This might help if your interested in how Ops/Users view these concepts: https://cwiki.apache.org/confluence/display/CLOUDSTACK/2012/09/13/A-CS+Post+Install+Architecture
Sent from my HTC ----- Reply message ----- From: "Mathias Mullins" <mathias.mull...@citrix.com> To: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org> Subject: [GSoC] Accounts vs User Date: Sun, Jun 9, 2013 8:46 PM Ian, I'm going to add one more example that may clears it up for a lot of people I work with. Accounts are the organization / company / group , etc... Users are the people in that organization / company / group 1. With active Directory it is usually more logical to map the OU to the Cloudstack domain and Account. Depends on how deep the OU is. If you Are talking about /Org/mmullins -then Org is best mapped to a account as my mmullins user is going to live in the Org Account. If you are a multi-layered like many organizations, /Company/Org/Dept/mmullins - Then there's two possibilities. Private Cloud - Company is the Cloud is Org = Domain, Dept = Account, mmullins = user Public Cloud - Company is the customer so it maps differently. Company = Domain, Org = Sub-Domain, Dept = Account, mmullins = user You have to anticipate both possible usage patterns. 2. Yes that sounds very worth-wild in my opinion. There are several real-world use cases that I could implement that against. Keep it up! Matt On 6/9/13 3:54 PM, "Ian Duffy" <i...@ianduffy.ie> wrote: >Thanks for the replies! > >> We need to figure out the most >> efficient way to map ldap users to >> domains/accounts/users. > >So would it be logical to: > >1) Create a mapping between organizational units and cloudstack domains? > >2) Create accounts that are independent to cloudstack but require that >a user(or users) are imported from the domain/OU in which the account >exists?
