Ian,
In cloudstack a "Domain" is a unit of isolation that represents a
customer org, business unit or a reseller.
A domain can have arbitrary level of sub-domains.
A domain can have one or more accounts. A account is the basic unit of
isolation. Multiple users can exists in an account.
Users are like aliases for the account. Users in the same account are not
isolated from the other users. To access the account you should have at
least one user that is why you create a user when you create a account.
The resource limits can be set at account or at domain levels by the admin.
I don't think we can get account resource limits directly from LDAP, but
we can have the admin set these up later. We need to figure out the most
efficient way to map ldap users to domains/accounts/users.
-abhi
On 09/06/13 5:30 PM, "Ian Duffy" <i...@ianduffy.ie> wrote:
>Hi,
>
>I was just wondering about the difference between an "account" and a
>"user", the naming of and layout to me seems unclear.
>
>When you navigate to Accounts and click "Add Account" it creates an
>account with the given information and a user.
>
>When you open up the Account you have just created you are able to add
>multiple users to it, each with a different username, firstname,
>lastname, email, firstname and timezone. They have the same domain I
>am unsure about network domain as it is left unshown.
>
>Am I correct in thinking:
>1) An account is more like a group.
>2) An account/group can not exist without one user (Why does this
>limitation exist? Surely we should be able to provision groups without
>having users to assign to them just yet)
>3) An account/group outlines limits for its user
>4) A user must be part of an account
>
>For the sake of LDAP intergration how should this be done? LDAP
>wouldn't really contain the neccessary information to populate an
>"account/group" i.e. limits.
>
>Thanks!
