apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/en-US/LDAP-for-user-authentication.xml
Ian Duffy 7f7035d516 Update unit tests, add filter to list all users, update ssl 
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-12 14:49:55 +05:30

52 lines
3.3 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="LDAP-for-user-authentication">
<title>Using an LDAP Server for User Authentication</title>
<para>You can use an external LDAP server such as Microsoft Active Directory or OpenLDAP to authenticate &PRODUCT; end-users.</para>
<para>In order to do this you must:</para>
<itemizedlist>
<listitem><para>Set your LDAP configuration within &PRODUCT;</para></listitem>
<listitem><para>Create &PRODUCT; accounts for LDAP users</para></listitem>
</itemizedlist>
<para>To set up LDAP authentication in &PRODUCT;, open the global settings page and search for LDAP</para>
<para>Set ldap.basedn to match your sever's base directory.</para>
<para>Review the defaults for the following, ensure that they match your schema.</para>
<itemizedlist>
<listitem><para>ldap.email.attribute</para></listitem>
<listitem><para>ldap.firstname.attribute</para></listitem>
<listitem><para>ldap.lastname.attribute</para></listitem>
<listitem><para>ldap.username.attribute</para></listitem>
<listitem><para>ldap.user.object</para></listitem>
</itemizedlist>
<para>Optionally you can set the following:</para>
<itemizedlist>
<listitem><para>If you do not want to use anonymous binding you can set ldap.bind.principle and ldap.bind.password as credentials for your LDAP server that will grant &PRODUCT; permission to perform a search on the LDAP server.</para></listitem>
<listitem><para>For SSL support set ldap.truststore to a path on the file system where your trusted store is located. Along with this set ldap.truststore.password as the password that unlocks the truststore.</para></listitem>
<listitem><para>If you wish to filter down the user set that is granted access to &PRODUCT; via the LDAP attribute memberof you can do so using ldap.search.group.principle.</para></listitem>
</itemizedlist>
<para>Finally, you can add your LDAP server. To do so select LDAP Configuration from the views section within global settings. Click on "Configure LDAP" and fill in your server's hostname and port.</para>
<xi:include href="example-activedirectory-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="example-openldap-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</section>
Reference in New Issue View Git Blame Copy Permalink