THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Introduction
Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.
This feature enables admin to map LDAP group/OU to a CloudStack domain/account and any changes are reflected in ACS as well.
Use Cases
- Admin wants to sync a domain/account in CloudStack with LDAP group/OU
Functional Requirements
- Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
- While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
- Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
- The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
- when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)
Design
Flowchart
DB Changes
ldap_configuration table
| id | hostname | port | bind_principal | bind_password | email_attribute | firstname_attribute | lastname_attribute | group_object | group_user_uniquemember | truststore | truststore_password | user_object | username_attribute | search_group_principle | basedn | read_timeout | request_page_size |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | localhost | 10389 | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net | Passw0rd | givenname | sn | group | member | user | sAMAccountName | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net | dc=ccp,dc=example,dc=net | 1000 | 1000 |
ldap_trust_map
| id | type | name | domain_id |
|---|---|---|---|
| 1 | GROUP | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | 2 |
| 2 | OU | OU=SevenSeas,DC=ccp,DC=example,DC=net | 4 |
API Changes
No API changes expected.
UI Changes
Testing
Unit Tests
Automation Tests
Manual Tests
Open Issues
References
Bug Reference & Branch
Overview
Content Tools
Apps