This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 37
/
accounting_groups.dita
47 lines (43 loc) · 2.48 KB
/
accounting_groups.dita
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?xml version="1.0" encoding="UTF-8"?>
<!--This work by Eucalyptus Systems is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See the accompanying LICENSE file for more information.-->
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN" "reference.dtd">
<reference outputclass="docs one-sidebar sidebar-first" id="accounting_groups">
<title>accounting-groups</title>
<shortdesc></shortdesc>
<refbody>
<section><p>This section uses a special group in LDAP/AD to designate accounts in the Eucalyptus “accounting group.” The accounting group takes normal LDAP/AD groups as members, i.e., they are groups of groups. The accounting group’s name becomes the account name in Eucalyptus. The member groups become Eucalyptus groups in that account. And the users of all those groups become Eucalyptus users within that account and corresponding Eucalyptus groups.</p>
<note type="important">If you use <codeph>accounting-groups</codeph>, remove the <codeph>groups-partition</codeph> section. These two sections are mutually exclusive.</note>
</section>
<table>
<tgroup cols="2">
<thead><row>
<entry>Element</entry>
<entry>Description</entry></row>
</thead>
<tbody>
<row>
<entry>base-dn</entry>
<entry>The base DN of accounting groups in the LDAP/AD tree.</entry>
</row>
<row>
<entry>id-attribute</entry>
<entry>The ID attribute name of the accounting group entry in LDAP/AD tree.</entry>
</row>
<row>
<entry>member-attribute</entry>
<entry>The LDAP/AD attribute name for members of the accounting group.</entry>
</row>
<row>
<entry>selection</entry>
<entry>The accounting groups you want to map to. This contains the following elements:
<ul>
<li><varname>filter</varname>: The LDAP/AD searching filter used for the LDAP/AD search to get the relevant LDAP/AD entities, e.g. the users to be synchronized. (Example: objectClass=groupOfNames)</li>
<li><varname>select</varname>: Explicitly gives the full DN of entities to be synchronized, in case they can not be specified by the search filter. (Example: cn=groupToSelect,ou=Groups,dc=foo,dc=com)</li>
<li><varname>not-select:</varname> Explicitly gives the full DN of entities NOT to be
synchronized, in case this can not be specified by the search filter. (Example: cn=groupToIgnore,ou=Groups,dc=foo,dc=com)</li>
</ul>
</entry>
</row></tbody></tgroup>
</table>
</refbody>
</reference>