From dennis at webdienstleistungen.com Mon Dec 3 02:01:53 2012 Content-Type: multipart/mixed; boundary="===============1296520054213497485==" MIME-Version: 1.0 From: =?utf-8?q?Dennis_B=C3=B6ck_=3Cdennis_at_webdienstleistungen=2Ecom=3E?= To: users at ovirt.org Subject: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Mon, 03 Dec 2012 06:51:33 +0000 Message-ID: <2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com> --===============1296520054213497485== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable --_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_ Content-Type: text/plain; charset=3D"iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear oVirt-Community, how can I add a new User? If I click "Add" under the "Users"-Tag of the web= =3D interface, I cannot create a new user. If I start a search, only the user = =3D "admin" is displayed. Is it maybe not possible to create users out of oVirt? Even users which I added locally (on the fedora host which runs the ovirt e= =3D ngine) are not displayed. Can you only manage users if oVirt is connected to a Red Hat Directory Serv= =3D er or IBM Tivoli Directory Server? Best regards Dennis --_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_ Content-Type: text/html; charset=3D"iso-8859-1" Content-Transfer-Encoding: quoted-printable

Dear oVirt-Community,

how can I add a new User? I= f I =3D click “Add” under the “Users”-Tag of the web interf= =3D ace, I cannot create a new user. If I start a search, only the user “= =3D admin” is displayed.

Is it maybe not possible to= cre=3D ate users out of oVirt?

Even users which I added lo= call=3D y (on the fedora host which runs the ovirt engine) are not displayed.<= =3D /o:p>

Can you only manage users i= f oV=3D irt is connected to a Red Hat Directory Server or IBM Tivoli Directory Serv= =3D er?

