You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Jorge Luiz Correa <jo...@embrapa.br.INVALID> on 2022/06/08 20:30:33 UTC
How to configure link domaintoldap to define admin and user roles?
Hi all!
In documentation I can see:
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
accounttype=2\
ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\
type=OU
So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have
one account with domain admin role (accounttype=2).
How to do the same configuration for both user and admin roles? For example:
To define admins:
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
accounttype=2\
ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\
type=OU
To define users:
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
accounttype=0\
ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
type=OU
When I tried to do that the second command failed with:
Error: (HTTP 530, error code 9999) Entity already exists
As I couldn't configure in that way, I tried just one command with
accounttype=0 and passing the parameter admin=
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
accounttype=0\
ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
type=OU\
admin=adminuser
So, all members of LDAP group can be a normal user and adminuser will be
the domain admin.
But, if I need to have more than one domain admin, how can I configure?
I've tried put two admin= parameters but just the first is used.
Thank you!
--
__________________________
Aviso de confidencialidade
Esta mensagem da
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro
de 1972, e enviada exclusivamente a seu destinatario e pode conter
informacoes confidenciais, protegidas por sigilo profissional. Sua
utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
emitente, esclarecendo o equivoco.
Confidentiality note
This message from
Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
company established under Brazilian law (5.851/72), is directed
exclusively to its addressee and may contain confidential data,
protected under professional secrecy rules. Its unauthorized use is
illegal and may subject the transgressor to the law's penalties. If you
are not the addressee, please send it back, elucidating the failure.
Re: How to configure link domaintoldap to define admin and user roles?
Posted by Daan Hoogland <da...@gmail.com>.
Jorge, the linkDomaintoLdap feature is not that fine grained. Youĺl want to
look at LinkAccountToLdap for what you seek.
On Wed, Jun 8, 2022 at 10:31 PM Jorge Luiz Correa
<jo...@embrapa.br.invalid> wrote:
> Hi all!
>
> In documentation I can see:
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
> accounttype=2\
>
> ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\
> type=OU
>
> So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have
> one account with domain admin role (accounttype=2).
>
> How to do the same configuration for both user and admin roles? For
> example:
>
> To define admins:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
> accounttype=2\
>
> ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\
> type=OU
>
> To define users:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
> accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
> type=OU
>
> When I tried to do that the second command failed with:
>
> Error: (HTTP 530, error code 9999) Entity already exists
>
> As I couldn't configure in that way, I tried just one command with
> accounttype=0 and passing the parameter admin=
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
> accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
> type=OU\
> admin=adminuser
>
> So, all members of LDAP group can be a normal user and adminuser will be
> the domain admin.
>
> But, if I need to have more than one domain admin, how can I configure?
>
> I've tried put two admin= parameters but just the first is used.
>
> Thank you!
>
> --
> __________________________
> Aviso de confidencialidade
>
> Esta mensagem da
> Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica
> federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro
> de 1972, e enviada exclusivamente a seu destinatario e pode conter
> informacoes confidenciais, protegidas por sigilo profissional. Sua
> utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei.
> Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> emitente, esclarecendo o equivoco.
>
> Confidentiality note
>
> This message from
> Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government
> company established under Brazilian law (5.851/72), is directed
> exclusively to its addressee and may contain confidential data,
> protected under professional secrecy rules. Its unauthorized use is
> illegal and may subject the transgressor to the law's penalties. If you
> are not the addressee, please send it back, elucidating the failure.
>
--
Daan