Re: [D] LDAP settings on a domain is not unique per domain [cloudstack]

Wed, 27 May 2026 06:17:00 -0700 


GitHub user Sparc0 added a comment to the discussion: LDAP settings on a domain 
is not unique per domain

I took a look at it again. 
If i change it anywhere in the UI all domains gets the same 
`ldap.search.group.principle`

Using CMK i can update specific domains 
```
(cs) ?? > update configuration domainid=e262dba0-f859-11f0-808e-566f8ff2008e 
name=ldap.search.group.principle value="test"
{
  "configuration": {
    "category": "Advanced",
    "component": "LdapConfiguration",
    "description": "Sets the principle of the group that users must be a member 
of",
    "displaytext": "Ldap search group principle",
    "group": "Access",
    "isdynamic": true,
    "name": "ldap.search.group.principle",
    "scope": "domain",
    "subgroup": "LDAP",
    "type": "String",
    "value": "test"
  }
}
(cs) ?? > list configurations filter=name,value 
name=ldap.search.group.principle domainid=e262dba0-f859-11f0-808e-566f8ff2008e
{
  "configuration": [
    {
      "name": "ldap.search.group.principle",
      "value": "test"
    }
  ],
  "count": 1
}
(cs) ?? > list configurations filter=name,value 
name=ldap.search.group.principle domainid=82baba59-67ac-467c-97e5-92553395b678
{
  "configuration": [
    {
      "name": "ldap.search.group.principle",
      "value": "CN=infrateam,OU=groups,DC=nocorp,DC=com"
    }
  ],
  "count": 1
}
```
Another problem i am getting with CMK is that i cant seem to be able to send a 
actual DN path.

```
(cs) ? > update configuration domainid=e2ee045c-fd06-42cb-b5e5-753562aba75f 
name=ldap.search.group.principle value="CN=adminteam,OU=groups,DC=nocorp,DC=com"
? Error: (HTTP 431, error code 9999) Received value containing illegal ASCII 
non-printable characters for parameter value
```
I have tried sending the value both with and without `"`
I even tried to URL encode it like this: 
`CN%3Dadminteam%2COU%3Dgroups%2CDC%3Dnocorp%2CDC%3Dcom` that worked to send and 
it showed up in the API but it did not work when trying to login. 

But doing Raw API is working:
```
(cs) ?? > updateConfiguration domainid=e2ee045c-fd06-42cb-b5e5-753562aba75f 
name=ldap.search.group.principle value="CN=adminteam,OU=groups,DC=nocorp,DC=com"

{
  "configuration": {
    "category": "Advanced",
    "component": "LdapConfiguration",
    "description": "Sets the principle of the group that users must be a member 
of",
    "displaytext": "Ldap search group principle",
    "group": "Access",
    "isdynamic": true,
    "name": "ldap.search.group.principle",
    "scope": "domain",
    "subgroup": "LDAP",
    "type": "String",
    "value": "CN=adminteam,OU=groups,DC=nocorp,DC=com"
  }
}

```

GitHub link: 
https://github.com/apache/cloudstack/discussions/13250#discussioncomment-17075976

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]

Reply via email to