Bug Reference
CLOUDSTACK-4866
Branch
master, 4.3
Introduction
This will improve cloudstack LDAP integration by enabling import of LDAP users.
Current Scenario
Right now, LDAP users accounts are created in cloudstack manually and once added, the user will be able to login with LDAP username,password
Feature Specifications
Requirements
- Ability to add multiple LDAP servers.
- From the Global Settings -> Ldap Configuration page, multiple LDAP servers can be added by providing hostname, port
- Ability to Configure global LDAP params
- global LDAP params such as the basedn, password, etc. will be available in the global settings. filtering by ldap will list all the available options.
- Ability to import Users into LDAP based on some filtering/manual selection
- After LDAP integrations is enabled by following the above two steps, if you access Account->add Account a dialog will be displayed to selectively import LDAP users. Ability to filter by group name and import all the users within a group will be added in this dialog.
New APIs
Java Class | API call | Description | params |
---|
LdapUserSearchCmd | searchLdap | Searches LDAP based on the username attribute | - query - username to search using
it does the search like the mysql 'like' ie %username%
|
LdapListUsersCmd | listLdapUsers | Lists all LDAP Users | - listType - if "all" returns all users else only non-cloudstack users
|
LdapAddConfigurationCmd | addLdapConfiguration | Add a new Ldap Configuration | - hostname - Host name of the ldap server
- port - port number
|
LdapDeleteConfigurationCmd | deleteLdapConfiguration | Remove an Ldap Configuration | - hostname - the hostname of the configuration to delete
|
LdapListConfigurationCmd | listLdapConfigurations | Lists all LDAP configurations | - hostname - Host name of the ldap server
- port - port number
|
LdapCreateAccountCmd | ldapCreateAccount | Creates an account from an LDAP user | - accountName - Creates the user under the specified account. If no account is specified, the username will be used as the account name.
- accountType - Type of the account. Specify 0 for user, 1 for root admin, and 2 for domain admin
- domainId - Creates the user under the specified domain.
- timezone - the timezone of the user
- username - Unique username.
- networkDomain - Network domain for the account's networks
- details - details for account used to store specific parameters
- accountUUID - Account UUID
- userUUID - User UUID
|
LdapImportUsersCmd | importLdapUsers | Import LDAP users to cloudstack | - timezone - the timezone for the imported users
- accountType - Type of the account. Specify 0 for user, 1 for root admin, and 2 for domain admin
- details - details for account used to store specific parameters
- group - Specifies the group name from which the ldap users are to be imported. If no group is specified, all the users will be imported.
- domainId - Specifies the domain to which the ldap users are to be imported. If no domain is specified, a domain will created using group parameter. If the group is also not specified, a domain name based on the OU information will be created. If no OU hierarchy exists, will be defaulted to ROOT domain
|
References
Student Projects -> Ian Duffy -> LDAP Integration