I am unable to see the proposal in melange website. Am I missing something ?
-abhi On 04/05/13 6:56 PM, "Sebastien Goasguen" <run...@gmail.com> wrote: >Ian thanks a lot for your proposal and submission. > >This project has been proposed by Abhinandan Prateek, so I am copying him >in this email so he can comment. > >@Abhi, you need to access the google melange site and find Ian's proposal > >-Sebastien > >On May 3, 2013, at 12:40 PM, Ian Duffy <i...@ianduffy.ie> wrote: > >> Hi, >> >> Sorry just noticed that the attachment appeared to have got stripped, >>here >> is the contents of the PDF. Alternatively I have uploaded it here: >> http://ianduffy.ie/Cloudstack-LDAP.pdf >> >> *Apache Cloudstack Google Summer of Code Project: LDAP user >>provisioning* >> >> >> Need to automate the way the LDAP users are provisioned into cloud >>stack. >> This will mean better integration with a LDAP server, ability to import >> users and a way to define how the LDAP user maps to the cloudstack >>users. >> >> >> Abstract >> >> >> >> The aim of this project is to provide an easier mechanism to provision >> users from LDAP into cloudstack. Currently cloudstack provides >> authentication LDAP authentication. In this authentication users must >>be >> first setup in cloudstack. Once the user is setup in cloudstack they >>can >> authenticate using their ldap username and password. >> >> >> >> This feature aims to extend the current functionality to make user setup >> align with LDAP group. >> >> >> Deliverables >> >> ñ Service that retrieves a list of ldap users from the configured group >> >> ñ Extension of cloudstack UI ³Add User² screen to offer user list from >> LDAP >> >> ñ Add service for saving new user with details from LDAP >> >> ñ BDD unit and acceptance automated testing >> >> ñ Document change details >> >> >> Quantifiable results >> >> >> Given A need to add new user to cloudstack and LDAP is setup >> >> When >> >> You open the ³Add User² screen >> >> Then >> >> A table of users appears for the current list of users (not already >>created >> on cloudstack) from the LDAP group displaying their a checkbox, >>username, >> name and email address. The timezone dropdown will still be available >> beside each user. >> Given A need to add new user to cloudstack and LDAP is not setup >> >> When >> >> You open the ³Add User² screen >> >> Then >> >> The current add user screen and functionality is provided >> Given A need to add new user to cloudstack and LDAP is setup >> >> When >> >> You open the ³Add User² screen and mandatory information is missing >> >> Then >> >> These fields will be editable to enable you populate the name or email >> address >> >> >> Given A need to add new user to cloudstack, LDAP is setup but user is >>in >> the ldap query group >> >> When >> >> You open the ³Add User² screen >> >> Then >> >> There is a list of LDAP users displayed but your current user is >>present in >> the list >> Given A need to add new user to cloudstack, LDAP is setup but user >>is >> not in the query group >> >> When >> >> You open the ³Add User² screen >> >> Then >> >> There is a list of LDAP users displayed but your current user is not in >>the >> list >> Given You need to add group of new users to cloudstack >> >> When >> >> You open the ³Add User² screen, select the users and hit save >> >> Then >> >> The list of new users are saved to the database >> >> >> Given You need to add group of new users to cloudstack >> >> When >> >> You open the ³Add User² screen, select the users and hit save >> >> Then >> >> The list of new users are saved to the database >> >> >> Given You have created a new LDAP user on cloudstack >> >> When >> >> The user authenticates against cloudstack with the right credentials >> >> Then >> >> They are authorised in cloudstack >> Given A user wants to edit an LDAP user >> >> When >> >> They open the Edit User screen >> >> Then >> >> The password fields are disabled and cannot be changed >> The design document *Ldap User List Service* >> >> >> >> *name*: ldapUserList >> >> *responseObject*: LDAPUserResponse {username, email, name} >> >> *parameter*: listType:enum {NEW, EXISTING, ALL} (Default to ALL if no >> option provided) >> >> >> >> Create a new API service call for retreiving the list of users from >>LDAP. >> This will call a new ConfigurationService which will retrieve the list >>of >> users using the configured search base and the query filter. The list >>may >> be filtered in the ConfigurationService based on listType parameter. >> >> >> >> *Ldap Available Service* >> >> >> >> *name*: ldapAvailable >> >> *responseObject*: LDAPAvailableResponse {available:boolean} >> >> >> >> Create a new API service call verifying LDAP is setup correctly >>verifying >> the following configuration elements are all set: >> >> ñ ldap.hostname >> >> ñ ldap.port >> >> ñ ldap.usessl >> >> ñ ldap.queryfilter >> >> ñ ldap.searchbase >> >> ñ ldap.dn >> >> ñ ldap.password >> >> >> >> The verification that all of these are set will return an available >>boolean >> true. If required this could perform a status check against LDAP first >>and >> provide warning if it fails. >> >> >> *Ldap Save Users Service* >> >> >> >> *name*: ldapSaveUsers >> >> *responseObject*: LDAPSaveUsersResponse {list<UserResponse>} >> >> *parameter*: list of users >> >> >> >> Saves the list of objects instead. Following the functionality in >> CreateUserCmd it will >> >> ñ Create the user via the account service >> >> ñ Handle the response >> >> >> >> It will be decided whether a transation should remain over whole save or >> only over individual users. A list of UserResponse will be returned. >> >> >> >> >> >> >> >> *Extension of cloudstack UI ³Add User² screen * >> >> >> >> Extend account.js to enable it add a user list with editable fields >>where >> required. The new ³Add User² screen for LDAP setup. >> >> ñ This will make an ajax call to the ldapAvailable, ldapUserList and >> ldapSaveUsers services >> >> ñ Validation will be maintained on username, email, firstname and >>lastname >> >> >> >> *Extension of cloudstack UI ³Edit User² screen * >> >> >> >> Extend account.js to disable the password fields on the edit user >>screen if >> LDAP available. >> >> ñ This will make an ajax call to the ldapAvailable and updateUser >>services >> >> ñ Validation will be maintained on username, email, firstname and >> lastname. Additional server validation will ensure password has not >> changed. >> >> >> >> >> Approach >> >> >> >> To get started a development cloudstack environment with DevCloud used >>to >> verify changes. Then once the schedule agreed with the mentor the >> deliverables will be broken into smaller User stories with expected >> delivery dates set. The development cycle will focus on BDD enforcing >>all >> unit and acceptance tests written first. >> >> >> >> A build pipe line for continious delivery environment around cloudstack >> here will be created, the following stages will be adopted >> >> >> >> *Stage* >> >> *Action* >> >> Commit >> >> Runs unit tests >> >> Sonar >> >> Runs code quality metrics >> >> Acceptance >> >> Deploys the dev cloud and runs all acceptance tests >> >> Deployment >> >> Deploy a new management server using Chef >> >> >> >> >> About Me >> >> >> >> I am a Computer Science Student at Dublin City University in Ireland. I >> have interests in virtualization, automation, information systems, >> networking and web development. >> >> >> >> I was involved with a project in a K-12(educational) environment of >>moving >> their server systems over to a virtualized environment on ESXi. I have >> good knowledge of programming in Java, PHP and Scripting langages. >>During >> the configuration of an automation system for OS deployment I >>experienced >> some exposure to scripting in powershell, batch, vbs and bash and >> configuration of PXE images based of WinPE and Debian. >> >> Additionally I am also a mentor in an opensource teaching movement >>called >> CoderDojo, we teach kids from the age of 8 everything from web page, >>HTML 5 >> game and raspberry pi development. >> >> >> >> I¹m excited at the opportunity and learning experience that cloudstack >>are >> offering with this project. >> >> >> References >> >> >> >> ñ https://cwiki.apache.org/CLOUDSTACK/development-101.html >> >> ñ >> >>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Admi >>n_Guide/ >> >> ñ >> >>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/API_ >>Developers_Guide/index.html >> >> ñ https://issues.apache.org/jira/browse/CLOUDSTACK-2014 >> >> ñ >> >>http://www.slideshare.net/sebastiengoasguen/apache-cloudstack-google-summ >>er-of-code >> >> ñ >> >>http://kirkjantzer.blogspot.co.uk/2013/03/ldap-authentication-in-cloudsta >>ck-v401.html >> >> ñ http://www.ldapguru.info/ldap/ldap-search-best-practices.html >> >> ñ >>http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html >> >> >> >> >> >> >> On 3 May 2013 17:35, Ian Duffy <i...@ianduffy.ie> wrote: >> >>> Hi, >>> >>> I was wondering If I could get some feedback on the attached file >>>labeled >>> "Cloudstack-LDAP.pdf". It outlines a design document for the project >>> labeled "LDAP user provisioning" >>> >>> From my current understanding of the single sign on mechanism >>>implemented >>> in cloudstack a LDAP user must be created manually within the >>>cloudstack >>> database. Would it be preferred to: >>> >>> A) Create a service that polls LDAP every so often to check for new >>>user >>> creation. >>> or >>> B) Extend the login page to check LDAP after failing to find a user >>>within >>> the cloudstack database. On success of finding a user in LDAP a profile >>> would automatically be created within the cloudstack database. >>> >>> Kind regards, >>> Ian >>> > >
