Versions Compared

Old Version 17

changes.mady.by.user Rajani Karuturi

Saved on

compared with

New Version 18

changes.mady.by.user Rajani Karuturi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Cloud admin should be able to to map AD OU / group to a Domain in CloudStack.
  2. While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
  3. While mapping domain to AD, admin should be able to specify an user within AD OU/group as the domain admin.
  4. Once a domain is mapped to an AD Group/OU, the cloud admin / domain admin will not have the option to manually import users to the domain.
  5. If a domain has existing users(ldap/local), they will continue to work. Admin will also be able to add new local users to the domain.
  6. The "Trust AD" component will automatically authenticates users in CloudStack when added to an AD group without manual setup.
  7. when users are removed/disabled from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
  8. CloudStack api key/secret key should also be disabled if the user is disabled in LDAP
  9. If the users are removed/disabled in AD, they will be disabled in CloudStack only when the disabled/removed user tries to login.
  10. CloudStack api key/secret key should also be disabled if the user is disabled in LDAP (disabled CloudStack users as per 8)

Design

Flowchart

DB Changes

...