Best regards<=3D /p>

Dennis

--_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_-- --===============1296520054213497485== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" LS1fMDAwXzI0NTJFOEEzNUEzNzJFNEY4NjU0MTM2QUNFQUJEQkNFMjYyRkU2NEFEQjNQUkQwMzEx TUI0MDNfCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0iaXNvLTg4NTktMSIKQ29u dGVudC1UcmFuc2Zlci1FbmNvZGluZzogcXVvdGVkLXByaW50YWJsZQoKRGVhciBvVmlydC1Db21t dW5pdHksCgpob3cgY2FuIEkgYWRkIGEgbmV3IFVzZXI/IElmIEkgY2xpY2sgIkFkZCIgdW5kZXIg dGhlICJVc2VycyItVGFnIG9mIHRoZSB3ZWI9CiBpbnRlcmZhY2UsIEkgY2Fubm90IGNyZWF0ZSBh IG5ldyB1c2VyLiBJZiBJIHN0YXJ0IGEgc2VhcmNoLCBvbmx5IHRoZSB1c2VyID0KImFkbWluIiBp cyBkaXNwbGF5ZWQuCklzIGl0IG1heWJlIG5vdCBwb3NzaWJsZSB0byBjcmVhdGUgdXNlcnMgb3V0 IG9mIG9WaXJ0PwpFdmVuIHVzZXJzIHdoaWNoIEkgYWRkZWQgbG9jYWxseSAob24gdGhlIGZlZG9y YSBob3N0IHdoaWNoIHJ1bnMgdGhlIG92aXJ0IGU9Cm5naW5lKSBhcmUgbm90IGRpc3BsYXllZC4K Q2FuIHlvdSBvbmx5IG1hbmFnZSB1c2VycyBpZiBvVmlydCBpcyBjb25uZWN0ZWQgdG8gYSBSZWQg SGF0IERpcmVjdG9yeSBTZXJ2PQplciBvciBJQk0gVGl2b2xpIERpcmVjdG9yeSBTZXJ2ZXI/CgpC ZXN0IHJlZ2FyZHMKRGVubmlzCgoKLS1fMDAwXzI0NTJFOEEzNUEzNzJFNEY4NjU0MTM2QUNFQUJE QkNFMjYyRkU2NEFEQjNQUkQwMzExTUI0MDNfCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFy c2V0PSJpc28tODg1OS0xIgpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBxdW90ZWQtcHJpbnRh YmxlCgo8aHRtbCB4bWxuczp2PTNEInVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206dm1sIiB4bWxu czpvPTNEInVybjpzY2hlbWFzLW1pY3I9Cm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4bWxuczp3 PTNEInVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOndvcmQiID0KeG1sbnM6bT0zRCJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPTNE Imh0dHA6PQovL3d3dy53My5vcmcvVFIvUkVDLWh0bWw0MCI+CjxoZWFkPgo8bWV0YSBodHRwLWVx dWl2PTNEIkNvbnRlbnQtVHlwZSIgY29udGVudD0zRCJ0ZXh0L2h0bWw7IGNoYXJzZXQ9M0Rpc28t ODg1OS09CjEiPgo8bWV0YSBuYW1lPTNEIkdlbmVyYXRvciIgY29udGVudD0zRCJNaWNyb3NvZnQg V29yZCAxNCAoZmlsdGVyZWQgbWVkaXVtKSI+CjxzdHlsZT48IS0tCi8qIEZvbnQgRGVmaW5pdGlv bnMgKi8KQGZvbnQtZmFjZQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7CglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9Ci8qIFN0eWxlIERlZmluaXRpb25zICovCnAuTXNvTm9ybWFsLCBsaS5N c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwKCXttYXJnaW46MGNtOwoJbWFyZ2luLWJvdHRvbTouMDAw MXB0OwoJZm9udC1zaXplOjExLjBwdDsKCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJp ZiI7Cgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9CmE6bGluaywgc3Bhbi5Nc29IeXBlcmxp bmsKCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7Cgljb2xvcjpibHVlOwoJdGV4dC1kZWNvcmF0aW9u OnVuZGVybGluZTt9CmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZAoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsKCWNvbG9yOnB1cnBsZTsKCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp bmU7fQpzcGFuLkUtTWFpbEZvcm1hdHZvcmxhZ2UxNwoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs LWNvbXBvc2U7Cglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOwoJY29sb3I6d2lu ZG93dGV4dDt9Ci5Nc29DaHBEZWZhdWx0Cgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7Cglm b250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOwoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6 RU4tVVM7fQpAcGFnZSBXb3JkU2VjdGlvbjEKCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsKCW1hcmdp bjo3MC44NXB0IDcwLjg1cHQgMi4wY20gNzAuODVwdDt9CmRpdi5Xb3JkU2VjdGlvbjEKCXtwYWdl OldvcmRTZWN0aW9uMTt9Ci0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+CjxvOnNo YXBlZGVmYXVsdHMgdjpleHQ9M0QiZWRpdCIgc3BpZG1heD0zRCIxMDI2IiAvPgo8L3htbD48IVtl bmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4KPG86c2hhcGVsYXlvdXQgdjpleHQ9M0Qi ZWRpdCI+CjxvOmlkbWFwIHY6ZXh0PTNEImVkaXQiIGRhdGE9M0QiMSIgLz4KPC9vOnNoYXBlbGF5 b3V0PjwveG1sPjwhW2VuZGlmXS0tPgo8L2hlYWQ+Cjxib2R5IGxhbmc9M0QiREUiIGxpbms9M0Qi Ymx1ZSIgdmxpbms9M0QicHVycGxlIj4KPGRpdiBjbGFzcz0zRCJXb3JkU2VjdGlvbjEiPgo8cCBj bGFzcz0zRCJNc29Ob3JtYWwiPkRlYXIgb1ZpcnQtQ29tbXVuaXR5LDxvOnA+PC9vOnA+PC9wPgo8 cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0QiRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVT Ij5ob3cgY2FuIEkgYWRkIGEgbmV3IFVzZXI/IElmIEkgPQpjbGljayAmIzgyMjA7QWRkJiM4MjIx OyB1bmRlciB0aGUgJiM4MjIwO1VzZXJzJiM4MjIxOy1UYWcgb2YgdGhlIHdlYiBpbnRlcmY9CmFj ZSwgSSBjYW5ub3QgY3JlYXRlIGEgbmV3IHVzZXIuIElmIEkgc3RhcnQgYSBzZWFyY2gsIG9ubHkg dGhlIHVzZXIgJiM4MjIwOz0KYWRtaW4mIzgyMjE7IGlzIGRpc3BsYXllZC4KPG86cD48L286cD48 L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0QiRU4tVVMiPklz IGl0IG1heWJlIG5vdCBwb3NzaWJsZSB0byBjcmU9CmF0ZSB1c2VycyBvdXQgb2Ygb1ZpcnQ/PG86 cD48L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0Qi