incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Koushik Das <koushik....@citrix.com>
Subject RE: [DISCUSS] Cloudstack to manage User objects in LDAP
Date Thu, 20 Dec 2012 10:20:25 GMT
See inline

Thanks,
Koushik

> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Wednesday, December 19, 2012 10:18 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: [DISCUSS] Cloudstack to manage User objects in LDAP
> 
> On Wed, Dec 19, 2012 at 11:44 AM, David Nalley <david@gnsa.us> wrote:
> > On Wed, Dec 19, 2012 at 12:59 AM, Manikanta Kattamuri
> > <manikanta.kattamuri@sungard.com> wrote:
> >> Hi,
> >>
> >>
> >>
> >> We'd like to be able to have CloudStack manage the user objects from
> LDAP.
> >>
> >> The reason would, be we have a set of other service offerings for the
> >> users of cloudstack service.
> >>
> >>
> >>
> >> Are there any others facing this type of scenarios and any solutions
> >> or on-going development to resolve this.
> >>
> >>
> >>
> >> Inputs and thoughts are very much welcome.
> >
> >
> > Define 'manage'?
> >
> 
> Create, update, delete OU's and users via LDAP calls.

I don't think CS should allow user management for external systems. Currently CS supports
creating accounts and each account has 1 or more users. These users should be considered as
one of the ways of authenticating to CS and on successful authentication the associated account
is used to perform all operations. CS should only deal with accounts. Now authentication method
can be the native user/password that CS supports or by other means like any LDAP or Google/Facebook
IDs. There should be some mechanism to map external users to CS accounts. This can be done
by some CS component but I personally feel this should also be outside of CS. Comments?


> 
> > Do I understand this to mean you want to offer service offerings based
> > on user account in LDAP (or attributes of that account, like OU?)
> >
> > --David
> >

Mime
View raw message