Hey everyone,
Is there a CLI command that can query LDAP/active directory
configuration?
For example to list all users that ACS see based on the current config?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <[email protected]>
Sent: Tuesday, May 18, 2021 3:52 PM
To: [email protected]
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Hey everyone,
I do work on adding ldap to CS 4.15 through CLI but there is something
I do not understand.
From this guide ->
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html*using-an-ldap-server-for-user-authentication__;Iw!!A6UyJA!0Zv6ffRfmVx3Nf2cwDpJVh17jH9cC5Hvo2CIyFjRrN4RokV05GlJjNgHf1Mg2XcQ$
I do try to configure option 3 - autosync of user groups.
The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors'
accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors'
accounttype=0 domainid=$MAPPEDDOMAIN1
ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org'
type=GROUP
Here is the commands I use - cloudmonkey -d json ldap createaccount
account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not
contain a URL
Does the command require the username variable to exist ? Example from
the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?
Best regards,
Jordan
-----Original Message-----
From: Yordan Kostov <[email protected]>
Sent: Thursday, May 13, 2021 4:18 PM
To: [email protected]
Subject: RE: alternative Active directory config?
[X] This message came from outside your organization
Thank you Nicolas,
I am on it!
Regards,
Jordan
-----Original Message-----
From: Nicolas Vazquez <[email protected]>
Sent: Thursday, May 13, 2021 4:15 PM
To: [email protected]
Subject: Re: alternative Active directory config?
[X] This message came from outside your organization
Hi Yordan,
Indeed, that seems missing in the new UI, but you can still configure LDAP
accounts through the API. For example by installing CloudMonkey
https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$
you could invoke the ldapCreateAccount API
Regards,
Nicolas Vazquez
________________________________
From: Yordan Kostov <[email protected]>
Sent: Thursday, May 13, 2021 9:58 AM
To: [email protected] <[email protected]>
Subject: alternative Active directory config?
Hey everyone,
In 4.15 it seems there is no LDAP config button in the new GUI
or the old GUI, so after LDAP sources are pointed and global config is set
there is no way to actually pin groups to accounts.
* New
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
* Old
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$
I was wondering if there is an alternative way to configure LDAP accounts?
Best regards,
Jordan
<font size="2"><font color="#D8D8D8">11!</font>
<font size="2"><font color="#D8D8D8">11!</font>
