11:09 a.m.
----- Original Message -----
From: "Itamar Heim" <iheim(a)redhat.com>
To: "Oved Ourfalli" <ovedo(a)redhat.com>
Cc: users(a)ovirt.org, "Thierry Kauffmann"
<thierry.kauffmann(a)univ-montp2.fr>
Sent: Tuesday, December 4, 2012 1:47:52 AM
Subject: Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
On 12/02/2012 08:10 AM, Oved Ourfalli wrote:
>
>
> ----- Original Message -----
>> From: "Thierry Kauffmann" <thierry.kauffmann(a)univ-montp2.fr>
>> To: "cristi falcas" <cristi.falcas(a)gmail.com>
>> Cc: users(a)ovirt.org
>> Sent: Saturday, December 1, 2012 5:56:14 PM
>> Subject: [Users] OpenLDAP Simple Authentication in Ovirt Engine
>>
>>
>>
>>
>>
>>
>> Hi,
>>
>> I am currently testing Ovirt 3.1 standalone on Fedora 17.
>>
>> Until now, I could only use the default user admin@internal.
>>
>> Our Directory at the University is OpenLDAP. We use it for
>> authentication
>> WITHOUT Kerberos : Simple authentication.
>>
>> I wonder how to use this backend to authenticate users and manage
>> groups
>> in Ovirt.
>>
>> Has anyone already set this up ?
>> How to configure Ovirt to use Simple Authentication (No Kerberos).
>>
>> Cheers,
>>
>> --
>> Thierry Kauffmann
>> Chef du Service Informatique // Facult? des Sciences // Universit?
>> de
>> Montpellier 2
>>
>> [image: SIF - Service Informatique de la Facult? des Sciences]
>> <http://sif.info-ufr.univ-montp2.fr/> [image:
>> UM2 - Universit? de Montpellier 2] <http://www.univ-montp2.fr/>
>> Service
>> informatique de la Facult? des Sciences (SIF)
>> Universit? de Montpellier 2
>> CC437 // Place Eug?ne Bataillon // 34095 Montpellier Cedex 5
>>
>> T?l : 04 67 14 31 58
>> email : thierry.kauffmann(a)univ-montp2.fr web :
>> http://sif.info-ufr.univ-montp2.fr/
>> http://www.fdsweb.univ-montp2.fr/
>> _______________________________________________
>> Users mailing list Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users Hi,
>>
>> This is a response from an older thread from Yair Zaslavsky:
>>
>> " there is no code allowing to add simple-authentication domains
>> to
>> Manage-Domains.
>> In the past we did have the ability to do that, but there are
>> several
>> problematic issues."
>>
>> Best regards, Hi,
>>
>> correct-me if I am wrong but this wiki page (
>> http://www.ovirt.org/DomainInfrastructure ) states clearly :
>>
>>
>>
>>
>>
>> 1. Authenticating Active Directory, IPA and RHDS using either
>> simple or gssapi authentication
>> 2. Querying the directory using the LDAP protocol
>> 3. Auto deducing the LDAP provider type
>> 4. Easily adding new LDAP provider types
>> 5. Easily adding new query types
>>
>> So what ?
>>
> We supported simple authentication in the past, but it is no longer
> supported, that's why you can't set that using the manage domains
> utility.
> It may work well in some providers (in the past we supported that
> for active directory, so I guess it would work there).
I don't think we removed SIMPLE from the engine, we just don't
recommend
using it, since it doesn't encrypt user/password on the network (it
is
sometime useful for debugging).
We indeed didn't remove the engine code. We just blocked it from the utility.
Once you have a configured oVirt domain, you can set the LDAPSecurityAuthentication
configuration parameter (in the vdc_options table), to use simple, by putting a value of:
domain1:SIMPLE,domain2:GSSAPI,domain3:SIMPLE and etc....
but, if you want to add a new domain with it then you would need to add it manually (can
give a detailed explanation on how, if relevant).
By default we work GSSAPI (I think the config option is empty by default which is
equivalent to working GSSAPI).
If/When we would need to support that again it shouldn't be a major effort to add the
code... the testing with the different providers will be the hard part.
Oved
>
> We also don't auto deduce the LDAP provider type anymore, as
> changes in the providers caused some issues with it.
>
> I'll edit the wiki accordingly (btw, I remember removing it from
> the wiki... so it is weird that it is still there...).
>
> Oved
>
>>
>> --
>> signature-TK Thierry Kauffmann
>> Chef du Service Informatique // Faculté des Sciences // Université
>> de
>> Montpellier 2
>>
>>
>> SIF - Service Informatique de la Faculté
>> des Sciences UM2 -
>> Université de Montpellier 2 Service
>> informatique de
>> la Faculté des Sciences (SIF)
>> Université de Montpellier 2
>> CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5
>>
>> Tél : 04 67 14 31 58
>> email : thierry.kauffmann(a)univ-montp2.fr
>> web : http://sif.info-ufr.univ-montp2.fr/
>> http://www.fdsweb.univ-montp2.fr/
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users