Community
 
Other links
 
  1. Persistent Support
  2. Comunidade
  3. CloudPlatform 3.x
 

CloudPlatform 3.x

Nova publicação    New comment
343 seguidores
 
Avatar
Pankaj Paliwal

LDAP Authentication in Cloudstack

Avatar

LDAP Authentication in Cloudstack

Hey All,

i have some trouble with LDAP Authentication.

I use cloudstack 3.0.5 with an Microsoft Active Directory.

I Fired up an LDAP API config Call and the log says that ldap ist configured an the hostname of my DC is printed on the screen.

However, i cannot see the ldap values when i search for ldap in global configuration.

I created a user in the OU which is the basedn but authentication does not work...

What i not understand - on the logon Page of CP, what i have to fill in domain? When i create a user in Cloudstack and assign them to a domain i must fill in this cloudstack domain on the login screen so that i able to logon.

But what is when i use LDAP?

Must i fill in the Domain field the domain of my AD?

And whats about the user creation process?

i create a user in the AD and then in cloudstack, but what i have to fill in at the password field? The same?

Sorry but the documentation is not a good help...

BR


Marcel Keller MEMBERS
4 comentários
0

iniciar sessão para comentar.

 
 

Previous 4 comentários

Data Votos
Avatar
Larry Liu

I concur with your comments. I just ran ldapConfig against a 3.0.5 management server. The API cmd ran OK. But the json response shows port 'false', plus I have not even able to add any users from my AD to the CS mgmt server. Can someone from Citrix help?


0
Ações de comentário Permalink
Avatar
Pankaj Paliwal
Avatar

I have been setting up a Basic Network model with CP 3.0.5 and getting LDAP auth to work. After some reasearch I found the following details.

Authentication will always try the local database first and if the password fails it will try the LDAP/AD authentication if configured. This means that all accounts have to exist in Cloud Platform regardless of if you are using LDAP for passwords.

You may still experience a problem logging in using your LDAP account, you will need to disable MD5 logins by editing the file /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js and change the value as follows: md5HashedLogin = false

This should then allow LDAP to work but stop local accounts working, you can reenable local accounts by editing the file /etc/cloud/management/components.xml and change

<adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>
To
<adapter name="MD5" class="com.cloud.server.auth.PlainTextUserAuthenticator"/>

Not the ideal solution for setting up LDAP authentication but works for me.

James


James Osbourn CITRIX EMPLOYEES
0
Ações de comentário Permalink
Avatar
Larry Liu

Excellent! Works for me now! But Once ldap takes over, local account including admin account stops work. Well, at least the centralized auth works now.

Thanks!


0
Ações de comentário Permalink
Avatar
Pankaj Paliwal
Avatar

Glad it is working now. You should be able to get local accounts working again by applying the second change that I noted.

This worked for me.

James


James Osbourn CITRIX EMPLOYEES
0
Ações de comentário Permalink

Participate

Ask, Discuss, Answer


Ask a Question
Getting Started
Discuss the Accelerite Support Portal

Top Contributors