I recently had an opportunity to hook up Apache CloudStack 4.1 to Active Directory via OpenLDAP Proxies. While the OpenLDAP installation and configuration is relatively simple if you have prior experience with LDAP, the actual CloudStack configuration to use LDAP authentication is even simpler.
Follow Haroon Feroze’s excellent Step by Step Installation and Configuration of OpenLDAP as Proxy to Active Directory and the CloudStack instructions at Using an LDAP Server for User Authentication to complete the setup.
However, please be aware that the LDAP Authentication/Authorisation functionality as of CloudStack 4.1 seems to be very limited. Identical user accounts has to be created within CloudStack as they exist in LDAP. So essentially, it’s a minimal pass thru authentication for existing CloudStack users.
Ideally, CloudStack would auto create local accounts based on successful LDAP authentication rather than have the admin pre-create accounts. Also, it “looks” that CloudStack can only have one LDAP server configured to talk to at a time. For HA reasons, you might want to place your LDAP servers behind a Load Balancer and use the virtual IP instead.
There is a GSoC 2013 project to improve CloudStack’s LDAP support awarded to Ian Duffy. Details at http://ianduffy.ie/cloudstack-ldap.pdf. We should see better LDAP support in future releases.