...
This feature enables admin to map LDAP group/OU to a CloudStack domain /account and any changes are reflected in ACS as well.
...
- Admin wants to sync a domain /account in CloudStack with LDAP group/OU
...
- Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain /account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
- The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
- when users are removed/disabled from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
...