> > ROOT/user1 is able to authenticate as ROOT/MYDOMAIN/user1 using ldap > password.
Interesting never thought of that possibility. This is partially due to the nature of how Cloudstack's authentication engine works. So what happens is when you attempt to login your username/password is passed down through different authentication systems so... Attempt auth against DB using SHA1 pass Attempt auth against DB using MD5 pass .... Attempt auth using LDAP For the LDAP stage only the username/password is given. The Username is looked up in LDAP and a principle. Using this principle and the supplied password a bind is made. Should be bind be successful the user is authenticated. As far as I'm aware there is no work around for this without modifying source. My general rule of thumb for it would be to not mix authentication, either go all internal CS users or all LDAP based users. On 20 August 2013 17:21, Valery Ciareszka <valery.teres...@gmail.com> wrote: > Hi all, > > From CS 4.1 docs: > > The CloudStack query filter wildcards are: > Query Filter Wildcard Description > %u User name > %e Email address > %n First and last name > > However, I faced a situation when we have two different domains with > identical users. > Let's consider ROOT/user1 has corresponding entry at ldap and > ROOT/MYDOMAIN/user1 does not. > ROOT/user1 is able to authenticate as ROOT/MYDOMAIN/user1 using ldap > password. > > My question is: is there query filter wildcard to match domain name ? > > env used: CS 4.1.0 > -- > Regards, > Valery > > http://protocol.by/slayer >