RU4tVVMiPkV2ZW4gdXNlcnMgd2hpY2ggSSBhZGRlZCBsb2NhbGw9CnkgKG9uIHRoZSBmZWRvcmEg aG9zdCB3aGljaCBydW5zIHRoZSBvdmlydCBlbmdpbmUpIGFyZSBub3QgZGlzcGxheWVkLjxvOnA+ PD0KL286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0Qi RU4tVVMiPkNhbiB5b3Ugb25seSBtYW5hZ2UgdXNlcnMgaWYgb1Y9CmlydCBpcyBjb25uZWN0ZWQg dG8gYSBSZWQgSGF0IERpcmVjdG9yeSBTZXJ2ZXIgb3IgSUJNIFRpdm9saSBEaXJlY3RvcnkgU2Vy dj0KZXI/PG86cD48L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9M0QiRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4KPHAgY2xhc3M9M0Qi TXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIj5CZXN0IHJlZ2FyZHM8bzpwPjwvbzpwPjwv c3Bhbj48PQovcD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIj5E ZW5uaXMgPG86cD48L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9M0QiRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4KPC9kaXY+CjwvYm9k eT4KPC9odG1sPgoKLS1fMDAwXzI0NTJFOEEzNUEzNzJFNEY4NjU0MTM2QUNFQUJEQkNFMjYyRkU2 NEFEQjNQUkQwMzExTUI0MDNfLS0K --===============1296520054213497485==-- From ovedo at redhat.com Mon Dec 3 02:10:10 2012 Content-Type: multipart/mixed; boundary="===============1712321137656093604==" MIME-Version: 1.0 From: Oved Ourfalli To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Mon, 03 Dec 2012 02:10:08 -0500 Message-ID: <1572402059.52851553.1354518608380.JavaMail.root@redhat.com> In-Reply-To: 2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com --===============1712321137656093604== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable ----- Original Message ----- > From: "Dennis B=C3=B6ck" > To: "users(a)oVirt.org" > Sent: Monday, December 3, 2012 8:51:33 AM > Subject: [Users] Manage users without Red Hat Directory Server or IBM Tiv= oli Directory Server? > = > = > = > = > = > Dear oVirt-Community, > = > = > = > how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the =E2= =80=9CUsers=E2=80=9D-Tag of > the web interface, I cannot create a new user. If I start a search, > only the user =E2=80=9Cadmin=E2=80=9D is displayed. > = > Is it maybe not possible to create users out of oVirt? > = > Even users which I added locally (on the fedora host which runs the > ovirt engine) are not displayed. > = > Can you only manage users if oVirt is connected to a Red Hat > Directory Server or IBM Tivoli Directory Server? > = oVirt indeed doesn't support managing internal users (the only internal use= r is admin(a)internal user). It allows you to work with several directory providers (IPA, Active Directo= ry, RHDS, IBM Tivoli DS), and you should manage your users there. Let me know if you have more questions regarding that. Oved > = > = > Best regards > = > Dennis > = > = > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >=20 --===============1712321137656093604==-- From rgolan at redhat.com Mon Dec 3 02:27:20 2012 Content-Type: multipart/mixed; boundary="===============7958466675811172332==" MIME-Version: 1.0 From: Roy Golan To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Mon, 03 Dec 2012 09:27:20 +0200 Message-ID: <50BC5458.3050005@redhat.com> In-Reply-To: 2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com --===============7958466675811172332== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable This is a multi-part message in MIME format. --------------040000080308070805010808 Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed Content-Transfer-Encoding: 8bit On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: > > Dear oVirt-Community, > > how can I add a new User? If I click "Add" under the "Users"-Tag of = > the web interface, I cannot create a new user. If I start a search, = > only the user "admin" is displayed. > > Is it maybe not possible to create users out of oVirt? > ovirt user-management relies on external directories - currently = supported Red Hat IPA, Active Directory, RHDS and IBM Tivoli. to add a user one must first provision his domain (with LDAP and = Kerberos) using ovirt using engine-manage-domains tool. http://www.ovirt.org/Building_oVirt_engine#Deploying_engine-config_.26_engi= ne-manage-domains > Even users which I added locally (on the fedora host which runs the = > ovirt engine) are not displayed. > > Can you only manage users if oVirt is connected to a Red Hat Directory = > Server or IBM Tivoli Directory Server? > > Best regards > > Dennis > > > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users --------------040000080308070805010808 Content-Type: text/html; charset=3DISO-8859-1 Content-Transfer-Encoding: 7bit

