DaanHoogland commented on a change in pull request #67: short description of the evolution of LDAP bindings URL: https://github.com/apache/cloudstack-documentation/pull/67#discussion_r312695328
########## File path: source/adminguide/accounts.rst ########## @@ -279,17 +279,63 @@ or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username. -Starting with CloudStack 4.11, an ldap connection per domain can be -defined. +Starting with CloudStack 4.11, an LDAP connection per domain can be +defined. In this domain autosync per account can be confirgured, +keeping the users in the domain up to date with their group membership +in LDAP. +.. Note:: A caveat with this is that ApacheDS does not yet support the +virtual 'memberOf' attribute needed to check if a user moved to +another account. MicrosoftAD and openldap as well as openDJ do support +this. It is a planned feature for ApacheDS that can be tracked in +https://issues.apache.org/jira/browse/DIRSERVER-1844. Review comment: My reasoning behind doing it this way is that the documentation is less 'outdated' once that external ticket is resolved if it is easily linked to. If an ApacheDS user reads this in half a year they can easily check whether that caveat is still a problem. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
