Hi! This is just my first post here and I'm looking for some help to understand more about LDAP use. I'm using CloudStack 4.15.2.0 and an OpenLDAP server. I need to configure autosync to map an account to a LDAP group. My LDAP uses as group entity the posixGroup type.
Could CloudStack use groups of that type? If yes, how can I configure it in this way? My tests just work if I create a group of type groupOfNames (objectClass=groupOfNames with entries like member=userone member=usertwo). But, I already have an OpenLDAP server with a lot of groups using objectClass=posixGroup (with entries like memberUid=userone memberUid=usertwo). I would like to use them. Looking the slapd log I see a query with the following filter: (&(objectClass=inetOrgPerson)(uid=userone)(|(memberOf=cn=groupaccount1,ou=groups,dc=domain))) Reading about LDAP groups (in general), to use posixGroup it looks like the client should implement this, a way to check for users inside posixGroups. The log above appears to check users in groups using the memberof scheme. I didn't understand yet if CloudStack could operate like this. Is there a way to delete a "link accounttoldap" configuration? I always have to delete the account to make new testes, didn't find a way to delete this mapping. Thank you! :) -- Jorge Luiz Corrêa Embrapa Agricultura Digital echo "CkpvcmdlIEx1aXogQ29ycmVhCkFu YWxpc3RhIGRlIFJlZGVzIGUgU2VndXJhbm NhCkVtYnJhcGEgQWdyaWN1bHR1cmEgRGln aXRhbCAtIE5USQpBdi4gQW5kcmUgVG9zZW xsbywgMjA5IChCYXJhbyBHZXJhbGRvKQpD RVAgMTMwODMtODg2IC0gQ2FtcGluYXMsIF NQClRlbGVmb25lOiAoMTkpIDMyMTEtNTg4 Mgpqb3JnZS5sLmNvcnJlYUBlbWJyYXBhLm JyCgo="|base64 -d -- __________________________ Aviso de confidencialidade Esta mensagem da Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro de 1972, e enviada exclusivamente a seu destinatario e pode conter informacoes confidenciais, protegidas por sigilo profissional. Sua utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao emitente, esclarecendo o equivoco. Confidentiality note This message from Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government company established under Brazilian law (5.851/72), is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you are not the addressee, please send it back, elucidating the failure.
