...
- Cloud admin should be able to to map AD OU / group to a Domain in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain.
- The "Trust AD" component will automatically authorize authenticates users in CloudStack when added to an AD group without manual setup.
- when users are removed/disabled from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
- admin should be able to enable to disable nested groups listing (new configuration)
- api key/secret key should be disabled for imported LDAP users in CloudStack
Design
Flowchart
DB Changes
...
- A new api to link ldap OU/domain with a CloudStack domain
- connectDomainToLdap - Admin only Api
- domainId - the domain which has to be linked
- type - OU/GROUP
- name - common name of group or OU
- admin - domain admin username in LDAP - optional
- Response
- return the domainId on success
- error message if its not successful
- TODO: sample request and response
...
{"serverDuration": 108, "requestCorrelationId": "80358b49a267bb44"}