On 12/03/2012 08:51 AM, Dennis Böck wrote:

Dear oVirt-Community,

how can I add a new User? If I click “Add” under the “Users”= ;-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.

Is it maybe not possible to create users out of oVirt?

ovirt user-management relies on external directories - currently supported Red Hat IPA, Active Directory, RHDS and IBM Tivoli.
to add a user one must first provision his domain (with LDAP and Kerberos) using ovirt using engine-manage-domains tool.

http://www.ov= irt.org/Building_oVirt_engine#Deploying_engine-config_.26_engine-manage-dom= ains

Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.

Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?

Best regards=

Dennis
_______________________________________________
Users mailing list
Use=
rs(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

--------------040000080308070805010808-- --===============7958466675811172332== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KLS0tLS0tLS0tLS0t LS0wNDAwMDAwODAzMDgwNzA4MDUwMTA4MDgKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy c2V0PUlTTy04ODU5LTE7IGZvcm1hdD1mbG93ZWQKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzog OGJpdAoKT24gMTIvMDMvMjAxMiAwODo1MSBBTSwgRGVubmlzIEL2Y2sgd3JvdGU6Cj4KPiBEZWFy IG9WaXJ0LUNvbW11bml0eSwKPgo+IGhvdyBjYW4gSSBhZGQgYSBuZXcgVXNlcj8gSWYgSSBjbGlj ayAiQWRkIiB1bmRlciB0aGUgIlVzZXJzIi1UYWcgb2YgCj4gdGhlIHdlYiBpbnRlcmZhY2UsIEkg Y2Fubm90IGNyZWF0ZSBhIG5ldyB1c2VyLiBJZiBJIHN0YXJ0IGEgc2VhcmNoLCAKPiBvbmx5IHRo ZSB1c2VyICJhZG1pbiIgaXMgZGlzcGxheWVkLgo+Cj4gSXMgaXQgbWF5YmUgbm90IHBvc3NpYmxl IHRvIGNyZWF0ZSB1c2VycyBvdXQgb2Ygb1ZpcnQ/Cj4Kb3ZpcnQgdXNlci1tYW5hZ2VtZW50IHJl bGllcyBvbiBleHRlcm5hbCBkaXJlY3RvcmllcyAtIGN1cnJlbnRseSAKc3VwcG9ydGVkIFJlZCBI YXQgSVBBLCBBY3RpdmUgRGlyZWN0b3J5LCBSSERTIGFuZCBJQk0gVGl2b2xpLgp0byBhZGQgYSB1 c2VyIG9uZSBtdXN0IGZpcnN0IHByb3Zpc2lvbiBoaXMgZG9tYWluICh3aXRoIExEQVAgYW5kIApL ZXJiZXJvcykgIHVzaW5nIG92aXJ0IHVzaW5nIGVuZ2luZS1tYW5hZ2UtZG9tYWlucyB0b29sLgoK aHR0cDovL3d3dy5vdmlydC5vcmcvQnVpbGRpbmdfb1ZpcnRfZW5naW5lI0RlcGxveWluZ19lbmdp bmUtY29uZmlnXy4yNl9lbmdpbmUtbWFuYWdlLWRvbWFpbnMKCj4gRXZlbiB1c2VycyB3aGljaCBJ IGFkZGVkIGxvY2FsbHkgKG9uIHRoZSBmZWRvcmEgaG9zdCB3aGljaCBydW5zIHRoZSAKPiBvdmly dCBlbmdpbmUpIGFyZSBub3QgZGlzcGxheWVkLgo+Cj4gQ2FuIHlvdSBvbmx5IG1hbmFnZSB1c2Vy cyBpZiBvVmlydCBpcyBjb25uZWN0ZWQgdG8gYSBSZWQgSGF0IERpcmVjdG9yeSAKPiBTZXJ2ZXIg b3IgSUJNIFRpdm9saSBEaXJlY3RvcnkgU2VydmVyPwo+Cj4gQmVzdCByZWdhcmRzCj4KPiBEZW5u aXMKPgo+Cj4KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xwo+IFVzZXJzIG1haWxpbmcgbGlzdAo+IFVzZXJzQG92aXJ0Lm9yZwo+IGh0dHA6Ly9saXN0cy5v dmlydC5vcmcvbWFpbG1hbi9saXN0aW5mby91c2VycwoKCi0tLS0tLS0tLS0tLS0tMDQwMDAwMDgw MzA4MDcwODA1MDEwODA4CkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PUlTTy04ODU5 LTEKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKPGh0bWw+CiAgPGhlYWQ+CiAgICA8 bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTktMSIKICAgICAgaHR0cC1l cXVpdj0iQ29udGVudC1UeXBlIj4KICA8L2hlYWQ+CiAgPGJvZHkgYmdjb2xvcj0iI0ZGRkZGRiIg dGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2IGNsYXNzPSJtb3otY2l0ZS1wcmVmaXgiPk9uIDEyLzAz LzIwMTIgMDg6NTEgQU0sIERlbm5pcyBCJm91bWw7Y2sKICAgICAgd3JvdGU6PGJyPgogICAgPC9k aXY+CiAgICA8YmxvY2txdW90ZQpjaXRlPSJtaWQ6MjQ1MkU4QTM1QTM3MkU0Rjg2NTQxMzZBQ0VB QkRCQ0UyNjJGRTY0QUBEQjNQUkQwMzExTUI0MDMuZXVycHJkMDMucHJvZC5vdXRsb29rLmNvbSIK ICAgICAgdHlwZT0iY2l0ZSI+CiAgICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOwogICAgICAgIGNoYXJzZXQ9SVNPLTg4NTktMSI+CiAgICAgIDxt ZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVk CiAgICAgICAgbWVkaXVtKSI+CiAgICAgIDxzdHlsZT48IS0tCi8qIEZvbnQgRGVmaW5pdGlvbnMg Ki8KQGZvbnQtZmFjZQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7CglwYW5vc2UtMToyIDE1IDUgMiAy IDIgNCAzIDIgNDt9Ci8qIFN0eWxlIERlZmluaXRpb25zICovCnAuTXNvTm9ybWFsLCBsaS5Nc29O b3JtYWwsIGRpdi5Nc29Ob3JtYWwKCXttYXJnaW46MGNtOwoJbWFyZ2luLWJvdHRvbTouMDAwMXB0 OwoJZm9udC1zaXplOjExLjBwdDsKCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7 Cgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9CmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsK CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7Cgljb2xvcjpibHVlOwoJdGV4dC1kZWNvcmF0aW9uOnVu ZGVybGluZTt9CmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZAoJe21zby1zdHls ZS1wcmlvcml0eTo5OTsKCWNvbG9yOnB1cnBsZTsKCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7 fQpzcGFuLkUtTWFpbEZvcm1hdHZvcmxhZ2UxNwoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNv bXBvc2U7Cglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOwoJY29sb3I6d2luZG93 dGV4dDt9Ci5Nc29DaHBEZWZhdWx0Cgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7Cglmb250 LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOwoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4t VVM7fQpAcGFnZSBXb3JkU2VjdGlvbjEKCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsKCW1hcmdpbjo3 MC44NXB0IDcwLjg1cHQgMi4wY20gNzAuODVwdDt9CmRpdi5Xb3JkU2VjdGlvbjEKCXtwYWdlOldv cmRTZWN0aW9uMTt9Ci0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+CjxvOnNoYXBl ZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+CjwveG1sPjwhW2VuZGlmXS0t PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPgo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+Cjxv OmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPgo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFb ZW5kaWZdLS0+CiAgICAgIDxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+CiAgICAgICAgPHAgY2xh c3M9Ik1zb05vcm1hbCI+RGVhciBvVmlydC1Db21tdW5pdHksPG86cD48L286cD48L3A+CiAgICAg ICAgPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4KICAgICAgICA8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyI+aG93IGNhbiBJIGFkZCBhIG5ldwogICAgICAgICAgICBVc2VyPyBJZiBJIGNsaWNrICYj ODIyMDtBZGQmIzgyMjE7IHVuZGVyIHRoZSAmIzgyMjA7VXNlcnMmIzgyMjE7LVRhZyBvZiB0aGUg d2ViCiAgICAgICAgICAgIGludGVyZmFjZSwgSSBjYW5ub3QgY3JlYXRlIGEgbmV3IHVzZXIuIElm IEkgc3RhcnQgYSBzZWFyY2gsCiAgICAgICAgICAgIG9ubHkgdGhlIHVzZXIgJiM4MjIwO2FkbWlu JiM4MjIxOyBpcyBkaXNwbGF5ZWQuCiAgICAgICAgICAgIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4K ICAgICAgICA8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SXMgaXQgbWF5 YmUgbm90IHBvc3NpYmxlCiAgICAgICAgICAgIHRvIGNyZWF0ZSB1c2VycyBvdXQgb2Ygb1ZpcnQ/ PC9zcGFuPjwvcD4KICAgICAgPC9kaXY+CiAgICA8L2Jsb2NrcXVvdGU+CiAgICBvdmlydCB1c2Vy LW1hbmFnZW1lbnQgcmVsaWVzIG9uIGV4dGVybmFsIGRpcmVjdG9yaWVzIC0gY3VycmVudGx5CiAg ICBzdXBwb3J0ZWQgUmVkIEhhdCBJUEEsIEFjdGl2ZSBEaXJlY3RvcnksIFJIRFMgYW5kIElCTSBU aXZvbGkuPGJyPgogICAgdG8gYWRkIGEgdXNlciBvbmUgbXVzdCBmaXJzdCBwcm92aXNpb24gaGlz IGRvbWFpbiAod2l0aCBMREFQIGFuZAogICAgS2VyYmVyb3MpJm5ic3A7IHVzaW5nIG92aXJ0IHVz aW5nIGVuZ2luZS1tYW5hZ2UtZG9tYWlucyB0b29sLjxicj4KICAgIDxicj4KPGEgY2xhc3M9Im1v ei10eHQtbGluay1mcmVldGV4dCIgaHJlZj0iaHR0cDovL3d3dy5vdmlydC5vcmcvQnVpbGRpbmdf b1ZpcnRfZW5naW5lI0RlcGxveWluZ19lbmdpbmUtY29uZmlnXy4yNl9lbmdpbmUtbWFuYWdlLWRv bWFpbnMiPmh0dHA6Ly93d3cub3ZpcnQub3JnL0J1aWxkaW5nX29WaXJ0X2VuZ2luZSNEZXBsb3lp bmdfZW5naW5lLWNvbmZpZ18uMjZfZW5naW5lLW1hbmFnZS1kb21haW5zPC9hPjxicj4KICAgIDxi