You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Jorge Luiz Correa <jo...@embrapa.br.INVALID> on 2022/06/08 20:30:33 UTC

How to configure link domaintoldap to define admin and user roles?

Hi all!

In documentation I can see:

cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
                              accounttype=2\

ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\
                              type=OU

So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have
one account with domain admin role (accounttype=2).

How to do the same configuration for both user and admin roles? For example:

To define admins:
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
                              accounttype=2\

ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\
                              type=OU

To define users:
cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
                              accounttype=0\

ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
                              type=OU

When I tried to do that the second command failed with:

Error: (HTTP 530, error code 9999) Entity already exists

As I couldn't configure in that way, I tried just one command with
accounttype=0 and passing the parameter admin=

cloudmonkey link domaintoldap domainid=12345678-90ab-cdef-fedc-ba0987654321\
                              accounttype=0\

ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
                              type=OU\
                              admin=adminuser

So, all members of LDAP group can be a normal user and adminuser will be
the domain admin.

But, if I need to have more than one domain admin, how can I configure?

I've tried put two admin= parameters but just the first is used.

Thank you!

-- 
__________________________
Aviso de confidencialidade

Esta mensagem da 
Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), empresa publica 
federal  regida pelo disposto  na Lei Federal no. 5.851,  de 7 de dezembro 
de 1972,  e  enviada exclusivamente  a seu destinatario e pode conter 
informacoes  confidenciais, protegidas  por sigilo profissional.  Sua 
utilizacao desautorizada  e ilegal e  sujeita o infrator as penas da lei. 
Se voce  a recebeu indevidamente, queira, por gentileza, reenvia-la ao 
emitente, esclarecendo o equivoco.

Confidentiality note

This message from 
Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), a government 
company  established under  Brazilian law (5.851/72), is directed 
exclusively to  its addressee  and may contain confidential data,  
protected under  professional secrecy  rules. Its unauthorized  use is 
illegal and  may subject the transgressor to the law's penalties. If you 
are not the addressee, please send it back, elucidating the failure.

Re: How to configure link domaintoldap to define admin and user roles?

Posted by Daan Hoogland <da...@gmail.com>.

Jorge, the linkDomaintoLdap feature is not that fine grained. Youĺl want to
look at LinkAccountToLdap for what you seek.

On Wed, Jun 8, 2022 at 10:31 PM Jorge Luiz Correa
<jo...@embrapa.br.invalid> wrote:

> Hi all!
>
> In documentation I can see:
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>                               accounttype=2\
>
> ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\
>                               type=OU
>
> So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have
> one account with domain admin role (accounttype=2).
>
> How to do the same configuration for both user and admin roles? For
> example:
>
> To define admins:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>                               accounttype=2\
>
> ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\
>                               type=OU
>
> To define users:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>                               accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
>                               type=OU
>
> When I tried to do that the second command failed with:
>
> Error: (HTTP 530, error code 9999) Entity already exists
>
> As I couldn't configure in that way, I tried just one command with
> accounttype=0 and passing the parameter admin=
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>                               accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
>                               type=OU\
>                               admin=adminuser
>
> So, all members of LDAP group can be a normal user and adminuser will be
> the domain admin.
>
> But, if I need to have more than one domain admin, how can I configure?
>
> I've tried put two admin= parameters but just the first is used.
>
> Thank you!
>
> --
> __________________________
> Aviso de confidencialidade
>
> Esta mensagem da
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), empresa publica
> federal  regida pelo disposto  na Lei Federal no. 5.851,  de 7 de dezembro
> de 1972,  e  enviada exclusivamente  a seu destinatario e pode conter
> informacoes  confidenciais, protegidas  por sigilo profissional.  Sua
> utilizacao desautorizada  e ilegal e  sujeita o infrator as penas da lei.
> Se voce  a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> emitente, esclarecendo o equivoco.
>
> Confidentiality note
>
> This message from
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), a government
> company  established under  Brazilian law (5.851/72), is directed
> exclusively to  its addressee  and may contain confidential data,
> protected under  professional secrecy  rules. Its unauthorized  use is
> illegal and  may subject the transgressor to the law's penalties. If you
> are not the addressee, please send it back, elucidating the failure.
>


-- 
Daan