cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <imusa...@webmd.net>
Subject RE: [GSoC] Update the wiki LDAP page
Date Wed, 17 Jul 2013 18:51:21 GMT
Ian,

Please see response in line.

> -----Original Message-----
> From: Ian Duffy [mailto:ian@ianduffy.ie]
> Sent: Wednesday, July 17, 2013 1:07 PM
> To: dev@cloudstack.apache.org
> Subject: Re: [GSoC] Update the wiki LDAP page
> 
> 1) by default, user or domain admin are not able to update the password in
> UI or via API, unless some permissions are added in api properties file - we
> know this because we worked on extending user password functionality in
> cloudstack
> 
> Interesting I will definitely research this more. I was not aware of that. Got
> any links to documentation about that API properties file?
> 

Look for commands.properties file in webapps/client/WEB-INF/classes (or just do "locate commands.properties"
), it should be self-explanatory. 

> 2) user however can generate API key and Secret Key, but perhaps you can
> create a job that will query LDAP periodically to check for disabled users, and
> if user is disabled in LDAP, disable the user in CloudStack as well. Would this
> approace work?
> 
> Yes... I assume it would be possible to kick of a scheduled task (Anybody care
> to chime in here as to how to do that within the cloudstack lifecycle?) that
> would search all cloudstack users against the LDAP database and remove
> them or revoke their keys in the event they are not found.


I would let someone who is more developer centric answer this part, perhaps Chiradeep or anyone
else? If you don’t get response,  I will ask my friend who wrote something similar for password
manager. Or you can just break down any existing scheduled task.

Let me know if you don’t get a response,

Regards
ilya
Mime
View raw message