<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 1, 2016 at 11:54 AM, Alexis HAUSER <span dir="ltr"><<a href="mailto:alexis.hauser@telecom-bretagne.eu" target="_blank">alexis.hauser@telecom-bretagne.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
<br>
I'm trying to find what are the different ways / approaches to automated users/groups creation, based on a LDAP/AD database.<br>
<br>
This is my first problematic : when a LDAP/AD provider is joined, and a user is created in ovirt from this provider, the user heritates a part of the attributes from this LDAP database. Now if I change one attribute on the LDAP side (for example "first name"), it isn't updated on the ovirt user.<br>
Would there be other way to update this information than creating / deleting the user ?<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Those informations should be updated after next login of the user. We did synchronization in the past, but we decided not to do that any more due to performance/sync issues.<br></div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
My second problematic is what should I use to automate creation of users.<br>
<br>
It seems possible with :<br>
- shell scripting : using ovirt-aaa-jdbc-tool<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">This is usable only for users/groups in database</div> <div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">provided by aaa-jdbc extension<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- python SDK<br>
- java SDK<br>
- rest API<br>
<br>
Which one of these approaches would be the most simple ? I'm more familiar with shell scripting than other languages. That would be nice to find a way with it.<br>
<br>
Concerning ovirt-aaa-jdbc-tool, I've heard it was only adding/deleting users from the internal DB, not the others. In that case, is there a way in shell scripting to interact with other profiles than internal ?<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">You can create as many aaa-jdbc profiles as needed, please take a look at README.administrator inside aaa-jdbc package<br></div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Is there files somewhere containing users and their informations I could modify ?<br>
<br>
What would happen if a user is in use and it is modified/deleted at the same time ?<br>
<br>
I know it makes a lot of questions, but I can't really get started before having those answers.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">We do not support modifying content of LDAP server, to do that you need to use tools provided by your LDAP provider.<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Martin Perina<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"></div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>