Add LDAP Server (Enable AD Integration)
Home > Global Settings (DropDown) > LDAP Configurtion.
Update Global Parameters
1. ldap.basedb = DC=acp,DC=local
2. ldap.bind.password = BIND-PASS (Below User's password)
3. ldap.bind.principal = CN=axar,OU=support,DC=acp,DC=local (Will need User who can authenticate with ldap)
4. ldap.email.attribute = mail
5. ldap.firstname.attribute = givenname
6. ldap.group.object = AD
7. ldap.group.user.uniquemember = member
8. ldap.lastname.attribute = sn
9. ldap.search.group.principle = CN=cloudplatform,OU=support,DC=acp,DC=local (If user wants to list only group users then provide value as mentioned) [It is optional so, we can leave blank as well which will list all users from any group]
10. ldap.truststore = IF SSL based auth (path)
11. ldap.truststore.password = IF SSL based auth (password)
12. ldap.user.object = user
13. ldap.username.attribute = SAMAccountName
Note: Above added values will be converted in to encrypted value.
Restart cloudstack-management service
Step 4: (Optional)
Add a few users for testing under Group “cloudplatform”
Move to Home > Accounts
Click on Add LDAP Account.
Choose any user which you would like to add.
I have selected 1st User.
User is added here.
Login with LDAP user.
**How to Import LDAP Users to Rovius CP Automatically**
Add The group which is present in Active Directory.
There will be no users after LINK DOMAIN TO LDAP. (But it will be automatically added on the first login)
Login with domain and use that user which is available under the same group.
Able to login with a new user. (This user will be added automatically)
After adding LDAP if you find below error with data 52e then, basedn and bind password and principal has wrong data. Due to that, it is not able to communicate with LDAP server.
2020-02-04 17:30:55,969 DEBUG [o.a.c.l.LdapContextFactory] (catalina-exec-11:ctx-f9f9267d ctx-e0a5b70b) (logid:e1731077) initializing ldap with provider url: ldap://10.148.28.251:389
2020-02-04 17:30:56,015 DEBUG [o.a.c.l.LdapManagerImpl] (catalina-exec-11:ctx-f9f9267d ctx-e0a5b70b) (logid:e1731077) ldap Exception:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09041C, comment: AcceptSecurityContext error, data 52e, v4563^@]
Adding the account which doesn’t have an email id or last name. (if we add email ID in AD account for this user then, this message will not come)
How to add Single AD Group?
If the user wants only a single group then, the user can add by mentioning group name and OU.
Home > Accounts > Add LDAP Account (button) > LDAP Group (mention group name)
Example - Group FQDN in AD : CN=R_ACP_ADMINS,OU=Role,OU=Groups,OU=Objects,DC=acp,DC=local
Example - Group format in ACP : R_ACP_ADMINS,OU=Role,OU=Groups,OU=Objects
Even, can use API call for the same.