Dear community,
Currently trying to reconfigure working ACS LDAP authentication
to LDAPs but I believe something of importance may be missing in the guide
(https://docs.cloudstack.apache.org/en/latest/adminguide/accounts.html#ldap-ssl).
It says that if ldap.truststore and ldap.truststore.password
are configured it will switch working to LDAPS but that is not the case.
The logs confirm LDAP protocol is used when adding host after
updating the config - "(logid:aafbef8a) initializing ldap with provider url:
ldap://X.X.X.X:636";
Here are a few questions to round the issue:
* API docs (LDAPCONFIG -
https://cloudstack.apache.org/api/apidocs-4.15/apis/ldapConfig.html) mention
the ability to enable SSL and bind certificate for an ldap host but there is no
option to define the domain for the specific ldap configuration.
* What if multiple domains are present and their configs use the same ldap
server. Can the SSL of one domain ldap config be changed one at a time or is
this based on ldap host level
* ldap.truststore - is syntax something like /opt/CAROOT.crt going to work
or it originates from a default directory?
* ldap.truststore.password - what if the certificate is without password,
is it going to work?
Any example commands on how this can be done through cloudmonkey will be much
appreciated!
Best regards,
Jordan
