Backlog #1391

Enhanced like LDAP support (Amazon Like)

Added by Ricardo Duarte almost 9 years ago. Updated about 8 years ago.

Status:ClosedStart date:07/25/2012
Priority:LowDue date:
Assignee:-% Done:

0%

Category:Drivers - Auth
Target version:-

Description

I would like to propose the following mechanism for LDAP support:

- Users would only be able to login to Sunstone and Self Service with the LDAP password
- A new tab would be available for credential management
- The tab would allow the user to generate his credentials to be used with EC2 and OCCI (Access key, Secret Access Key, OCCI, x509)
- The tab would have the user keypairs (like Amazon keypairs, to be used on instances)
- Every time a user tries an operation, with any of his credentials, OpenNebula would check with LDAP if the user account is still available, or fi the user is still a member of a group, etc (so, LDAP authorization only for credentials)
- OpenNebula Admin would be able to set and expire period, or to manually expire the user credentials.

This is very similiar to how Amazon and CloudStack works, and would support all the frontends. It would also enhance the "bootstrap" process for a user account. No admin intervention would be required other then maybe add the user to a group in LDAP.

History

#1 Updated by Ruben S. Montero almost 9 years ago

  • Target version deleted (Release 3.8)

#2 Updated by Ruben S. Montero about 8 years ago

  • Tracker changed from Request to Feature
  • Category changed from Core & System to Drivers - Auth
  • Priority changed from Normal to Low

#3 Updated by Ruben S. Montero about 8 years ago

  • Tracker changed from Feature to Backlog
  • Status changed from New to Pending

#4 Updated by Ruben S. Montero about 8 years ago

  • Status changed from Pending to Closed

Also available in: Atom PDF