You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
Introduction
Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.
This feature enables admin to map LDAP group/OU to a CloudStack domain/account and any changes are reflected in ACS as well.
Use Cases
- Admin wants to sync a domain/account in CloudStack with LDAP group/OU
Functional Requirements
- Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
- The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
- when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
Design
Flowchart
![](/confluence/download/attachments/58851788/Trust%20LDAP%20-%20New%20Page.png?version=2&modificationDate=1434715502000&api=v2)
DB Changes
API Changes
UI Changes
Testing
Unit Tests
Automation Tests
Manual Tests
Open Issues
References
Bug Reference & Branch