...
- Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
- The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
- when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
Design
...
Flowchart
![](/confluence/download/attachments/58851788/Trust%20LDAP%20-%20New%20Page.png?version=2&modificationDate=1434715502000&api=v2)
DB Changes
API Changes
UI Changes
...
{"serverDuration": 106, "requestCorrelationId": "b52050275948a154"}