In addition, please refer to the wiki below. Feel free to add https://cwiki.apache.org/CLOUDSTACK/accounts-domains-and-admin-explained.ht ml
Thanks, -Nitin On 09/06/13 10:03 PM, "Abhinandan Prateek" <cloudst...@aprateek.com> wrote: >Ian, > > In cloudstack a "Domain" is a unit of isolation that represents a >customer org, business unit or a reseller. >A domain can have arbitrary level of sub-domains. > >A domain can have one or more accounts. A account is the basic unit of >isolation. Multiple users can exists in an account. >Users are like aliases for the account. Users in the same account are not >isolated from the other users. To access the account you should have at >least one user that is why you create a user when you create a account. > >The resource limits can be set at account or at domain levels by the >admin. > >I don't think we can get account resource limits directly from LDAP, but >we can have the admin set these up later. We need to figure out the most >efficient way to map ldap users to domains/accounts/users. > > >-abhi > >On 09/06/13 5:30 PM, "Ian Duffy" <i...@ianduffy.ie> wrote: > >>Hi, >> >>I was just wondering about the difference between an "account" and a >>"user", the naming of and layout to me seems unclear. >> >>When you navigate to Accounts and click "Add Account" it creates an >>account with the given information and a user. >> >>When you open up the Account you have just created you are able to add >>multiple users to it, each with a different username, firstname, >>lastname, email, firstname and timezone. They have the same domain I >>am unsure about network domain as it is left unshown. >> >>Am I correct in thinking: >>1) An account is more like a group. >>2) An account/group can not exist without one user (Why does this >>limitation exist? Surely we should be able to provision groups without >>having users to assign to them just yet) >>3) An account/group outlines limits for its user >>4) A user must be part of an account >> >>For the sake of LDAP intergration how should this be done? LDAP >>wouldn't really contain the neccessary information to populate an >>"account/group" i.e. limits. >> >>Thanks! > >
