GitHub user kiranchavala created a discussion: Cloudstack doesn't validate the account type and Role during ldapCreateAccount
### problem CloudStack doesn't validate the account type and Role during ldapCreateAccount ### versions Acs 4.20.1 ### The steps to reproduce the bug Steps to reproduce the issue 1. Add a ldap configuration <img width="629" height="443" alt="Image" src="https://github.com/user-attachments/assets/dafe0887-5a3b-4f5f-8e7d-f120c9487caa"; /> 2. Create domain <img width="1106" height="580" alt="Image" src="https://github.com/user-attachments/assets/03fb4f6f-d424-4b59-a1ba-5ffd9d799834"; /> 3. Link the domain to LDAP , set the account type to 2 which is domainAdmin <img width="1156" height="659" alt="Image" src="https://github.com/user-attachments/assets/20629116-ce80-48dd-91e8-d005b7dfdd3d"; /> or execute the api https://cloudstack.apache.org/api/apidocs-4.20/apis/linkDomainToLdap.html (localcloud) 🐱 > link domaintoldap domainid=394cbde8-efe2-4ef2-bac0-fa5958fa4134 type=GROUP accounttype=2 ldapdomain=cn=dev-team,ou=Telco-Bng,dc=example,dc=in admin=admin { "LinkDomainToLdap": { "accounttype": 2, "domainid": "394cbde8-efe2-4ef2-bac0-fa5958fa4134", "ldapdomain": "cn=qa-team,dc=example,dc=in", "name": "cn=qa-team,dc=example,dc=in", "type": "GROUP" } } 4. Check the database table ``` mysql> select * from ldap_trust_map; +----+-----------+-------+-------------------------------------------+--------------+------------+ | id | domain_id | type | name | account_type | account_id | +----+-----------+-------+-------------------------------------------+--------------+------------+ | 22 | 25 | GROUP | cn=dev-team,ou=Telco-Bng,dc=example,dc=in | 2 | 0 | ``` 5. Create Ldap account https://cloudstack.apache.org/api/apidocs-4.20/apis/ldapCreateAccount.html select the roletype to user 6. Account is created with user role type <img width="1639" height="605" alt="Image" src="https://github.com/user-attachments/assets/f8023cd3-0fc5-428a-a81a-c227f313a512"; /> ### What to do about it? CloudStack should validate the role and account type GitHub link: https://github.com/apache/cloudstack/discussions/12369 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
