cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <imusa...@webmd.net>
Subject RE: [GSoC] Update the wiki LDAP page
Date Wed, 17 Jul 2013 18:56:04 GMT
Also, please note - there is a difference between locked and disabled user.

If I understand this correctly, lock - forbids user from logging in, disable - will power
down the vms user created.

We should probably lock the account and let admin do a clean up on their own - but its open
for discussion.

> -----Original Message-----
> From: Ian Duffy [mailto:ian@ianduffy.ie]
> Sent: Wednesday, July 17, 2013 1:07 PM
> To: dev@cloudstack.apache.org
> Subject: Re: [GSoC] Update the wiki LDAP page
> 
> 1) by default, user or domain admin are not able to update the password in
> UI or via API, unless some permissions are added in api properties file - we
> know this because we worked on extending user password functionality in
> cloudstack
> 
> Interesting I will definitely research this more. I was not aware of that. Got
> any links to documentation about that API properties file?
> 
> 2) user however can generate API key and Secret Key, but perhaps you can
> create a job that will query LDAP periodically to check for disabled users, and
> if user is disabled in LDAP, disable the user in CloudStack as well. Would this
> approace work?
> 
> Yes... I assume it would be possible to kick of a scheduled task (Anybody care
> to chime in here as to how to do that within the cloudstack lifecycle?) that
> would search all cloudstack users against the LDAP database and remove
> them or revoke their keys in the event they are not found.

Mime
View raw message