On 15-Jul-2013, at 9:05 PM, Dean Kamali <dean.kam...@gmail.com<mailto:dean.kam...@gmail.com>> wrote:
okay, I have been trying to excite the following in my browser http://10.0.10.5:8080/client/api?command=ldapConfig&hostname=10.0.10.43&searchbase=OU%3DUsers,DC%3Dmidnetworks,DC%3Dcorp&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=CN%3Dadmin,DC%3Dmidnetworks,DC%3Dcorp&bindpass=password&port=389&response=json <http://10.0.10.5:8080/client/api?command=ldapConfig&hostname=10.0.10.43&searchbase=OU%3DUsers,DC%3Dmidnetworks,DC%3Dcorp&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=CN%3Dadmin,DC%3Dmidnetworks,DC%3Dcorp&bindpass=rootboot&port=389&response=json> where 10.0.10.5 is my CloudStack Management server and 10.0.10.43 is the OpenLDAP server The response in the browser is { "ldapconfigresponse" : {"errorcode":401,"errortext":"unable to verify user credentials and/or request signature"} } Any ideas on what do I need to check? Hi Dean, I just setup CloudStack 4.1 to use Active Directory via OpenLDAP proxies and it works fine. One thing that I did differently is to use CloudMonkey CLI to add the LDAP configuration. $ cloudmonkey cloudmonkey> api ldapConfig hostname=1.2.3.4 searchbase=DC=XXX,DC=LOCAL queryfilter=(uid=%u) binddn=CN=XXX,DC=XXX,DC=LOCAL bindpass=1.2.3.4 port=389 ldapconfig: binddn = CN=xxxx hostname = 1.2.3.4 port = false queryfilter = (uid=%u) searchbase = DC=XXX,DC=LOCAL I assumed that CloudStack would automatically populate the user entry on successful authentication which it did not. You need to create an identical user in CloudStack else authentication will fail. The other thing is that CloudStack allows only one ldap server to connect to. Will need to use a LB in front of the LDAP servers in case you need HA for authentication. Hth. @shankerbalan Thanks On Mon, Jul 15, 2013 at 11:35 AM, Dean Kamali <dean.kam...@gmail.com<mailto:dean.kam...@gmail.com>> wrote: In fact, I will set it up today, and let you guys know On Mon, Jul 15, 2013 at 11:33 AM, Gavin Henry <ghe...@suretec.co.uk<mailto:ghe...@suretec.co.uk>>wrote: Installation of OpenLDAP: http://imduffy15.blogspot.ie/2013/06/setting-up-openldap-server.html Hi all, If you're doing this for a production system please don't use any distro bundled version of OpenLDAP especially on Red Hat and CentOS distros. Debian isn't too bad and either is Ubuntu. Please get a proper up to date version from: http://ltb-project.org/wiki/download Thanks, Gavin. (ghe...@openldap.org) -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghe...@suretec.co.uk Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie, Aberdeenshire, AB51 8GL. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html Do you know we have our own VoIP provider called SureVoIP? See http://www.surevoip.co.uk Did you see our API? http://www.surevoip.co.uk/api -- Shanker Balan Managing Consultant [cid:E7CE8425-E245-4C99-B967-713DF2967392@local] M: +91 98860 60539 shanker.ba...@shapeblue.com<mailto:shanker.ba...@shapeblue.com> | www.shapeblue.com<http://www.shapeblue.com> | Twitter:@shapeblue ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
