[GitHub] [cloudstack-kubernetes-provider] onitake commented on issue #1: Code transfer of SWISS TXT cloudstack-cloud-controller-manager to the Apache project
onitake commented on issue #1: Code transfer of SWISS TXT cloudstack-cloud-controller-manager to the Apache project URL: https://github.com/apache/cloudstack-kubernetes-provider/pull/1#issuecomment-520759847 @rhtyd Dependency cleanup was harder than expected due to the incompatible versioning scheme on the k8s.io packages. Go expects semantic versions, but the tags on these repositories are not consistent with that (kubernetes-1.x.y). `go mod` will still scan all transitive dependencies of all referenced packages and record their checksums, but the vendor directory now contains only packages that are actually used. We still need to do some testing, but I think we're on track now. @joschi36 and I are also addressing https://github.com/swisstxt/cloudstack-cloud-controller-manager/issues/9 right now and we will update the documentation and example deployment shortly. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-kubernetes-provider] rhtyd commented on issue #1: Code transfer of SWISS TXT cloudstack-cloud-controller-manager to the Apache project
rhtyd commented on issue #1: Code transfer of SWISS TXT cloudstack-cloud-controller-manager to the Apache project URL: https://github.com/apache/cloudstack-kubernetes-provider/pull/1#issuecomment-520769690 Thanks @onitake keep me posted when you think this is ready. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313430874 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the Review comment: There should be a newline before this, or it will flow into the previous paragraph. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313432609 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account Review comment: Maybe the "manual import" could be emphasized a bit. How about making it bold or a keyword? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313433008 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled Review comment: I think there should be a full stop here. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313433546 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP Review comment: The "if" should be capitalised. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313434060 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the Review comment: resolved This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313433546 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP Review comment: The "if" should be capitalised. Ditto further below. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313434868 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP + by the configured 'ldap.username.attribute'. + + #. if the LDAP user is found, CloudStack does a bind request + with the returned principal for that LDAP user and the + entered password. + + #. the authentication result from LAP is honoured. + +#. autoimport. A domain is configured to import any user if it does + not yet exist in that domain. For these users a account by the same + name as the user is created on the fly and the user is created in + that account. + + #. If the domain is configured to be used with LDAP, + + #. CloudStack searches for it in LDAP by the configured + 'ldap.username.attribute'. Review comment: This should be in double backticks, like other global options below. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313433546 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP Review comment: The "if" should be capitalised, as should be all other bullet points. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313433008 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled Review comment: I think there should be a full stop here. Same thing for all other bullet points. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313434868 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP + by the configured 'ldap.username.attribute'. + + #. if the LDAP user is found, CloudStack does a bind request + with the returned principal for that LDAP user and the + entered password. + + #. the authentication result from LAP is honoured. + +#. autoimport. A domain is configured to import any user if it does + not yet exist in that domain. For these users a account by the same + name as the user is created on the fly and the user is created in + that account. + + #. If the domain is configured to be used with LDAP, + + #. CloudStack searches for it in LDAP by the configured + 'ldap.username.attribute'. Review comment: This should be in double backticks, like other global options. Same further below. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313442527 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account Review comment: Since @DaanHoogland is away, I took the liberty to confirm/do the proposed cosmetic changes. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313442595 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled Review comment: Since @DaanHoogland is away, I took the liberty to confirm/do the proposed cosmetic changes. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313442681 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP Review comment: Since @DaanHoogland is away, I took the liberty to confirm/do the proposed cosmetic changes. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313442754 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,99 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. manual import. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled + + #. if the user is enabled, CloudStack searches for it in LDAP + by the configured 'ldap.username.attribute'. + + #. if the LDAP user is found, CloudStack does a bind request + with the returned principal for that LDAP user and the + entered password. + + #. the authentication result from LAP is honoured. + +#. autoimport. A domain is configured to import any user if it does + not yet exist in that domain. For these users a account by the same + name as the user is created on the fly and the user is created in + that account. + + #. If the domain is configured to be used with LDAP, + + #. CloudStack searches for it in LDAP by the configured + 'ldap.username.attribute'. Review comment: Since @DaanHoogland is away, I took the liberty to confirm/do the proposed cosmetic changes. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520868588 requesting docbuild This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520868621 Your request had been received, i'll go and build the documentation and check the output log for errors. This shouldn't take long. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520869276 Build finished. You can review it at: https://acs-www.shapeblue.com/docs/pr67 Build Log Output: No log errors found to report. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520869854 @onitake take a look pls This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313466552 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,100 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. + +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. Review comment: Looks like the multiline `Note` didn't work... sphinx only put the first line in the box. :disappointed: It should be formatted like this: https://sublime-and-sphinx-guide.readthedocs.io/en/latest/notes_warnings.html#notes This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520888315 requesting docbuild This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520888377 Your request had been received, i'll go and build the documentation and check the output log for errors. This shouldn't take long. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520888958 Build finished. You can review it at: https://acs-www.shapeblue.com/docs/pr67 Build Log Output: No log errors found to report. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520889303 fixed @onitake - use ctrl shift R in browser... This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313473733 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,100 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. + +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. Microsoft AD and OpenLDAP as well as OpenDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. Review comment: fixed This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313490572 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,96 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. + +.. Note:: A caveat with this is that ApacheDS does not yet support the virtual 'memberOf' attribute needed to check if a user moved to another account. Microsoft AD and OpenLDAP as well as OpenDJ do support this. It is a planned feature for ApacheDS that can be tracked in https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. **manual import**. A user is explicitely mapped to a domain/account + and created as a user in that account + + #. CloudStack does a search for a user with the given username. + + #. If it exists, it checks if the user is enabled. + + #. If the user is enabled, CloudStack searches for it in LDAP + by the configured 'ldap.username.attribute'. Review comment: Double backticks. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313490493 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,96 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. + +.. Note:: A caveat with this is that ApacheDS does not yet support the virtual 'memberOf' attribute needed to check if a user moved to another account. Microsoft AD and OpenLDAP as well as OpenDJ do support this. It is a planned feature for ApacheDS that can be tracked in https://issues.apache.org/jira/browse/DIRSERVER-1844. + +There are now three ways to link LDAP users to CloudStack users. These +three ways where developed as extensions on top of each other. + +To authenticate, in all three cases username and password entered by +the user are used. + +#. **manual import**. A user is explicitely mapped to a domain/account + and created as a user in that account Review comment: Full stop. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings
onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r313490368 ## File path: source/adminguide/accounts.rst ## @@ -279,17 +279,96 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be configured, +keeping the users in the domain up to date with their group membership +in LDAP. + +.. Note:: A caveat with this is that ApacheDS does not yet support the virtual 'memberOf' attribute needed to check if a user moved to another account. Microsoft AD and OpenLDAP as well as OpenDJ do support this. It is a planned feature for ApacheDS that can be tracked in https://issues.apache.org/jira/browse/DIRSERVER-1844. Review comment: I actually meant that the text should be kept multiline, but indented, according to the sphinx documentation... But that works too. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520908815 Your request had been received, i'll go and build the documentation and check the output log for errors. This shouldn't take long. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings
andrijapanicsb commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520908779 requesting docbuild /CC @onitake onitake This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings
ACSGitBot commented on issue #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#issuecomment-520909379 Build finished. You can review it at: https://acs-www.shapeblue.com/docs/pr67 Build Log Output: No log errors found to report. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
