...
...
id | 1 | hostname2localhost | |
---|---|---|---|
type | portGROUP | 10389OU | |
bind_principalname | CN=Administrator,CN=UsersDev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net | |
binddomain_passwordid | Passw0rd2 | email_attribute3 | |
firstname_attribute | givenname | ||
lastname_attribute | sn | ||
group_object | group | ||
group_user_uniquemember | member | ||
truststore | |||
truststore_password | |||
user_object | user | ||
username_attribute | sAMAccountName | ||
search_group_principle | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net | basedn |
New configuration ldap.nested.groups.enable which can be either true or false. true indicates that the nested groups can be queried while false means only direct users are queried.
A new api to link ldap OU/domain with a CloudStack domain
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accountid": "13",
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=
...
citrite,dc=net
...
",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP"
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
}
a pop to link ou/group to cloudstack
this should show list of domains in cloudstack and provide text fields for type, name, admin(optional) and on save call the connectDomainToLdap api
LDAP : Trust AD and Auto Import Test Plan
When a user is disabled in LDAP, authentication in CloudStack will fail immediately. But, he will disabled in CloudStack only when he tries to login.
https://technet.microsoft.com/en-us/library/cc977992.aspx
CLOUDSTACK-8647
id | 1 | 2 |
---|---|---|
type | GROUP | OU |
name | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net |
domain_id | 2 | 3 |
No API changes expected.
...