GitHub user MI-DROZ added a comment to the discussion: Get Rid of Account "Types"? and just use "Roles"?
I should update this based on the fact that the promotion of accounts from a User to a Domain Admin appears to now work in version 4.20.1.0. So this negates the first point. The link domaintoldap function still has a bit of a flaw however as follows: Applying method 2 (autoimport) from the documentation: https://docs.cloudstack.apache.org/en/latest/adminguide/accounts.html#using-an-ldap-server-for-user-authentication In this scenario it seems that the accounts are auto assigned the default "User" role during first log on creation. The process of linking a domain to LDAP doesn't present the option to apply a custom role, only 0-User and 2-Domain Admin as a "type". This creates a situation where the accounts would need to be periodically monitored for new accounts (since they aren't created until first logon) and manually altered to change their role to one of the customs/dynamic roles we would like to use. One solution would be to change the Rules on the default User role but cloudstack doesn't allow altering of the default roles. It would seem more functional to have the link domaintoldap api allow the specification of "roleid". I might even say in place of "type" but perhaps "type" is there for backward compatibility. GitHub link: https://github.com/apache/cloudstack/discussions/10380#discussioncomment-14169437 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
