cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhinandan Prateek <>
Subject Re: VR VPN + LDAP access
Date Mon, 08 Aug 2016 08:31:50 GMT
Yes, please do.

Thank you,

53 Chandos Place, Covent Garden, London  WC2N 4HSUK

On 06/08/16, 12:09 AM, "Matthew Smart" <> wrote:

>What we want is to add LDAP support to openswan (ppp plugin maybe?) on 
>the VR so that users can be authenticated and authorized via our ldap 
>server. I have been digging through the code and familiarizing myself 
>with it. Should I move this conversation to the dev list before I get 
>into the use case I am working on?
>Matthew Smart
>Smart Software Solutions Inc.
>108 S Pierre St.
>Pierre, SD 57501
>Phone: (605) 280-0383
>Skype: msmart13
>On 08/05/2016 04:17 AM, Abhinandan Prateek wrote:
>> Hi Matthew,
>>    What is the use case to add ldap (server ?) to VR ?
>> The system vms are stateless and any support needs to be build into system vm template
which as you rightly pointed out, is debian based.
>> The way to get started on this is to first familiarise yourself with the process
of building system vm templates. (In tools/appliance )
>> And next step will be to figure out how you can send configuration information from
management server to a VR. (You can check how firewall rules are configured etc)
>> -abhi
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>> @shapeblue
>> On 04/08/16, 11:36 PM, "Matthew Smart" <> wrote:
>>> Guys,
>>> Thanks for the info. My next step is to engage the dev mailing list to
>>> see if there is any interest in my team contributing to add ldap or
>>> radius (not familiar with the available plugins for open/strong swan)
>>> support to the VR. I assume the SAML support in cloudstack is for the UI
>>> just like the LDAP support?
>>> In the meantime, I see two options that I want to run by you guys. The
>>> first being creating a VM cluster in a special account that has access
>>> to all of the isolated networks to use as a master VPN server.
>>> Essentially, I would be replicate my current non-cloudstack setup as a
>>> temporary solution. Given that I am more than qualified to manually
>>> manipulate the api, db, and configs to associate this VM with all of the
>>> isolated guest networks. Is this even possible?
>>> The other, less appealing option is to override the current VR VM with
>>> one I have configured with the ppp ldap plugin and configs I would need
>>> to support what I want to do. Obviously, I don't like the idea of
>>> breaking my ability to upgrade the VR as new versions are released but I
>>> think this is doable in that the VR looks to be just a Debian VM. If I
>>> am careful I should be able to add my changes without breaking it... but
>>> given my current knowledge of the VR and networking internals of
>>> Cloudstack I could easily break something in some subtle way that does
>>> not present until we are in production. Not ideal.
>>> What do you guys recommend as a course forward until we get a more
>>> modular access/auth subsystem contributed to the project? I am so close
>>> to having cloudstack do exactly what I want. It is 95% perfect for us. I
>>> just need to figure out this other 5%.
>>> Thanks,
>>> Matthew Smart
>>> President
>>> Smart Software Solutions Inc.
>>> 108 S Pierre St.
>>> Pierre, SD 57501
>>> Phone: (605) 280-0383
>>> Skype: msmart13
>>> Email:
>>> On 08/03/2016 12:48 AM, ilya wrote:
>>>> VR VPN + LDAP access
View raw message