You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
Introduction
Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.
This feature enables admin to map LDAP group/OU to a CloudStack domain/account and any changes are reflected in ACS as well.
Use Cases
- Admin wants to sync a domain/account in CloudStack with LDAP group/OU
Functional Requirements
- Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
- The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
- when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
Design
Flowchart
![](/confluence/download/attachments/58851788/Trust%20LDAP%20-%20New%20Page.png?version=2&modificationDate=1434715502000&api=v2)
DB Changes
ldap_configuration table
id | hostname | port | bind_principal | bind_password | email_attribute | firstname_attribute | lastname_attribute | group_object | group_user_uniquemember | truststore | truststore_password | user_object | username_attribute | search_group_principle | basedn | read_timeout | request_page_size |
---|
1 | localhost | 10389 | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net | Passw0rd | mail | givenname | sn | group | member | | | user | sAMAccountName | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net | dc=ccp,dc=example,dc=net | 1000 | 1000 |
ldap_trust_map
id | type | name | domain_id |
---|
1 | GROUP | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | 2 |
2 | OU | OU=SevenSeas,DC=ccp,DC=example,DC=net | 4 |
API Changes
No API changes expected.
UI Changes
Testing
Unit Tests
Automation Tests
Manual Tests
Open Issues
References
Bug Reference & Branch