The LDAP plugin for Fuel documentation

Similar documents
NetApp plugin for Fuel Documentation

NetApp plugin for Fuel Documentation

The ScaleIO Cinder Plugin for Fuel Documentation

User Guide for XenServer Fuel Plugin

fuel-plugin-xenserver Documentation

The Ceilometer Redis Plugin

The ScaleIO plugin for Fuel Documentation

The InfluxDB-Grafana plugin for Fuel Documentation

Fuel VMware DVS plugin user guide

Fuel StackLight Elasticsearch-Kibana Plugin Guide

The StackLight InfluxDB-Grafana Plugin for Fuel Documentation

LDAP/AD v1.0 User Guide

Forescout. Plugin. Configuration Guide. Version 2.2.4

QLOGIC SRIOV Fuel Plugin Documentation

Fuel VMware DVS Plugin Guide

Fuel VMware DVS plugin testing documentation

Active Directory Integration in VIO 3.0

Fuel VMware DVS Plugin Guide

ForeScout CounterACT. Configuration Guide. Version 4.3

The InfluxDB-Grafana plugin for Fuel Documentation

The Elasticsearch-Kibana plugin for Fuel Documentation

Implementing Infoblox Data Connector 2.0

Certificate Management

Security 3. NiFi Authentication. Date of Publish:

Using vrealize Operations Tenant App as a Service Provider

Managing Pod Through Cisco VIM Insight

Authenticating Cisco VCS accounts using LDAP

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Forescout. Configuration Guide. Version 4.4

Two factor authentication for Check Point appliances

Installation runbook for

Cisco Expressway Authenticating Accounts Using LDAP

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

RSA Identity Governance and Lifecycle Collector Data Sheet For Open LDAP

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

Migrating vrealize Automation 6.2 to 7.2

How to Set Up External CA VPN Certificates

Setting Up Resources in VMware Identity Manager

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

LDAP Directory Integration

Installation runbook for Hedvig + Cinder Driver

INSTALLATION RUNBOOK FOR Triliodata + TrilioVault

Using PCF Ops Manager to Deploy Hyperledger Fabric

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.1

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

VMware AirWatch Integration with SecureAuth PKI Guide

VII. Corente Services SSL Client

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Sophos Mobile Control Super administrator guide. Product version: 3.5

Tenable.io for Thycotic

Two factor authentication for Fortinet SSL VPN

App Orchestration 2.6

Identity with Windows Server 2016 (742)

Two factor authentication for WatchGuard XTM and Firebox Alternative

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

AirWatch Mobile Device Management

Azure MFA Integration with NetScaler

OpenStack Lab on VMware Workstation Setting up the All-In-One VM

Two factor authentication for Citrix NetScaler

Managing External Identity Sources

Two factor authentication for WatchGuard XTM and Firebox IPSec

VMware AirWatch Integration with RSA PKI Guide

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Enterprise Steam Installation and Setup

Horizon DaaS Platform 6.1 Service Provider Installation - vcloud

SOA Software API Gateway Appliance 6.3 Administration Guide

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

CounterACT 802.1X Plugin

Verify that your operating environment meets all hardware and software requirements. For detailed requirements

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Forescout. Configuration Guide. Version 4.2

Manage End Users. End User Overview. End User Management Tasks. End User Overview, on page 1 End User Management Tasks, on page 1

HyTrust CloudControl Administration Guide

PASSPORTAL PLUGIN DOCUMENTATION

Balabit s Privileged Session Management and Remote Desktop Protocol Scenarios

ADFS Authentication and Configuration January 2017

Configuring SSL CHAPTER

Two factor authentication for Remote Desktop Gateway (RD Gateway) with RADIUS

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

RSA Identity Governance and Lifecycle Data Sheet for IBM Tivoli Directory Server Connector

Authenticating SMTP Sessions Using Client Certificates

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Two factor authentication for OpenVPN Access Server

Read the following information carefully, before you begin an upgrade.

