Following is the LDAP and PAM interfaces:

My suggestion is to keep the same UI layout used by PAM authentication.
The difference will be:

- Remove the groups columns on LDAP
- And display the users list empty in a first moment
- The filter will be used only for search LDAP users
- Aside the text input we should add a new button "Search"
- Once the "Search" button is selected we update the users list below with the returned data
- Then user can select how many users he want to assign to the VM and the same way we did for PAM.

On 11/05/2014 08:21 AM, wrote:
From: Royce Lv <>

Users added will be validated when press save permission button,
invalid user will be labled as notice icon.
update vm request with invalid user will be rejected.
only user tag is supported for ldap.
This is tested agaist ldap integration v2.

 Due to capabilities query of authentication type is not added.
 This patch simply hided PAM permission tag part.
 Will address this issue after backend changed.

Royce Lv (2):
  UI: support ldap vm permission tag
  Change guest edit permission logic

 ui/css/theme-default/guest-edit.css |  79 ++++++++++++++-----
 ui/js/src/kimchi.api.js             |  13 +++-
 ui/js/src/kimchi.guest_edit_main.js | 146 ++++++++++++++++++++++++++++++------
 ui/pages/guest-edit.html.tmpl       |  28 ++++++-
 4 files changed, 218 insertions(+), 48 deletions(-)