cj4KICAgIDxibG9ja3F1b3RlCmNpdGU9Im1pZDoyNDUyRThBMzVBMzcyRTRGODY1NDEzNkFDRUFC REJDRTI2MkZFNjRBQERCM1BSRDAzMTFNQjQwMy5ldXJwcmQwMy5wcm9kLm91dGxvb2suY29tIgog ICAgICB0eXBlPSJjaXRlIj4KICAgICAgPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4KICAgICAg ICA8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3Nw YW4+PC9wPgogICAgICAgIDxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5F dmVuIHVzZXJzIHdoaWNoIEkgYWRkZWQKICAgICAgICAgICAgbG9jYWxseSAob24gdGhlIGZlZG9y YSBob3N0IHdoaWNoIHJ1bnMgdGhlIG92aXJ0IGVuZ2luZSkgYXJlCiAgICAgICAgICAgIG5vdCBk aXNwbGF5ZWQuPG86cD48L286cD48L3NwYW4+PC9wPgogICAgICAgIDxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5DYW4geW91IG9ubHkgbWFuYWdlCiAgICAgICAgICAgIHVz ZXJzIGlmIG9WaXJ0IGlzIGNvbm5lY3RlZCB0byBhIFJlZCBIYXQgRGlyZWN0b3J5IFNlcnZlciBv cgogICAgICAgICAgICBJQk0gVGl2b2xpIERpcmVjdG9yeSBTZXJ2ZXI/PG86cD48L286cD48L3Nw YW4+PC9wPgogICAgICAgIDxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+CiAgICAgICAgPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPkJlc3QgcmVnYXJkczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4KICAg ICAgICA8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+RGVubmlzIDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4KICAgICAgICA8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPgogICAgICA8L2Rpdj4KICAgICAg PGJyPgogICAgICA8ZmllbGRzZXQgY2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxk c2V0PgogICAgICA8YnI+CiAgICAgIDxwcmUgd3JhcD0iIj5fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwpVc2VycyBtYWlsaW5nIGxpc3QKPGEgY2xhc3M9Im1v ei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRvOlVzZXJzQG92aXJ0Lm9yZyI+VXNl cnNAb3ZpcnQub3JnPC9hPgo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVmPSJo dHRwOi8vbGlzdHMub3ZpcnQub3JnL21haWxtYW4vbGlzdGluZm8vdXNlcnMiPmh0dHA6Ly9saXN0 cy5vdmlydC5vcmcvbWFpbG1hbi9saXN0aW5mby91c2VyczwvYT4KPC9wcmU+CiAgICA8L2Jsb2Nr cXVvdGU+CiAgICA8YnI+CiAgPC9ib2R5Pgo8L2h0bWw+CgotLS0tLS0tLS0tLS0tLTA0MDAwMDA4 MDMwODA3MDgwNTAxMDgwOC0tCg== --===============7958466675811172332==-- From iheim at redhat.com Mon Dec 3 18:44:32 2012 Content-Type: multipart/mixed; boundary="===============7787798509235873124==" MIME-Version: 1.0 From: Itamar Heim To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Tue, 04 Dec 2012 01:44:32 +0200 Message-ID: <50BD3960.1000908@redhat.com> In-Reply-To: 2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com --===============7787798509235873124== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: > Dear oVirt-Community, > > how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the =E2= =80=9CUsers=E2=80=9D-Tag of the > web interface, I cannot create a new user. If I start a search, only the > user =E2=80=9Cadmin=E2=80=9D is displayed. > > Is it maybe not possible to create users out of oVirt? > > Even users which I added locally (on the fedora host which runs the > ovirt engine) are not displayed. > > Can you only manage users if oVirt is connected to a Red Hat Directory > Server or IBM Tivoli Directory Server? > can you please explain the use case where there is no existing directory = to handle group membership and authentication? thanks, Itamar --===============7787798509235873124==-- From dennis at webdienstleistungen.com Wed Dec 5 03:49:08 2012 Content-Type: multipart/mixed; boundary="===============6736982453525447593==" MIME-Version: 1.0 From: =?utf-8?q?Dennis_B=C3=B6ck_=3Cdennis_at_webdienstleistungen=2Ecom=3E?