Configuring Confluence

How Do I Manage Active Directory

Installing Apache Knox

Two factor authentication for SonicWALL SRA Secure Remote Access

Cisco CTL Client setup

Part2: Let s pick one cloud IaaS middleware: OpenStack. Sergio Maffioletti

Getting Started with VMware Integrated OpenStack with Kubernetes. VMware Integrated OpenStack 5.1

Comodo Certificate Authority Proxy Server Installation guide

Venafi Server Agent Agent Overview

Two factor authentication for Apache using mod_auth_radius

LDAP Synchronization

INSTALLATION RUNBOOK FOR Hitachi Block Storage Driver for OpenStack

Locate your Advanced Tools and Applications

ecrt Workflow and Basic Information

Transcription:

The LDAP plugin for Fuel documentation Release 3.0-3.0.0-1 Mirantis Inc. July 07, 2016

CONTENTS 1 Plugin Guide 1 1.1 LDAP plugin for Fuel.......................................... 1 1.2 Release notes / Changelog........................................ 1 1.3 LDAP plugin limitations......................................... 1 1.4 Installation Guide............................................ 2 1.5 Configuring LDAP plugin........................................ 2 1.6 User Guide................................................ 14 1.7 LDAP plugin validation......................................... 15 1.8 Troubleshooting............................................. 16 1.9 Appendix................................................. 16 i

CHAPTER ONE PLUGIN GUIDE 1.1 LDAP plugin for Fuel This plugin extends Mirantis OpenStack functionality by adding LDAP support. It allows to use an existing LDAP server as authentication backend for Keystone. Enabling this plugin means that all users except system users will be authenticated against the configured LDAP server. Please note that Fuel will not validate the settings, e.g. by attempting to connect to the LDAP server. 1.1.1 Requirements Requirement Version/Comment Fuel 9.0 Pre-configured LDAP server LDAP server should be pre-deployed and be accessible via Public network from Controller nodes. 1.2 Release notes / Changelog 3.0.0 Support of ldap proxy Compatibility with MOS 9.0 2.0.0 Support of multi-domains Compatibility with MOS 8.0 1.0.0 This is the first release of the plugin 1.3 LDAP plugin limitations 1. LDAP plugin has the following limitations: Installation of LDAP plugin before deployment only; Fuel will not validate the settings, e.g., by attempting to connect to the LDAP server; 1

In multidomain configuration the attributes of the first domain are filled in the web form, whereas the attributes of other domains are filled in one field; The settings of domains determined in List of additional Domains field will not be validated; The settings of proxy determined in List of custom LDAP proxy configs field will not be validated; 1.4 Installation Guide 1.4.1 Installing LDAP plugin To install LDAP plugin, follow these steps: 1. Download the plugin from the Fuel Plugins Catalog. 2. Copy the plugin on an already installed Fuel Master node (SSH can be used for that). If you do not have the Fuel Master node yet, see Quick Start Guide: # scp ldap-3.0-3.0.0-1.noarch.rpm root@<fuel_master_ip>:/tmp 3. Log into the Fuel Master node. Install the plugin: # cd /tmp # fuel plugins --install ldap-3.0-3.0.0-1.noarch.rpm 4. Check if the plugin was installed successfully # fuel plugins id name version package_version releases ---+------+---------+-----------------+-------------------- 1 ldap 3.0.0 3.0.0 ubuntu (mitaka-9.0) 1.5 Configuring LDAP plugin 1. Create a new OpenStack environment to use an existing LDAP server as authentication backend for Keystone. For more information about environment creation, see Mirantis OpenStack User Guide. 2. Open Settings tab of the Fuel Web UI, scroll the page down and select the LDAP plugin for Keystone checkbox: 1.4. Installation Guide 2

1.5. Configuring LDAP plugin 3

3. Enter plugin settings into the text fields: 1.5. Configuring LDAP plugin 4

1.5. Configuring LDAP plugin 5

Specify domain name, LDAP URL, LDAP suffix: Enable TLS use and put certificate if it is needed: Enable LDAP proxy and put custom config if it is needed: 1.5. Configuring LDAP plugin 6

