CentOS 8.x Cloudstack 4.15 AD integration
From Notes_Wiki
Home > CentOS > CentOS 8.x > Virtualization > Cloudstack 4.15 > AD integration
To integrate Cloudstack 4.15 with Microsoft Active Directory use following steps:
- Login into cloudstack as root admin (admin user) and go to Configuration -> LDAP configuration
- Click on "+ Configure LDAP" and enter AD server IP address and port no. (Default 389). Click ok to add.
- Again click on "+Configure LDAP" and enter same AD server IP address and port no. (Default 389). This time also specify domain as ROOT (or other desired domain). click ok to Add.
- Thus for a single AD we see two rows one without any domain specification and one with domain UUID
- Go to domains and select the desired domain for which AD integration should be done (Eg ROOT)
- Go to last "Settings" tab for this domain and update following values
- allow.user.view.all.domain.accounts
- true
- ldap.basedn
- <Base DN of AD>
- You can also specify a OU if you only want cloudstack to show users under a particular OU
- ldap.bind.password
- <Password for user to be specified in next parameter>
- ldap.bind.principal
- <User account in DN format> or <username>@<AD-Domain> format
- For example administrator@examplead.local or CN=Saurabh,OU=Users,DC=exampleAD,DC=com
- ldap.provider
- microsoftad
- ldap.user.object
- user
- ldap.username.attribute
- samaccountname
- In case of LDAP (Eg 389-DS) the following values would be different
- ldap.provider
- openldap
- ldap.user.object
- posixAccount
- ldap.username.attribute
- uid
- Rest all would be same as specified for AD above
- After this restart cloudstack-management using:
- systemctl restart cloudstack-management
- Then go to Accounts and click on "+Add LDAP Account"
- Select the LDAP users listed on the left. More than one can be selected.
- Select desired role for this users and specify the domain under which these users will login.
- Test the AD login into cloudstack by entering username, password and domain. In case of ROOT domain the domain should be left blank. For any other domain specify the domain name in login page.
Test LDAP settings
To test LDAP settings use:
- Install openldap-clients package:
- dnf -y install openldap-clients
- Test out all the parameters in above suggestion using:
- ldapsearch -LLL -x -h <AD-server-IP> -D '<ldap.bind.prinicpal>' -b '<ldap.basedn>' -W '(samaccountname=*)' samaccountname | wc -l
- And then enter <ldap.bind.password>. This should list no. of users that will get covered as part of parameters specified.
- For example
- ldapsearch -LLL -x -h 10.1.1.1 -D 'CN=saurabh,OU=Administrators,OU=india,DC=example,DC=com' -b 'OU=india,DC=example,DC=com' -W '(samaccountname=*)' samaccountname | wc -l
Home > CentOS > CentOS 8.x > Virtualization > Cloudstack 4.15 > AD integration