From dev-return-113672-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Sat Aug 10 08:12:09 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id E7879180607 for ; Sat, 10 Aug 2019 10:12:08 +0200 (CEST) Received: (qmail 88612 invoked by uid 500); 10 Aug 2019 08:12:07 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 88601 invoked by uid 99); 10 Aug 2019 08:12:07 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Aug 2019 08:12:07 +0000 From: GitBox To: dev@cloudstack.apache.org Subject: [GitHub] [cloudstack-documentation] onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings Message-ID: <156542472745.32714.16319477507884370241.gitbox@gitbox.apache.org> Date: Sat, 10 Aug 2019 08:12:07 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit onitake commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r312695159 ########## File path: source/adminguide/accounts.rst ########## @@ -279,17 +279,63 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be confirgured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. MicrosoftAD and openldap as well as openDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. Review comment: Yes, absolutely. I just thought that linking an issue on a bug tracker in the documentation is a bit overkill. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org With regards, Apache Git Services