cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <...@ianduffy.ie>
Subject Re: [GSoC] Update the wiki LDAP page
Date Wed, 17 Jul 2013 17:06:35 GMT
1) by default, user or domain admin are not able to update the
password in UI or via API, unless some permissions are added in api
properties file - we know this because we worked on extending user
password functionality in cloudstack

Interesting I will definitely research this more. I was not aware of
that. Got any links to documentation about that API properties file?

2) user however can generate API key and Secret Key, but perhaps you
can create a job that will query LDAP periodically to check for
disabled users, and if user is disabled in LDAP, disable the user in
CloudStack as well. Would this approace work?

Yes... I assume it would be possible to kick of a scheduled task
(Anybody care to chime in here as to how to do that within the
cloudstack lifecycle?) that would search all cloudstack users against
the LDAP database and remove them or revoke their keys in the event
they are not found.

Mime
View raw message