LDAP Authentication in Cloudstack

2012年09月20日 16:31

LDAP Authentication in Cloudstack

Hey All,

i have some trouble with LDAP Authentication.

I use cloudstack 3.0.5 with an Microsoft Active Directory.

I Fired up an LDAP API config Call and the log says that ldap ist configured an the hostname of my DC is printed on the screen.

However, i cannot see the ldap values when i search for ldap in global configuration.

I created a user in the OU which is the basedn but authentication does not work...

What i not understand - on the logon Page of CP, what i have to fill in domain? When i create a user in Cloudstack and assign them to a domain i must fill in this cloudstack domain on the login screen so that i able to logon.

But what is when i use LDAP?

Must i fill in the Domain field the domain of my AD?

And whats about the user creation process?

i create a user in the AD and then in cloudstack, but what i have to fill in at the password field? The same?

Sorry but the documentation is not a good help...

BR

Marcel Keller MEMBERS 20 September 2012 - 16:31 PM

4件のコメント

サインインしてコメントを残してください。

Previous 4件のコメント

日付投票

Larry Liu

2016年03月23日 07:08

I concur with your comments. I just ran ldapConfig against a 3.0.5 management server. The API cmd ran OK. But the json response shows port 'false', plus I have not even able to add any users from my AD to the CS mgmt server. Can someone from Citrix help?

Pankaj Paliwal

2016年03月23日 07:08

I have been setting up a Basic Network model with CP 3.0.5 and getting LDAP auth to work. After some reasearch I found the following details.

Authentication will always try the local database first and if the password fails it will try the LDAP/AD authentication if configured. This means that all accounts have to exist in Cloud Platform regardless of if you are using LDAP for passwords.

You may still experience a problem logging in using your LDAP account, you will need to disable MD5 logins by editing the file /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js and change the value as follows: md5HashedLogin = false

This should then allow LDAP to work but stop local accounts working, you can reenable local accounts by editing the file /etc/cloud/management/components.xml and change

<adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>
To
<adapter name="MD5" class="com.cloud.server.auth.PlainTextUserAuthenticator"/>

Not the ideal solution for setting up LDAP authentication but works for me.

James

James Osbourn CITRIX EMPLOYEES 09 November 2012 - 15:51 PM

Larry Liu

2016年03月23日 07:08

Excellent! Works for me now! But Once ldap takes over, local account including admin account stops work. Well, at least the centralized auth works now.

Thanks!

Pankaj Paliwal

2016年03月23日 07:08

Glad it is working now. You should be able to get local accounts working again by applying the second change that I noted.

This worked for me.

James

James Osbourn CITRIX EMPLOYEES 12 November 2012 - 09:20 AM