= To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Wed, 05 Dec 2012 08:48:58 +0000 Message-ID: <2452E8A35A372E4F8654136ACEABDBCE262FF0F2@DB3PRD0311MB403.eurprd03.prod.outlook.com> In-Reply-To: 50BD3960.1000908@redhat.com --===============6736982453525447593== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Dear Itamar, we (German Air Navigation Services) would like to use oVirt for testing our= air traffic applications. In our air traffic application system, there is no directory service, since= we don't need one. Consequently our test system has no directory service t= oo. We differentiate only between root-users (manage the OS), air traffic appli= cation operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple= user-management without the need to install/configure/run a directory serv= ice infrastructure. Best regards Dennis ________________________________________ Von: Itamar Heim [iheim(a)redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis B=C3=B6ck Cc: users(a)oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM T= ivoli Directory Server? On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: > Dear oVirt-Community, > > how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the =E2= =80=9CUsers=E2=80=9D-Tag of the > web interface, I cannot create a new user. If I start a search, only the > user =E2=80=9Cadmin=E2=80=9D is displayed. > > Is it maybe not possible to create users out of oVirt? > > Even users which I added locally (on the fedora host which runs the > ovirt engine) are not displayed. > > Can you only manage users if oVirt is connected to a Red Hat Directory > Server or IBM Tivoli Directory Server? > can you please explain the use case where there is no existing directory to handle group membership and authentication? thanks, Itamar --===============6736982453525447593==-- From yzaslavs at redhat.com Wed Dec 5 04:01:57 2012 Content-Type: multipart/mixed; boundary="===============2986429381401359839==" MIME-Version: 1.0 From: Yair Zaslavsky To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Wed, 05 Dec 2012 04:01:56 -0500 Message-ID: <1204765703.43150299.1354698116034.JavaMail.root@redhat.com> In-Reply-To: 2452E8A35A372E4F8654136ACEABDBCE262FF0F2@DB3PRD0311MB403.eurprd03.prod.outlook.com --===============2986429381401359839== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable ----- Original Message ----- > From: "Dennis B=C3=B6ck" > To: "Itamar Heim" > Cc: "users(a)oVirt.org" > Sent: Wednesday, December 5, 2012 10:48:58 AM > Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM= Tivoli Directory Server? > = > Dear Itamar, > = > we (German Air Navigation Services) would like to use oVirt for > testing our air traffic applications. > In our air traffic application system, there is no directory service, > since we don't need one. Consequently our test system has no > directory service too. > We differentiate only between root-users (manage the OS), air traffic > application operational-users and air traffic application > technical-users. > For three kinds of users a directory service would mean too much > overhead. > oVirt is complex enough, therefore it would be advantegous to have a > simple user-management without the need to install/configure/run a > directory service infrastructure. > = > Best regards > Dennis Hi Dennis, >From what you're describing - you have to populate oVirt somehow with 3 gr= oups - root-users, air trafdfic application operational-users and air traffic