Yes, please do. Thank you, -abhi
[email protected] www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On 06/08/16, 12:09 AM, "Matthew Smart" <[email protected]> wrote: >Abhi, > >What we want is to add LDAP support to openswan (ppp plugin maybe?) on >the VR so that users can be authenticated and authorized via our ldap >server. I have been digging through the code and familiarizing myself >with it. Should I move this conversation to the dev list before I get >into the use case I am working on? > >Thanks, > >Matthew Smart >President >Smart Software Solutions Inc. >108 S Pierre St. >Pierre, SD 57501 > >Phone: (605) 280-0383 >Skype: msmart13 >Email: [email protected] > >On 08/05/2016 04:17 AM, Abhinandan Prateek wrote: >> Hi Matthew, >> >> What is the use case to add ldap (server ?) to VR ? >> >> The system vms are stateless and any support needs to be build into system >> vm template which as you rightly pointed out, is debian based. >> >> The way to get started on this is to first familiarise yourself with the >> process of building system vm templates. (In tools/appliance ) >> And next step will be to figure out how you can send configuration >> information from management server to a VR. (You can check how firewall >> rules are configured etc) >> >> -abhi >> >> >> >> >> [email protected] >> www.shapeblue.com >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK >> @shapeblue >> >> >> >> On 04/08/16, 11:36 PM, "Matthew Smart" <[email protected]> wrote: >> >>> Guys, >>> >>> Thanks for the info. My next step is to engage the dev mailing list to >>> see if there is any interest in my team contributing to add ldap or >>> radius (not familiar with the available plugins for open/strong swan) >>> support to the VR. I assume the SAML support in cloudstack is for the UI >>> just like the LDAP support? >>> >>> In the meantime, I see two options that I want to run by you guys. The >>> first being creating a VM cluster in a special account that has access >>> to all of the isolated networks to use as a master VPN server. >>> Essentially, I would be replicate my current non-cloudstack setup as a >>> temporary solution. Given that I am more than qualified to manually >>> manipulate the api, db, and configs to associate this VM with all of the >>> isolated guest networks. Is this even possible? >>> >>> The other, less appealing option is to override the current VR VM with >>> one I have configured with the ppp ldap plugin and configs I would need >>> to support what I want to do. Obviously, I don't like the idea of >>> breaking my ability to upgrade the VR as new versions are released but I >>> think this is doable in that the VR looks to be just a Debian VM. If I >>> am careful I should be able to add my changes without breaking it... but >>> given my current knowledge of the VR and networking internals of >>> Cloudstack I could easily break something in some subtle way that does >>> not present until we are in production. Not ideal. >>> >>> What do you guys recommend as a course forward until we get a more >>> modular access/auth subsystem contributed to the project? I am so close >>> to having cloudstack do exactly what I want. It is 95% perfect for us. I >>> just need to figure out this other 5%. >>> >>> Thanks, >>> >>> Matthew Smart >>> President >>> Smart Software Solutions Inc. >>> 108 S Pierre St. >>> Pierre, SD 57501 >>> >>> Phone: (605) 280-0383 >>> Skype: msmart13 >>> Email: [email protected] >>> >>> On 08/03/2016 12:48 AM, ilya wrote: >>>> VR VPN + LDAP access >
