Today, CloudStack can automatically import LDAP users based on the configuration to a domain or an account. However, any new users in LDAP aren't automatically reflected. The admin has to manually import them again.
This feature enables admin to map LDAP group/OU to a CloudStack domain and any changes are reflected in ACS as well.
id | 1 |
---|---|
hostname | localhost |
port | 10389 |
bind_principal | CN=Administrator,CN=Users,DC=ccp,DC=example,DC=net |
bind_password | Passw0rd |
email_attribute | |
firstname_attribute | givenname |
lastname_attribute | sn |
group_object | group |
group_user_uniquemember | member |
truststore | |
truststore_password | |
user_object | user |
username_attribute | sAMAccountName |
search_group_principle | CN=Users,CN=Builtin,DC=ccp,DC=citrite,DC=net |
basedn | dc=ccp,dc=example,dc=net |
read_timeout | 1000 |
request_page_size | 1000 |
id | 1 | 2 |
---|---|---|
type | GROUP | OU |
name | CN=Dev-Hyd,DC=ccp,DC=example,DC=net | OU=SevenSeas,DC=ccp,DC=example,DC=net |
domain_id | 2 | 3 |
A new api to link ldap OU/domain with a CloudStack domain
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accountid": "13",
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP" admin=rajanik
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
cloudmonkey > link domaintoldap accounttype=2 name="cn=dev-hyd,dc=ccp,dc=citrite,dc=net" domainid=8f89a84e-51a0-459f-a9ed-9079ce790235 type="GROUP"
{
"LinkDomainToLdap": {
"accounttype": 2,
"domainid": 3,
"name": "cn=dev-hyd,dc=ccp,dc=citrite,dc=net",
"type": "GROUP"
}
}
a pop to link ou/group to cloudstack
this should show list of domains in cloudstack and provide text fields for type, name, admin(optional) and on save call the connectDomainToLdap api
LDAP : Trust AD and Auto Import Test Plan
When a user is disabled in LDAP, authentication in CloudStack will fail immediately. But, he will disabled in CloudStack only when he tries to login.
https://technet.microsoft.com/en-us/library/cc977992.aspx
CLOUDSTACK-8647