See inline Thanks, Koushik
> -----Original Message----- > From: Chip Childers [mailto:chip.child...@sungard.com] > Sent: Wednesday, December 19, 2012 10:18 PM > To: cloudstack-dev@incubator.apache.org > Subject: Re: [DISCUSS] Cloudstack to manage User objects in LDAP > > On Wed, Dec 19, 2012 at 11:44 AM, David Nalley <da...@gnsa.us> wrote: > > On Wed, Dec 19, 2012 at 12:59 AM, Manikanta Kattamuri > > <manikanta.kattam...@sungard.com> wrote: > >> Hi, > >> > >> > >> > >> We'd like to be able to have CloudStack manage the user objects from > LDAP. > >> > >> The reason would, be we have a set of other service offerings for the > >> users of cloudstack service. > >> > >> > >> > >> Are there any others facing this type of scenarios and any solutions > >> or on-going development to resolve this. > >> > >> > >> > >> Inputs and thoughts are very much welcome. > > > > > > Define 'manage'? > > > > Create, update, delete OU's and users via LDAP calls. I don't think CS should allow user management for external systems. Currently CS supports creating accounts and each account has 1 or more users. These users should be considered as one of the ways of authenticating to CS and on successful authentication the associated account is used to perform all operations. CS should only deal with accounts. Now authentication method can be the native user/password that CS supports or by other means like any LDAP or Google/Facebook IDs. There should be some mechanism to map external users to CS accounts. This can be done by some CS component but I personally feel this should also be outside of CS. Comments? > > > Do I understand this to mean you want to offer service offerings based > > on user account in LDAP (or attributes of that account, like OU?) > > > > --David > >
