Ian, Please see response in line.
> -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: Wednesday, July 17, 2013 1:07 PM > To: dev@cloudstack.apache.org > Subject: Re: [GSoC] Update the wiki LDAP page > > 1) by default, user or domain admin are not able to update the password in > UI or via API, unless some permissions are added in api properties file - we > know this because we worked on extending user password functionality in > cloudstack > > Interesting I will definitely research this more. I was not aware of that. Got > any links to documentation about that API properties file? > Look for commands.properties file in webapps/client/WEB-INF/classes (or just do "locate commands.properties" ), it should be self-explanatory. > 2) user however can generate API key and Secret Key, but perhaps you can > create a job that will query LDAP periodically to check for disabled users, > and > if user is disabled in LDAP, disable the user in CloudStack as well. Would > this > approace work? > > Yes... I assume it would be possible to kick of a scheduled task (Anybody care > to chime in here as to how to do that within the cloudstack lifecycle?) that > would search all cloudstack users against the LDAP database and remove > them or revoke their keys in the event they are not found. I would let someone who is more developer centric answer this part, perhaps Chiradeep or anyone else? If you don’t get response, I will ask my friend who wrote something similar for password manager. Or you can just break down any existing scheduled task. Let me know if you don’t get a response, Regards ilya
