You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Introduction

Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.

This feature enables admin to map LDAP group/OU to a CloudStack domain/account and any changes are reflected in ACS as well.

Use Cases

  1. Admin wants to sync a domain/account in CloudStack with LDAP group/OU

Functional Requirements

  1. Cloud admin should be able to to map AD OU / group to a Domain or Account in CloudStack.
  2. While mapping a group to AD, the cloud admin should be able to specify the option to include nested groups and the profile to select for the group users (Domain Admin / normal user in case of domain mapping).
  3. Once a domain/account is mapped to an AD Group/OU the cloud admin / domain admin will not have the option to manually import users to the domain/account.
  4. The "Trust AD" component will automatically authorize users in CloudStack when added to an AD group without manual setup.
  5. when users are removed from a group in AD, the account should be blocked access in CloudStack as well. (The resources are still provisioned and running.)

Design

Flowchart

DB Changes

ldap_configuration table

id1
hostnamelocalhost
port10389
bind_principalCN=Administrator,CN=Users,DC=ccp,DC=example,DC=net
bind_passwordPassw0rd
email_attributemail
firstname_attributegivenname
lastname_attributesn
group_objectgroup
group_user_uniquemembermember
truststore 
truststore_password 
user_objectuser
username_attributesAMAccountName
search_group_principle

CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net

basedndc=ccp,dc=example,dc=net
read_timeout1000
request_page_size1000

ldap_trust_map

id12
typeGROUPOU
nameCN=Dev-Hyd,DC=ccp,DC=example,DC=net

OU=SevenSeas,DC=ccp,DC=example,DC=net

domain_id2

3

 

API Changes

No API changes expected.

UI Changes

 

Testing

Unit Tests

Automation Tests

Manual Tests

 

Open Issues

 

References

 

Bug Reference & Branch

 

  • No labels