cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pdion...@apache.org
Subject [2/6] git commit: accounts.rst: remove trailing spaces, add highlight
Date Wed, 20 Aug 2014 00:23:06 GMT
accounts.rst: remove trailing spaces, add highlight


Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/018c6657
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/018c6657
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/018c6657

Branch: refs/heads/master
Commit: 018c66571c2fb89e87c3f299717b6234602cbe87
Parents: 1ace4ca
Author: Pierre-Luc Dion <pdion891@apache.org>
Authored: Tue Aug 19 20:04:07 2014 -0400
Committer: Pierre-Luc Dion <pdion891@apache.org>
Committed: Tue Aug 19 20:04:07 2014 -0400

----------------------------------------------------------------------
 source/accounts.rst | 81 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/018c6657/source/accounts.rst
----------------------------------------------------------------------
diff --git a/source/accounts.rst b/source/accounts.rst
index a4d95a2..b555742 100644
--- a/source/accounts.rst
+++ b/source/accounts.rst
@@ -186,53 +186,80 @@ Using an LDAP Server for User Authentication
 --------------------------------------------
 
 You can use an external LDAP server such as Microsoft Active Directory
-or ApacheDS to authenticate CloudStack end-users. 
-CloudStack will search the external LDAP directory tree
-starting at a specified base directory and gets user info such as first name, last name,
email and username. 
+or ApacheDS to authenticate CloudStack end-users. CloudStack will search
+the external LDAP directory tree starting at a specified base directory
+and gets user info such as first name, last name, email and username.
 
 To authenticate, username and password entered by the user are used.
-Cloudstack does a search for a user with the given username. If it exists, it does a bind
request with DN and password
+Cloudstack does a search for a user with the given username. If it
+exists, it does a bind request with DN and password.
 
 To set up LDAP authentication in CloudStack, call the CloudStack API
-command addLdapConfiguration and provide Hostname or IP address and listening port of the
LDAP server.
-You could configure multiple servers as well. These are expected to be replicas. If one fails,
the next one is used.
+command ``addLdapConfiguration`` and provide Hostname or IP address
+and listening port of the LDAP server. You could configure multiple
+servers as well. These are expected to be replicas. If one fails,
+the next one is used.
 
+The following global configurations should also be configured (the
+default values are for openldap)
 
-The following global configurations should also be configured (the default values are for
openldap)
+-  ``ldap.basedn``:	Sets the basedn for LDAP. Ex: **OU=APAC,DC=company,DC=com**
 
+-  ``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a user
+   who can list all the users in the above basedn. Ex:
+   **CN=Administrator, OU=APAC, DC=company, DC=com**
+
+-  ``ldap.user.object``: object type of users within LDAP. Defaults value is
+   **user** for AD and **interorgperson** for openldap.
+
+-  ``ldap.email.attribute``: email attribute within ldap for a user. Default
+   value for AD and openldap is **mail**.
+
+-  ``ldap.firstname.attribute``: firstname attribute within ldap for a user.
+   Default value for AD and openldap is **givenname**.
+
+-  ``ldap.username.attribute``: username attribute for a user within LDAP.
+  Default value is **SAMAccountName** for AD and **uid** for openldap.
 
-- ldap.basedn:	Sets the basedn for LDAP. Ex: OU=APAC,DC=company,DC=com
-- ldap.bind.principal,ldap.bind.password: DN and password for a user who can list all the
users in the above basedn. Ex: CN=Administrator, OU=APAC, DC=company, DC=com
-- ldap.user.object: object type of users within LDAP. Defaults value is user for AD and interorgperson
for openldap.
-- ldap.email.attribute: email attribute within ldap for a user. Default value for AD and
openldap is mail.
-- ldap.firstname.attribute: firstname attribute within ldap for a user. Default value for
AD and openldap is givenname.
-- ldap.username.attribute: username attribute for a user within LDAP. Default value is SAMAccountNAme
for AD and uid for openldap.
 
 Restricting LDAP users to a group:
-~~~~~~~~~~~~~
-- ldap.search.group.principle: this is optional and if set only users from this group are
listed.		
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``ldap.search.group.principle``: this is optional and if set only users from
+   this group are listed.
+
 
 LDAP SSL:
-~~~~~~~~~~~~~
-- ldap.lastname.attribute: lsatname attribute within ldap for a user. Default value for AD
and openldap is sn.
-- ldap.truststore, ldap.truststore.password:	truststore,password to use for LDAP SSL.	
- 
-LDAP groups:  
-~~~~~~~~~~~~~
-- ldap.group.object: object type of groups within LDAP. Default value is group for AD and
groupOfUniqueNames for openldap.	
-- ldap.group.user.uniquemember: attribute for uniquemembers within a group. Default value
is member for AD and uniquemember for openldap.
+~~~~~~~~~
+
+-  ``ldap.lastname.attribute``: lastname attribute within ldap for a user.
+   Default value for AD and openldap is **sn**.
+
+-  ``ldap.truststore``, ``ldap.truststore.password``:	truststore, password
+   to use for LDAP SSL.
  
 
-Once configured, on Add Account page, you will see an "Add LDAP Account" button which opens
a dialog and the selected users can be imported.
+LDAP groups:
+~~~~~~~~~~~~
+
+-  ``ldap.group.object``: object type of groups within LDAP. Default value is
+   group for AD and **groupOfUniqueNames** for openldap.	
+
+-  ``ldap.group.user.uniquemember``: attribute for uniquemembers within a group.
+   Default value is **member** for AD and **uniquemember** for openldap.
+
+Once configured, on Add Account page, you will see an "Add LDAP Account" button
+which opens a dialog and the selected users can be imported.
 
 .. figure:: _static/images/CloudStack-ldap-screen1.png
    :align:   center
 
 
+You could also use api commands: ``listLdapUsers``, ``ldapCreateAccount`` and
+``importLdapUsers``.
 
-You could also use api commands: listLdapUsers, ldapCreateAccount and importLdapUsers.
-
-Once LDAP is enabled, the users will not be allowed to changed password directly in cloudstack.
+Once LDAP is enabled, the users will not be allowed to changed password
+directly in cloudstack.
 
 
 


Mime
View raw message