shanker Thank you so much, I have used CloudMonkey and worked from the first try, I haven't had much success with using the URL and browser.
I'm now able to use ldap passwords to log in,for existing users in CloudStack, now the natural question follows, is there is away I could sync ldap users with CloudStack? Thank you On Tue, Jul 16, 2013 at 11:27 AM, Shanker Balan <shanker.ba...@shapeblue.com > wrote: > On 15-Jul-2013, at 9:05 PM, Dean Kamali <dean.kam...@gmail.com> wrote: > > okay, I have been trying to excite the following in my browser > > http://10.0.10.5:8080/client/api? > command=ldapConfig&hostname=10.0.10.43&searchbase=OU%3DUsers,DC%3Dmidnetworks,DC%3Dcorp&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=CN%3Dadmin,DC%3Dmidnetworks,DC%3Dcorp&bindpass=password&port=389&response=json > < > http://10.0.10.5:8080/client/api?command=ldapConfig&hostname=10.0.10.43&searchbase=OU%3DUsers,DC%3Dmidnetworks,DC%3Dcorp&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=CN%3Dadmin,DC%3Dmidnetworks,DC%3Dcorp&bindpass=rootboot&port=389&response=json > > > > > where 10.0.10.5 is my CloudStack Management server and 10.0.10.43 is > the OpenLDAP server > > > The response in the browser is > > { "ldapconfigresponse" : {"errorcode":401,"errortext":"unable to > verify user credentials and/or request signature"} } > > > Any ideas on what do I need to check? > > > > Hi Dean, > > I just setup CloudStack 4.1 to use Active Directory via OpenLDAP proxies > and it works fine. One thing that I did differently is to use CloudMonkey > CLI to add the LDAP configuration. > > $ cloudmonkey > cloudmonkey> api ldapConfig hostname=1.2.3.4 searchbase=DC=XXX,DC=LOCAL > queryfilter=(uid=%u) binddn=CN=XXX,DC=XXX,DC=LOCAL bindpass=1.2.3.4 port=389 > ldapconfig: > binddn = CN=xxxx > hostname = 1.2.3.4 > port = false > queryfilter = (uid=%u) > searchbase = DC=XXX,DC=LOCAL > > I assumed that CloudStack would automatically populate the user entry on > successful authentication which it did not. > > You need to create an identical user in CloudStack else authentication > will fail. The other thing is that CloudStack allows only one ldap server > to connect to. Will need to use a LB in front of the LDAP servers in case > you need HA for authentication. > > Hth. > @shankerbalan > > > > Thanks > > > > On Mon, Jul 15, 2013 at 11:35 AM, Dean Kamali <dean.kam...@gmail.com> > wrote: > > In fact, I will set it up today, and let you guys know > > > On Mon, Jul 15, 2013 at 11:33 AM, Gavin Henry <ghe...@suretec.co.uk>wrote: > > Installation of OpenLDAP: > http://imduffy15.blogspot.ie/2013/06/setting-up-openldap-server.html > > > Hi all, > > If you're doing this for a production system please don't use any > distro bundled version of OpenLDAP especially on Red Hat and CentOS > distros. Debian isn't too bad and either is Ubuntu. Please get a > proper up to date version from: > > http://ltb-project.org/wiki/download > > Thanks, > > Gavin. (ghe...@openldap.org) > > -- > Kind Regards, > > Gavin Henry. > Managing Director. > > T +44 (0) 1224 279484 > M +44 (0) 7930 323266 > F +44 (0) 1224 824887 > E ghe...@suretec.co.uk > > Open Source. Open Solutions(tm). > > http://www.suretecsystems.com/ > > Suretec Systems is a limited company registered in Scotland. Registered > number: SC258005. Registered office: 24 Cormack Park, Rothienorman, > Inverurie, > Aberdeenshire, AB51 8GL. > > Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html > > Do you know we have our own VoIP provider called SureVoIP? See > http://www.surevoip.co.uk > > Did you see our API? http://www.surevoip.co.uk/api > > > > > -- > Shanker Balan > Managing Consultant > > > > M: +91 98860 60539 > shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue > ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - > 560 055 > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is > operated under license from Shape Blue Ltd. ShapeBlue is a registered > trademark. >
