Ian, Much appreciated,
Can't wait to put this into real world QA :) Thanks ilya > -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: Wednesday, July 31, 2013 8:58 PM > To: Musayev, Ilya > Cc: dev@cloudstack.apache.org > Subject: Re: [GSoC] (Screencast/Demo) LDAP user provisioning > > Hi Ilya, > > SSL is now done. Still need to do more testing on it but it appears to be > working. > > > I want to backport this into my customized 4.1 cloudstack edition called > cloudsand. CloudSand is a hybrid of > CloudStack stable version with some > urgently needed features pulled from master to speed up cloudstack > > adoption by enterprises. The work you do on LDAP will be a great addition! > > Cool. I didn't realise you had the project on github until I seen your earlier > emails on another subject today, love what you have done with it. I have > forked your repo and added in the features to date along with making > modifications to the code where necessary to support 4.1.1 > > Enjoy: https://github.com/imduffy15/cloudsand > > Will send you a merge request in [a|few] week(s). > > Ian > > On 31 July 2013 09:49, Ian Duffy <i...@ianduffy.ie> wrote: > > Moving along faster than expected with this. > > > > The pending patches do the following: > > > > - Disable UI password changes when LDAP is enabled. > > - Disable API password changes when LDAP is enabled. > > - Add support for the memberof filter. > > > > Hope to get SSL done before the week is out. > > > > On 26 July 2013 18:39, Ian Duffy <i...@ianduffy.ie> wrote: > >> Its all good :-) just don't want to make promises. Can't trust my > >> home internet at all. > >> > >> Cool will keep an eye out for it. I'd imagine it'd be fairly easy to > >> implement. > >> > >> On 26 Jul 2013 18:25, "Musayev, Ilya" <imusa...@webmd.net> wrote: > >>> > >>> I understand, I guess do the best you can, sorry you are losing > >>> office space, if would've have been in NYC, we could have helped you > >>> with it :) > >>> > >>> I've also sent an email asking for help with scheduled tasks, > >>> perhaps someone can respond. > >>> > >>> Regards > >>> ilya > >>> > >>> > -----Original Message----- > >>> > From: Ian Duffy [mailto:i...@ianduffy.ie] > >>> > Sent: Friday, July 26, 2013 1:10 PM > >>> > To: dev@cloudstack.apache.org > >>> > Subject: RE: [GSoC] (Screencast/Demo) LDAP user provisioning > >>> > > >>> > Hi llya, > >>> > > >>> > Apologies in advanced for lack of formatting, currently replying > >>> > from mobile. > >>> > > >>> > Those UI features are present in 4.2 under LDAP configuration > >>> > within global settings as far as I am aware. They are buggy if I > >>> > remember correctly. > >>> > > >>> > For deactivating users I haven't looked into it yet and have not > >>> > sent out an email asking for help on creating a scheduled task. It > >>> > is not included within the project proposal so I was leaving it as > >>> > a 'if I have time at the end' type of thing. I lose office space > >>> > and a decent internet connection come august 20th so I'm pushing > >>> > to get all proposed features done before then. > >>> > > >>> > Check out 1:25 such messages exist. > >>> > > >>> > Yes has been tested against Apache DS, openldap and active directory. > >>> > I'm a > >>> > little worried about implementing a member of filter, I've yet to > >>> > figure out how to enable that in openldap, active directory has it > >>> > by default thankfully. > >>> > You'll need to set your LDAP attributes for active directory > >>> > within global settings, by default they are at POSIX compliant > >>> > ones... So.. > >>> > User object to user username to samAccountName. > >>> > On 26 Jul 2013 17:20, "Musayev, Ilya" <imusa...@webmd.net> wrote: > >>> > > >>> > > Ian > >>> > > > >>> > > Watched screencast and you did an amazing job! I want to > >>> > > backport this into my customized 4.1 cloudstack edition called > >>> > > cloudsand. CloudSand is a hybrid of CloudStack stable version > >>> > > with some urgently needed features pulled from master to speed > >>> > > up cloudstack adoption by enterprises. The work you do on LDAP will > be a great addition! > >>> > > > >>> > > With that said, I have few questions: > >>> > > > >>> > > Back several months aqgo, I recall some work done on LDAP where > >>> > > a patch was introduced to configure LDAP through UI. Not in > >>> > > Global Settings like you did for basedn, but in separate window > >>> > > where you defined hostname and port. Would you know what > happened to that? > >>> > > Where do you stand with scheduled task on checking which ldap > >>> > > users have been deactivated and deactivate them in CS as well? > >>> > > Also, it would be nice to mention "User XYZ could not be added > >>> > > due to missing email (or whatever else is missing)". > >>> > > Have you tried testing this on Windows AD, unfortunately, many > >>> > > enterprises use Microsoft Active Directory. > >>> > > > >>> > > Thank again for improving CloudStack, > >>> > > > >>> > > Regards > >>> > > -ilya > >>> > > > >>> > > > >>> > > > -----Original Message----- > >>> > > > From: Ian Duffy [mailto:i...@ianduffy.ie] > >>> > > > Sent: Friday, July 26, 2013 11:52 AM > >>> > > > To: Sebastien Goasguen; Abhinandan Prateek; CloudStack Dev > >>> > > > Subject: [GSoC] (Screencast/Demo) LDAP user provisioning > >>> > > > > >>> > > > Hi Guys, > >>> > > > > >>> > > > The latest patch I uploaded to review board ( > >>> > > > https://reviews.apache.org/r/12969/ ) brings the "LDAP user > >>> > > provisioning" > >>> > > > project to a "prototype" stage. > >>> > > > > >>> > > > If anybody wants to give feedback the ldapplugin branch should > >>> > > > have all features shown in the screencast once the above patch > >>> > > > is shipped. > >>> > > > Support still needs to be added for ldap over SSL, memberof > >>> > > > filters and > >>> > > only > >>> > > > show users that exist within ldap but not cloudstack on the > >>> > > > add user > >>> > > screen. > >>> > > > > >>> > > > This includes: > >>> > > > - A new plugin for configuring ldap, authenticating against > >>> > > > LDAP and > >>> > > getting a > >>> > > > list of users from LDAP. > >>> > > > - Modified UI > >>> > > > - Global Settings - Global LDAP configuration options. > >>> > > > BaseDN, > >>> > > Bind > >>> > > > username, Bind password, etc. > >>> > > > - Global settings -> LDAP Configuration. Lets you add > >>> > > > multiple > >>> > > LDAP > >>> > > > servers for failover support. > >>> > > > - Accounts -> Add Account. Brings up a table of LDAP > >>> > > > users, lets > >>> > > you select > >>> > > > one to many LDAP users, set the same domain/network > >>> > > > domain/timezone/etc. for them and create them. > >>> > > > > >>> > > > Quick 2min screencast at > >>> > > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 showing > off > >>> > these > >>> > > > additions. > >>> > > > > >>> > > > This screencast was created using the embedded LDAP server I > >>> > > > added in for the sake of integration tests. Its based of > >>> > > > ApacheDS, and can be started > >>> > > with > >>> > > > > >>> > > > mvn -pl plugins/user-authenticators/ldap ldap:run > >>> > > > > >>> > > > Thanks for all the help! > >>> > > > Ian > >>> > > > >>> > >
