Jorge, the linkDomaintoLdap feature is not that fine grained. Youĺl want to look at LinkAccountToLdap for what you seek.
On Wed, Jun 8, 2022 at 10:31 PM Jorge Luiz Correa <jorge.l.cor...@embrapa.br.invalid> wrote: > Hi all! > > In documentation I can see: > > cloudmonkey link domaintoldap > domainid=12345678-90ab-cdef-fedc-ba0987654321\ > accounttype=2\ > > ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\ > type=OU > > So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have > one account with domain admin role (accounttype=2). > > How to do the same configuration for both user and admin roles? For > example: > > To define admins: > cloudmonkey link domaintoldap > domainid=12345678-90ab-cdef-fedc-ba0987654321\ > accounttype=2\ > > ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\ > type=OU > > To define users: > cloudmonkey link domaintoldap > domainid=12345678-90ab-cdef-fedc-ba0987654321\ > accounttype=0\ > > ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\ > type=OU > > When I tried to do that the second command failed with: > > Error: (HTTP 530, error code 9999) Entity already exists > > As I couldn't configure in that way, I tried just one command with > accounttype=0 and passing the parameter admin= > > cloudmonkey link domaintoldap > domainid=12345678-90ab-cdef-fedc-ba0987654321\ > accounttype=0\ > > ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\ > type=OU\ > admin=adminuser > > So, all members of LDAP group can be a normal user and adminuser will be > the domain admin. > > But, if I need to have more than one domain admin, how can I configure? > > I've tried put two admin= parameters but just the first is used. > > Thank you! > > -- > __________________________ > Aviso de confidencialidade > > Esta mensagem da > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica > federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro > de 1972, e enviada exclusivamente a seu destinatario e pode conter > informacoes confidenciais, protegidas por sigilo profissional. Sua > utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. > Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao > emitente, esclarecendo o equivoco. > > Confidentiality note > > This message from > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government > company established under Brazilian law (5.851/72), is directed > exclusively to its addressee and may contain confidential data, > protected under professional secrecy rules. Its unauthorized use is > illegal and may subject the transgressor to the law's penalties. If you > are not the addressee, please send it back, elucidating the failure. > -- Daan