Specify LDAP user, password and other settings: 1.5. Configuring LDAP plugin 7

To use LDAP groups provide settings for it: 1.5. Configuring LDAP plugin 8

Fields description: Field Domain name LDAP URL LDAP proxy Use TLS CA Chain LDAP Suffix LDAP User LDAP User Password LDAP Query Scope Users Tree DN User Filter User Object Class User ID Attribute User Name Attribute User Password Attribute User Enabled/Disabled Attribute Groups Tree DN Group Filter Group Object Class Group ID Attribute Group Name Attribute Group Member Attribute Group description Attribute Page Size Attribute Chase referrals Attribute List of additional Domains List of custom LDAP proxy configs Comment Name of the Keystone domain. URL for connecting to the LDAP server. Enable LDAP proxy. Enable TLS for communicating with the LDAP server. CA trust chain in PEM format. LDAP server suffix. User BindDN to query the LDAP server. Password for the BindDN to query the LDAP server. The LDAP scope for queries, this can be either one (onelevel/singlelevel) or sub (subtree/wholesubtree). Search base for users. LDAP search filter for users. LDAP objectclass for users. LDAP attribute mapped to user id. LDAP attribute mapped to user name. LDAP attribute mapped to password. LDAP attribute mapped to enabled/disabled. Search base for groups. LDAP search filter for groups. LDAP objectclass for groups. LDAP attribute mapped to group id. LDAP attribute mapped to group name. LDAP attribute that maps user to group. LDAP attribute mapped to description. Maximum results per page. Referral chasing behavior for queries. Blocks of additional domains/parameters that should be created. List of custom LDAP proxy configs. 4. To deploy an environment with support of multiple domains List of additional Domains text area should be used. All needed parameters that describes a domain should be copied there, all parameters form a block of parameters. 1.5. Configuring LDAP plugin 9

To add multiple domains such block of parameters should be added to List of additional Domains text area and these blocks should be separated by empty line. 5. To set up an environment with activated LDAP proxy LDAP proxy checkbox should be selected. When only LDAP proxy checkbox is selected: it activates LDAP proxy for base domain and activates LDAP proxy for 1.5. Configuring LDAP plugin 10

additional domains if they have ldap_proxy=true parameter in their configurations. In this case LDAP proxy configurations for LDAP domains are taken from templates located in the plugin. Configurations from the templates have minimal functionality and they are intended for testing needs. To specify custom settings for LDAP proxy List of custom LDAP proxy configs text area should be used. There can be specified base settings for a proxy service: includes, loglevel and etc. can be added to a proxy configuration file. For this config_for parameter with base_config value should be specified and after that needed settings should be added. 1.5. Configuring LDAP plugin 11

To specify custom settings for LDAP domain config_for parameter with <domain_name> value should be added and after that custom settings can be specified. Blocks of custom settings should be separated by empty line. #.Continue with environment configuration and deploy it; for instructions, see Fuel User Guide. 1. After successful environment deployment log into dashboard in default domain: 1.5. Configuring LDAP plugin 12

2. Go to Identity -> Domains, select needed domain and Set Domain Context for the domain: 1.5. Configuring LDAP plugin 13

3. Go to Identity -> Projects and select Create Project to create a new project for the domain and add user members to the project: 1.6 User Guide 1. After successful deployment, all users from the LDAP directory matching the configured filter criteria can authenticate against Keystone. To validate the configuration, log into the Horizon dashboard using LDAP credentials: 1.6. User Guide 14

1.7 LDAP plugin validation 1. To validate that LDAP plugin is successfully applied after deployment: Log into Horizon using domain/user credentials from LDAP server; Create an instance; Expecting results: All LDAP users can authenticate via Keystone; An instance is successfully created; 1.7. LDAP plugin validation 15

1.8 Troubleshooting 1.8.1 Checking presence of LDAP domain/users To get a list of domains in keystone run the following command on Controller node: OS_IDENTITY_API_VERSION=3 openstack domain list To get a list of users in a domain run the following command on Controller node: OS_IDENTITY_API_VERSION=3 openstack user list --quiet --long --domain <domain_name> 1.8.2 Checking LDAP server availability To check LDAP server availability run the following command on Controller node: ldapsearch -H ldap://<url/ip_address> -x -b dc=<ldap>,dc=<suffix> 1.8.3 LDAP plugin log files As LDAP plugin only updates keystone configuration files to check keystone service, these files keep logs: /var/log/apache2/keystone_wsgi_admin_access.log /var/log/apache2/keystone_wsgi_admin_error.log /var/log/apache2/keystone_wsgi_main_access.log /var/log/apache2/keystone_wsgi_main_error.log 1.9 Appendix 1.9.1 Links Mirantis OpenStack Documentation Center Fuel Plugins Catalog 1.8. Troubleshooting 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback