This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
The following commit(s) were added to refs/heads/main by this push:
new e8b7bf7 Updating LDAP integration instructions in table format (#494)
e8b7bf7 is described below
commit e8b7bf7466a1e5ceb4855fafa759becc8e43a7df
Author: Davi Torres <90287660+daviftor...@users.noreply.github.com>
AuthorDate: Tue Apr 15 09:33:08 2025 -0400
Updating LDAP integration instructions in table format (#494)
Co-authored-by: Davi Torres <dtor...@simnet.ca>
---
source/adminguide/accounts.rst | 104 +++++++++++++++++++++++------------------
1 file changed, 59 insertions(+), 45 deletions(-)
diff --git a/source/adminguide/accounts.rst b/source/adminguide/accounts.rst
index c66e0f0..04c431d 100644
--- a/source/adminguide/accounts.rst
+++ b/source/adminguide/accounts.rst
@@ -481,36 +481,74 @@ to be applied through the API call described above.
In addition to those shown in the example script above, the following
-configuration items can be configured (the default values are for
-openldap)
+configuration items can be configured on a Global or on a per Domain level
(the default values are for
+OpenLDAP)
-- ``ldap.basedn``: Sets the basedn for LDAP. Ex:
**OU=APAC,DC=company,DC=com**
-
-- ``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a User
- who can list all the Users in the above basedn. Ex:
- **CN=Administrator, OU=APAC, DC=company, DC=com**
+.. list-table:: LDAP Settings
+ :header-rows: 1
-- ``ldap.user.object``: object type of Users within LDAP. Defaults value is
- **user** for AD and **interorgperson** for openldap.
+ * - Setting
+ - OpenLDAP
+ - Active Directory
+ - Description
+ * - ``ldap.basedn``
+ - `Ex: OU=APAC, DC=company, DC=com`
+ - `Ex: DC=company, DC=com`
+ - Sets the basedn for LDAP.
+ * - ``ldap.search.group.principle``
+ - `Ex: CN=ACSGroup, DC=company, DC=com`
+ - `Ex: CN=ACSGroup, CN=Users, DC=company, DC=com`
+ - (optional) if set only Users from this group are listed.
+ * - ``ldap.bind.principal``
+ - `Ex: CN=ACSServiceAccount, OU=APAC, DC=company, DC=com`
+ - `Ex: CN=ACSServiceAccount, CN=Users, DC=company, DC=com`
+ - Service account that can list all the Users in the above basedn. Avoid
using privileged account such as Administrator.
+ * - ``ldap.bind.password``
+ - `******************`
+ - `******************`
+ - Password for a DN User. Is entered in plain text but gets stored
encrypted.
+ * - ``ldap.user.object``
+ - `interorgperson`
+ - `user`
+ - Object type of Users within LDAP.
+ * - ``ldap.email.attribute``
+ - `mail`
+ - `mail`
+ - Email attribute within ldap for a User.
+ * - ``ldap.firstname.attribute``
+ - `givenname`
+ - `givenname`
+ - firstname attribute within ldap for a User.
+ * - ``ldap.lastname.attribute``
+ - `sn`
+ - `sn`
+ - lastname attribute within ldap for a User.
+ * - ``ldap.group.object``
+ - `groupOfUniqueNames`
+ - `groupOfUniqueNames`
+ - Object type of groups within LDAP.
+ * - ``ldap.group.user.uniquemember``
+ - `uniquemember`
+ - `uniquemember`
+ - Attribute for uniquemembers within a group.
+
+
+Once configured, on Add Account page, you will see an "Add LDAP Account"
button which opens a dialog and the selected Users can be imported.
-- ``ldap.email.attribute``: email attribute within ldap for a User. Default
- value for AD and openldap is **mail**.
+.. figure:: /_static/images/CloudStack-ldap-screen1.png
+ :align: center
-- ``ldap.firstname.attribute``: firstname attribute within ldap for a User.
- Default value for AD and openldap is **givenname**.
-- ``ldap.lastname.attribute``: lastname attribute within ldap for a User.
- Default value for AD and openldap is **sn**.
+You could also use api commands:
+``listLdapUsers``, to list Users in LDAP that could or would be imported in
CloudStack
+``ldapCreateAccount``, to manually create a User in a specific Account
+``importLdapUsers``, to batch import Users from LDAP
-- ``ldap.username.attribute``: username attribute for a User within LDAP.
- Default value is **SAMAccountName** for AD and **uid** for openldap.
+Once LDAP is enabled, the Users will not be allowed to changed password
+directly in CloudStack.
-Restricting LDAP Users to a group:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- ``ldap.search.group.principle``: this is optional and if set only Users from
- this group are listed.
LDAP SSL:
@@ -524,30 +562,6 @@ You will need to know the path to the keystore and the
password.
- ``ldap.truststore.password`` : truststore password
-LDAP groups:
-~~~~~~~~~~~~
-
-- ``ldap.group.object``: object type of groups within LDAP. Default value is
- group for AD and **groupOfUniqueNames** for openldap.
-
-- ``ldap.group.user.uniquemember``: attribute for uniquemembers within a
group.
- Default value is **member** for AD and **uniquemember** for openldap.
-
-Once configured, on Add Account page, you will see an "Add LDAP Account" button
-which opens a dialog and the selected Users can be imported.
-
-.. figure:: /_static/images/CloudStack-ldap-screen1.png
- :align: center
-
-
-You could also use api commands:
-``listLdapUsers``, to list Users in LDAP that could or would be imported in
CloudStack
-``ldapCreateAccount``, to manually create a User in a specific Account
-``importLdapUsers``, to batch import Users from LDAP
-
-Once LDAP is enabled, the Users will not be allowed to changed password
-directly in CloudStack.
-
.. |button to dedicate a zone, pod,cluster, or host| image::
/_static/images/dedicate-resource-button.png
Using a SAML 2.0 Identity Provider for User Authentication
