You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.

This feature enables admin to map LDAP group/OU to a CloudStack domain/account and any changes are reflected in ACS as well.

Use Cases

  1. Admin wants to sync a domain/account in CloudStack with LDAP group/OU

Functional Requirements

  1. Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
  2. While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
  3. Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
  4. The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
  5. when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)

Design Flow

DB Changes

API Changes

UI Changes

 

Testing

Unit Tests

Automation Tests

Manual Tests

 

Open Issues

 

References

 

Bug Reference & Branch

 

  • No labels