THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
Design
Flowchart
DB Changes
ldap_
...
| id | 1 |
|---|---|
| hostname | localhost |
| port | 10389 |
| bind_principal | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net |
| bind_password | Passw0rd |
| email_attribute | |
| firstname_attribute | givenname |
| lastname_attribute | sn |
| group_object | group |
| group_user_uniquemember | member |
| truststore | |
| truststore_password | |
| user_object | user |
| username_attribute | sAMAccountName |
| search_group_principle | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net |
| basedn | dc=ccp,dc=example,dc=net |
| read_timeout | 1000 |
| request_page_size | 1000 |
ldap_trust_map
| id | 1 | 2 |
|---|---|---|
| type | GROUP | OU |
| name | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net |
| domain_id | 2 | 3 |
Config changes
New configuration ldap.nested.groups.enable which can be either true or false. true indicates that the nested groups can be queried while false means only direct users are queried.
API Changes
A new api to link ldap OU/domain with a CloudStack domain
...
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
}
UI Changes
a pop to link ou/group to cloudstack
this should show list of domains in cloudstack and provide text fields for type, name, admin(optional) and on save call the connectDomainToLdap api
Testing
LDAP : Trust AD and Auto Import Test Plan
Open Issues
When a user is disabled in LDAP, authentication in CloudStack will fail immediately. But, he will disabled in CloudStack only when he tries to login.
References
https://technet.microsoft.com/en-us/library/cc977992.aspx
Bug Reference & Branch
CLOUDSTACK-8647
Overview
Content Tools
Apps