GitHub user MI-DROZ added a comment to the discussion: Cloudstack doesn't validate the account type and Role during ldapCreateAccount
> [@MI-DROZ](https://github.com/MI-DROZ) , _I feel you are kind of proposing a account level autosync, where the migration of LDAP users is not between accounts but between roles. This would make perfect sense to me._ Sort of. In my particular case I have a one to one relationship with accounts and users so I'm more concerned with dealing with the auto mapping when they first log on to a domain. Since roles are applied at the account level based on an AD group membership the function I'm using is the link domaintoldap feature. The link accounttoldap api already accepts "roleid=" so why not do the same on the domain level. _I do wonder though if people would want a mix between the two; sharing accounts but still have LDAP configure both account level and user level autosync._ I guess I could see the benefit of a user level role but I think as things stand right now roles are assigned to accounts and for my 1 to 1 mapping this is fine in my case, just looking for the auto role assignment to happen with the domain level mapping as well. GitHub link: https://github.com/apache/cloudstack/discussions/12369#discussioncomment-15416472 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
