Github user koushik-das commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/755#discussion_r38512709
--- Diff:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
---
@@ -243,4 +263,22 @@ public boolean isLdapEnabled() {
closeContext(context);
}
}
+
+ @Override
+ public LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String
type, String name, short accountType) {
+ Validate.notNull(type, "type cannot be null. It should either be
GROUP or OU");
+ Validate.notNull(domainId, "domainId cannot be null.");
+ Validate.notEmpty(name, "GROUP or OU name cannot be empty");
--- End diff --
This results in creation of more than one CS account (one under every
domain) for a single AD account. I don't think this is desirable as it may lead
to confusion. If there is a need to support this kind of a scenario then it
should be properly documented and called out in the FS.
Personally I feel AD group/ou should be mapped to a single domain.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
