CloudStack reset password script

The process to install the password reset script described in the Cloudstack's admin guide was not working for me on an Ubuntu template so I tried to figure what was wrong with it.

In the admin guide they say that we should place the script in /etc/init.d/ and enable it using update-rc.d but that didn't work so I tried to place this in /etc/init/cloudstack.conf

##########################################################################
description "CloudStack password reset"
author "Luis Davim"
# Be sure to block the display managers until our job has completed. This
# is to make sure our kernel services are running before user
# may launch.
start on runlevel [235] or starting gdm or starting kdm or starting prefdm
stop on runlevel [06]
pre-start exec /etc/init.d/cloud-set-guest-password
post-stop exec /etc/init.d/cloud-set-guest-password

That didn't not work either, so I took a look at the script and figured it needed to have the network configured to run.

So I configured my network interface like this:

# The primary network interface
auto eth0
iface eth0 inet dhcp
post-up /etc/init.d/cloud-set-guest-password
pre-down /etc/init.d/cloud-set-guest-password

you can also link the script into the /etc/network/if-up(down) folders:

ln -s /etc/init.d/cloud-set-guest-password/etc/network/if-up/cloud-set-guest-password
ln -s /etc/init.d/cloud-set-guest-password/etc/network/if-down/cloud-set-guest-password

And that was it, now I have an Ubuntu template with a working password reset script.

Note: I've also modified the password script to use chpasswd insted of passwd --stdin since ubuntu does not have the --stdin option in passwd and both ubuntu and centos have chpasswd but that was/is not the problem because usermod with mkpasswd was working...

just replaced:

echo $password | passwd --stdin $user

with

echo "$user:$password" | chpasswd

CloudStack LDAP

References:

• http://docs.cloudstack.org/CloudStack_Documentation/Design_Documents/LDAP_Authentication
• http://docs.cloudstack.org/CloudStack_Documentation/Developer's_Guide%3A_CloudStack

First you need to configure LDAP by making an API call with an URL like this:

http://127.0.0.1:8096/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou%3Dpeople%2Co%3DsevenSeas&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=%20cn%3DJohn+Fryer%2Cou%3Dpeople%2Co%3DsevenSeas&bindpass=secret&port=10389&response=json

Or in a more readable format:

http://127.0.0.1:8096/client/api?command=ldapConfig
&hostname=127.0.0.1
&searchbase=ou%3Dpeople%2Co%3DsevenSeas
&queryfilter=%28%26%28uid%3D%25u%29%29
&binddn=%20cn%3DJohn+Fryer%2Cou%3Dpeople%2Co%3DsevenSeas
&bindpass=secret
&port=10389
&response=json

Note the URL encoded values, here you have the decoded version:

http://127.0.0.1:8096/client/api?command=ldapConfig
&hostname=127.0.0.1
&searchbase=ou=people,o=sevenSeas
&queryfilter=(&(uid=%u))
&binddn= cn=John Fryer,ou=people,o=sevenSeas
&bindpass=secret
&port=10389
&response=json

You can use this link to encode/decode your url -> http://meyerweb.com/eric/tools/dencoder/

After you've created your URL (with encoded values) open your browser, login into cloudstack and then fire up your ldap config URL.
Now if you go back to cloudstack and under "Global Settings" search for LDAP and you should see that LDAP is configured.

Now you have to manually create the user accounts with the same logins as in your LDAP server or you can use the CloudStack API to make a script and "sync" your LDAP users into CloudStack, I've written a PHP script that does this.
You'll have to modify it to match your LDAP schema and you can get it after the break.