LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. LDAP is an IETF Standard Track protocol and is specified in “Lightweight Directory Access Protocol (LDAP).
You can use an external LDAP server such as Microsoft Active Directory or ApacheDS or openLDAP to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username.
I have used the following setup to authenticate cloudstack from the openldap directory. This has been successfully tested with cloudstack 4.4.2.
Install openLDAP on CentOS server
#yum install openldap openldap-clients openldap-servers
#cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
#slappasswd
copy the result of that command
#vi /etc/openldap/slapd.conf
change your
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” read
by dn.exact=”cn=Manager,dc=cloudstack,dc=com” read
by * none
by * write
database bdb
suffix “dc=cloudstack,dc=com”
checkpoint 1024 15
rootdn “cn=Manager,dc=cloudstack,dc=com”
#paste slappasswd command result
rootpw {SSHA}pAQ8d8G3zH8rjbwKdQWBS9mS27fHJPuf
#rm -rf /var/lib/ldap/*
#rm -rf /etc/openldap/slapd.d/*
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#chown -Rf ldap. /etc/openldap/slapd.d/
#chown -Rf ldap. /var/lib/ldap/
#chmod 700 /var/lib/ldap/
#chmod 700 /etc/openldap/slapd.d/
#/etc/init.d/slapd restart
#slaptest -u
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
Add openldap schema for cloudstack
vi cloudstack.ldif
# fogpanel.com dn: dc=fogpanel,dc=com objectClass: dcObject objectClass: organization o: fogpanel Company dc: fogpanel # admin, fogpanel.com dn: cn=admin,dc=fogpanel,dc=com cn: admin objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject userPassword:: bDN0bTNpbg== # Users, fogpanel.com dn: ou=Users,dc=fogpanel,dc=com ou: Users objectClass: organizationalUnit objectClass: top # gopal, Users, fogpanel.com dn: cn=gopal,ou=Users,dc=fogpanel,dc=com uid: gopal sn: gopal userPassword:: bDN0bTNpbg== cn: gopal objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top mail: [email protected] givenName: gopal # user1, Users, fogpanel.com dn: cn=user1,ou=Users,dc=fogpanel,dc=com uid: user1 sn: user1 userPassword:: bDN0bTNpbg== cn: user1 objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top # admin, Users, fogpanel.com dn: cn=admin,ou=Users,dc=fogpanel,dc=com uid: admin sn: admin userPassword:: Zm9ncGFuZWxhbWFs cn: admin objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top
#ldapadd -x -W -D “cn=Manager,dc=cloudstack,dc=com” -f cloudstack.ldif
Once completed, login your cloudstack and given the Global settings ldap configurations.
ldap.basedn : ou=Users,dc=fogpanel,dc=com
ldap.bind.password : <password>
ldap.bind.principal : cn=Manager,dc=fogpanel,dc=com
ldap.email.attribute : mail
ldap.firstname.attribute : givenName
ldap.lastname.attribute : sn
ldap.username.attribute : uid
ldap.user.object : inetOrgPerson
Done!! click – > Global Settings – > Select View : LDAP configuration -> click Configure LDAP
example settings
Hostname : 192.168.1.185
port : 389
Thats all!!!
Click cloudstack – > Accounts -> LDAP account
You can create ldap account through cloudstack and give user role.
Related Posts:
