...
This feature enables admin to map LDAP group/OU to a CloudStack domain /account and any changes are reflected in ACS as well.
...
...
...
id | hostname | port | bind_principal | bind_password | email_attribute | firstname_attribute | lastname_attribute | group_object | group_user_uniquemember | truststore | truststore_password | user_object | username_attribute | search_group_principle | basedn | read_timeout | request_page_size |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | localhost | 10389 | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net | Passw0rd | givenname | sn | group | member | user | sAMAccountName | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net | dc=ccp,dc=example,dc=net | 1000 | 1000 |
id | type | name | domain_id |
---|---|---|---|
1 | GROUP | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | 2 |
2 | OU | OU=SevenSeas,DC=ccp,DC=example,DC=net | 4 |
No API changes expected.
1 | 2 | |
type | GROUP | OU |
---|---|---|
name | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net |
domain_id | 2 | 3 |
New configuration ldap.nested.groups.enable which can be either true or false. true indicates that the nested groups can be queried while false means only direct users are queried.
A new api to link ldap OU/domain with a CloudStack domain
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accountid": "13",
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP"
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
}
a pop to link ou/group to cloudstack
this should show list of domains in cloudstack and provide text fields for type, name, admin(optional) and on save call the connectDomainToLdap api
LDAP : Trust AD and Auto Import Test Plan
When a user is disabled in LDAP, authentication in CloudStack will fail immediately. But, he will disabled in CloudStack only when he tries to login.
https://technet.microsoft.com/en-us/library/cc977992.aspx
CLOUDSTACK-8647
...