Using Rovius CloudPlatform 4.11 with Mircosoft Active Directory

Problem

How to configure LDAP with CloudPlatform using Microsoft AD?

Prerequisites

Expecting AD is already configured.
Expecting One AD user for LDAP connection request. 

Steps

Step 1:

Add LDAP Server (Enable AD Integration)

Home > Global Settings (DropDown) > LDAP Configurtion.

  

 

  

 

 

Step 2:

 

Update Global Parameters

 

1.     ldap.basedb = DC=acp,DC=local

 

2.     ldap.bind.password = BIND-PASS (Below User's password)

 

3.     ldap.bind.principal = CN=axar,OU=support,DC=acp,DC=local (Will need User who can authenticate with ldap)

 

4.     ldap.email.attribute = mail

 

5.     ldap.firstname.attribute = givenname

 

6.     ldap.group.object = AD

 

7.     ldap.group.user.uniquemember = member

 

8.     ldap.lastname.attribute = sn

 

9.     ldap.search.group.principle = CN=cloudplatform,OU=support,DC=acp,DC=local (If user wants to list only group users then provide value as mentioned) [It is optional so, we can leave blank as well which will list all users from any group]

 

10.  ldap.truststore = IF SSL based auth (path)

 

11.  ldap.truststore.password = IF SSL based auth (password)

 

12.  ldap.user.object = user

 

     13. ldap.username.attribute = SAMAccountName    

 

Example:

  

Note: Above added values will be converted in to encrypted value.

 

Step 3:  

Restart cloudstack-management service

 

Step 4: (Optional)

 

Add a few users for testing under Group “cloudplatform”

 

  

 

Step 5:

 

Move to Home > Accounts

 

  

 

 

Step 6:

 

Click on Add LDAP Account.

 

  

 

 

Step 7:

 

Choose any user which you would like to add.

 

I have selected 1st User.

 

  

 

User is added here.

 

  

 

Step 8:

 

Login with LDAP user.

 

  

 

  

 

**How to Import LDAP Users to Rovius CP Automatically**

 

Step 1:

 

Add Domain

 

  

 

Step 2:

 

Add The group which is present in Active Directory.

 

  

 

 

Step 3:

There will be no users after LINK DOMAIN TO LDAP. (But it will be automatically added on the first login)

 

  

 

Step 4:


Login with domain and use that user which is available under the same group.

 

  

 

Step 5:

Able to login with a new user. (This user will be added automatically)

  

 

Step 6:

Validate it.

 

  

 

 

 

 

 

 

Common Error:

 

 

Issue:

After adding LDAP if you find below error with data 52e then, basedn and bind password and principal has wrong data. Due to that, it is not able to communicate with LDAP server.

 

2020-02-04 17:30:55,969 DEBUG [o.a.c.l.LdapContextFactory] (catalina-exec-11:ctx-f9f9267d ctx-e0a5b70b) (logid:e1731077) initializing ldap with provider url: ldap://10.148.28.251:389

 

2020-02-04 17:30:56,015 DEBUG [o.a.c.l.LdapManagerImpl] (catalina-exec-11:ctx-f9f9267d ctx-e0a5b70b) (logid:e1731077) ldap Exception:

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09041C, comment: AcceptSecurityContext error, data 52e, v4563^@]

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)    

 

Issue:

 

Adding the account which doesn’t have an email id or last name. (if we add email ID in AD account for this user then, this message will not come)

 

  

 

  

 
How to add Single AD Group?

 

If the user wants only a single group then, the user can add by mentioning group name and OU.

Home > Accounts > Add LDAP Account (button) > LDAP Group (mention group name)

Example - Group FQDN in AD : CN=R_ACP_ADMINS,OU=Role,OU=Groups,OU=Objects,DC=acp,DC=local

Example - Group format in ACP : R_ACP_ADMINS,OU=Role,OU=Groups,OU=Objects

Even, can use API call for the same.

https://10.10.10.10:8080/client/api?command=importLdapUsers&accounttype=1&group=R_ACP_ADMINS,OU=Role,OU=Groups,OU=Objects&domainid=123456-1234-123456-abcde

Accounttype=1 (ROOT)
Domainid=ROOT's UUID
Group=group/OU=name

  

 

 

Document ID:
360039674691

Product:
RoviusCP

Version:
4.11.0

Operating System:
Windows

Zendesk Ticket ID:
71110

 

Comments