with scheduled tasks, perhaps >> someone can respond. >> >> Regards >> ilya >> >> > -----Original Message----- >> > From: Ian Duffy [mailto:i...@ianduffy.ie] >> > Sent: Friday, July 26, 2013 1:10 PM >> > To: dev@cloudstack.apache.org >> > Subject: RE: [GSoC] (Screencast/Demo) LDAP user provisioning >> > >> > Hi llya, >> > >> > Apologies in advanced for lack of formatting, currently replying from >> > mobile. >> > >> > Those UI features are present in 4.2 under LDAP configuration within >> > global >> > settings as far as I am aware. They are buggy if I remember correctly. >> > >> > For deactivating users I haven't looked into it yet and have not sent >> > out an >> > email asking for help on creating a scheduled task. It is not included >> > within >> > the project proposal so I was leaving it as a 'if I have time at the >> > end' type of >> > thing. I lose office space and a decent internet connection come august >> > 20th >> > so I'm pushing to get all proposed features done before then. >> > >> > Check out 1:25 such messages exist. >> > >> > Yes has been tested against Apache DS, openldap and active directory. >> > I'm a >> > little worried about implementing a member of filter, I've yet to figure >> > out >> > how to enable that in openldap, active directory has it by default >> > thankfully. >> > You'll need to set your LDAP attributes for active directory within >> > global >> > settings, by default they are at POSIX compliant ones... So.. >> > User object to user username to samAccountName. >> > On 26 Jul 2013 17:20, "Musayev, Ilya" <imusa...@webmd.net> wrote: >> > >> > > Ian >> > > >> > > Watched screencast and you did an amazing job! I want to backport this >> > > into my customized 4.1 cloudstack edition called cloudsand. CloudSand >> > > is a hybrid of CloudStack stable version with some urgently needed >> > > features pulled from master to speed up cloudstack adoption by >> > > enterprises. The work you do on LDAP will be a great addition! >> > > >> > > With that said, I have few questions: >> > > >> > > Back several months aqgo, I recall some work done on LDAP where a >> > > patch was introduced to configure LDAP through UI. Not in Global >> > > Settings like you did for basedn, but in separate window where you >> > > defined hostname and port. Would you know what happened to that? >> > > Where do you stand with scheduled task on checking which ldap users >> > > have been deactivated and deactivate them in CS as well? >> > > Also, it would be nice to mention "User XYZ could not be added due to >> > > missing email (or whatever else is missing)". >> > > Have you tried testing this on Windows AD, unfortunately, many >> > > enterprises use Microsoft Active Directory. >> > > >> > > Thank again for improving CloudStack, >> > > >> > > Regards >> > > -ilya >> > > >> > > >> > > > -----Original Message----- >> > > > From: Ian Duffy [mailto:i...@ianduffy.ie] >> > > > Sent: Friday, July 26, 2013 11:52 AM >> > > > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev >> > > > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning >> > > > >> > > > Hi Guys, >> > > > >> > > > The latest patch I uploaded to review board ( >> > > > https://reviews.apache.org/r/12969/ ) brings the "LDAP user >> > > provisioning" >> > > > project to a "prototype" stage. >> > > > >> > > > If anybody wants to give feedback the ldapplugin branch should have >> > > > all features shown in the screencast once the above patch is >> > > > shipped. >> > > > Support still needs to be added for ldap over SSL, memberof filters >> > > > and >> > > only >> > > > show users that exist within ldap but not cloudstack on the add user >> > > screen. >> > > > >> > > > This includes: >> > > > - A new plugin for configuring ldap, authenticating against LDAP >> > > > and >> > > getting a >> > > > list of users from LDAP. >> > > > - Modified UI >> > > > - Global Settings - Global LDAP configuration options. >> > > > BaseDN, >> > > Bind >> > > > username, Bind password, etc. >> > > > - Global settings -> LDAP Configuration. Lets you add >> > > > multiple >> > > LDAP >> > > > servers for failover support. >> > > > - Accounts -> Add Account. Brings up a table of LDAP users, >> > > > lets >> > > you select >> > > > one to many LDAP users, set the same domain/network >> > > > domain/timezone/etc. for them and create them. >> > > > >> > > > Quick 2min screencast at >> > > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing off >> > these >> > > > additions. >> > > > >> > > > This screencast was created using the embedded LDAP server I added >> > > > in for the sake of integration tests. Its based of ApacheDS, and can >> > > > be started >> > > with >> > > > >> > > > mvn -pl plugins/user-authenticators/ldap ldap:run >> > > > >> > > > Thanks for all the help! >> > > > Ian >> > > >> > >