MI-DROZ commented on issue #11472: URL: https://github.com/apache/cloudstack/issues/11472#issuecomment-3220248958
> [@MI-DROZ](https://github.com/MI-DROZ) , _I feel you are kind of proposing a account level autosync, where the migration of LDAP users is not between accounts but between roles. This would make perfect sense to me._ Sort of. In my particular case I have a one to one relationship with accounts and users so I'm more concerned with dealing with the auto mapping when they first log on to a domain. Since roles are applied at the account level based on an AD group membership the function I'm using is the link domaintoldap feature. The link accounttoldap api already accepts "roleid=" so why not do the same on the domain level. _I do wonder though if people would want a mix between the two; sharing accounts but still have LDAP configure both account level and user level autosync._ I guess I could see the benefit of a user level role but I think as things stand right now roles are assigned to accounts and for my 1 to 1 mapping this is fine in my case, just looking for the auto role assignment to happen with the domain level mapping as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
