Hi Matthew, What is the use case to add ldap (server ?) to VR ?
The system vms are stateless and any support needs to be build into system vm template which as you rightly pointed out, is debian based. The way to get started on this is to first familiarise yourself with the process of building system vm templates. (In tools/appliance ) And next step will be to figure out how you can send configuration information from management server to a VR. (You can check how firewall rules are configured etc) -abhi [email protected] www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On 04/08/16, 11:36 PM, "Matthew Smart" <[email protected]> wrote: >Guys, > >Thanks for the info. My next step is to engage the dev mailing list to >see if there is any interest in my team contributing to add ldap or >radius (not familiar with the available plugins for open/strong swan) >support to the VR. I assume the SAML support in cloudstack is for the UI >just like the LDAP support? > >In the meantime, I see two options that I want to run by you guys. The >first being creating a VM cluster in a special account that has access >to all of the isolated networks to use as a master VPN server. >Essentially, I would be replicate my current non-cloudstack setup as a >temporary solution. Given that I am more than qualified to manually >manipulate the api, db, and configs to associate this VM with all of the >isolated guest networks. Is this even possible? > >The other, less appealing option is to override the current VR VM with >one I have configured with the ppp ldap plugin and configs I would need >to support what I want to do. Obviously, I don't like the idea of >breaking my ability to upgrade the VR as new versions are released but I >think this is doable in that the VR looks to be just a Debian VM. If I >am careful I should be able to add my changes without breaking it... but >given my current knowledge of the VR and networking internals of >Cloudstack I could easily break something in some subtle way that does >not present until we are in production. Not ideal. > >What do you guys recommend as a course forward until we get a more >modular access/auth subsystem contributed to the project? I am so close >to having cloudstack do exactly what I want. It is 95% perfect for us. I >just need to figure out this other 5%. > >Thanks, > >Matthew Smart >President >Smart Software Solutions Inc. >108 S Pierre St. >Pierre, SD 57501 > >Phone: (605) 280-0383 >Skype: msmart13 >Email: [email protected] > >On 08/03/2016 12:48 AM, ilya wrote: >> VR VPN + LDAP access >
