CentOS 8.x Cloudstack 4.15 AD integration

From Notes_Wiki

Home > CentOS > CentOS 8.x > Virtualization > Cloudstack 4.15 > AD integration

To integrate Cloudstack 4.15 with Microsoft Active Directory use following steps:

  1. Login into cloudstack as root admin (admin user) and go to Configuration -> LDAP configuration
  2. Click on "+ Configure LDAP" and enter AD server IP address and port no. (Default 389). Click ok to add.
  3. Again click on "+Configure LDAP" and enter same AD server IP address and port no. (Default 389). This time also specify domain as ROOT (or other desired domain). click ok to Add.
    Thus for a single AD we see two rows one without any domain specification and one with domain UUID
  4. Go to domains and select the desired domain for which AD integration should be done (Eg ROOT)
  5. Go to last "Settings" tab for this domain and update following values
    allow.user.view.all.domain.accounts
    true
    ldap.basedn
    <Base DN of AD>
    You can also specify a OU if you only want cloudstack to show users under a particular OU
    ldap.bind.password
    <Password for user to be specified in next parameter>
    ldap.bind.principal
    <User account in DN format> or <username>@<AD-Domain> format
    For example administrator@examplead.local or CN=Saurabh,OU=Users,DC=exampleAD,DC=com
    ldap.provider
    microsoftad
    ldap.user.object
    user
    ldap.username.attribute
    samaccountname
  6. In case of LDAP (Eg 389-DS) the following values would be different
    ldap.provider
    openldap
    ldap.user.object
    posixAccount
    ldap.username.attribute
    uid
    Rest all would be same as specified for AD above
  7. After this restart cloudstack-management using:
    systemctl restart cloudstack-management
  8. Then go to Accounts and click on "+Add LDAP Account"
  9. Select the LDAP users listed on the left. More than one can be selected.
  10. Select desired role for this users and specify the domain under which these users will login.
  11. Test the AD login into cloudstack by entering username, password and domain. In case of ROOT domain the domain should be left blank. For any other domain specify the domain name in login page.


Test LDAP settings

To test LDAP settings use:

  1. Install openldap-clients package:
    dnf -y install openldap-clients
  2. Test out all the parameters in above suggestion using:
    ldapsearch -LLL -x -h <AD-server-IP> -D '<ldap.bind.prinicpal>' -b '<ldap.basedn>' -W '(samaccountname=*)' samaccountname | wc -l
    And then enter <ldap.bind.password>. This should list no. of users that will get covered as part of parameters specified.
    For example
    ldapsearch -LLL -x -h 10.1.1.1 -D 'CN=saurabh,OU=Administrators,OU=india,DC=example,DC=com' -b 'OU=india,DC=example,DC=com' -W '(samaccountname=*)' samaccountname | wc -l


Home > CentOS > CentOS 8.x > Virtualization > Cloudstack 4.15 > AD integration