CloudStack 4.2 and LDAP Authentication


Need to leverage Active Directory (AD) authentication in CloudStack? Well here’s how it can be done. It’s much simpler in 4.2 than it used to be and can be configured from the management portal. One of the only complaints is that you’ll still need to create an account in CloudStack. Then you’ll have to map an attribute from those accounts to an AD attribute. Let’s get started.

From CloudStack, log into the portal as an administrator the go to “Global Settings”. Change the view to “LDAP Configuration” click the “Configure LDAP” button.

CloudStack LDAP Configuration

Fill in the required information.

CloudStack LDAP Configuration

Here is an example of how the setting would look like if your setting up authentication for Active Directory.

  • *Bind DN: CN=administrator,CN=users,DC=myvlab,DC=local
  • *Bind Password: P@$$W0rd
  • *Hostname: 10.10.1.1
  • *Query Filter: (sAMAccountName=%u)
  • *SearchBase: CN=users,DC=myvlab,DC=local
  • SSL: Default is unchecked
  • Port: 389

Then click the “OK” button when your done.

That’s all fine and now your users should be able to authenticate using their AD password but there is a bit of information you’ll need before you can populate these setting. A basic understanding of AD is also required. You can use “ADSI Edit” to find the Distinguished Name (DN) and attributes that can be used for the “Query Filter”. You should think about your “Query Filter” as well so it fits your needs. In this example I use the AD “sAMAccountName” then map it to the CloudStack “username”.

You should use automation when creating the user accounts so that the user account format matching that you use for AD. Another thing to note, your user still have access to change the local CloudStack password after they are logged in.