appl= ication technical-users. Not sure if you have technical developers at your organization, but at past= we developed an internal broker [1] which is not Ldap/Directory-Service ba= sed. We have future thoughts about supporting not just directory services. But for now - perhaps the quickest thing for you guys (if you have a techni= cal team of developers) is to write your own broker, similar to the interna= l broker). I actually saw a non ldap broker that was implemented based on the way the = internal broker was implemented. But I really think you should reconsider your decision NOT to use ldap dire= ctory-service [1] - Internal broker - the piece of code responsible for the admin(a)inter= al user Yair > ________________________________________ > Von: Itamar Heim [iheim(a)redhat.com] > Gesendet: Dienstag, 4. Dezember 2012 00:44 > An: Dennis B=C3=B6ck > Cc: users(a)oVirt.org > Betreff: Re: [Users] Manage users without Red Hat Directory Server or > IBM Tivoli Directory Server? > = > On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: > > Dear oVirt-Community, > > > > how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the = =E2=80=9CUsers=E2=80=9D-Tag of > > the > > web interface, I cannot create a new user. If I start a search, > > only the > > user =E2=80=9Cadmin=E2=80=9D is displayed. > > > > Is it maybe not possible to create users out of oVirt? > > > > Even users which I added locally (on the fedora host which runs the > > ovirt engine) are not displayed. > > > > Can you only manage users if oVirt is connected to a Red Hat > > Directory > > Server or IBM Tivoli Directory Server? > > > = > can you please explain the use case where there is no existing > directory > to handle group membership and authentication? > = > thanks, > Itamar > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >=20 --===============2986429381401359839==-- From rgolan at redhat.com Wed Dec 5 04:50:40 2012 Content-Type: multipart/mixed; boundary="===============1446938347711768972==" MIME-Version: 1.0 From: Roy Golan To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Wed, 05 Dec 2012 11:50:37 +0200 Message-ID: <50BF18ED.7070208@redhat.com> In-Reply-To: 1204765703.43150299.1354698116034.JavaMail.root@redhat.com --===============1446938347711768972== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 12/05/2012 11:01 AM, Yair Zaslavsky wrote: > > ----- Original Message ----- >> From: "Dennis B=C3=B6ck" >> To: "Itamar Heim" >> Cc: "users(a)oVirt.org" >> Sent: Wednesday, December 5, 2012 10:48:58 AM >> Subject: Re: [Users] Manage users without Red Hat Directory Server or IB= M Tivoli Directory Server? >> >> Dear Itamar, >> >> we (German Air Navigation Services) would like to use oVirt for >> testing our air traffic applications. >> In our air traffic application system, there is no directory service, >> since we don't need one. Consequently our test system has no >> directory service too. >> We differentiate only between root-users (manage the OS), air traffic >> application operational-users and air traffic application >> technical-users. >> For three kinds of users a directory service would mean too much >> overhead. >> oVirt is complex enough, therefore it would be advantegous to have a >> simple user-management without the need to install/configure/run a >> directory service infrastructure. >> >> Best regards >> Dennis > Hi Dennis, > From what you're describing - you have to populate oVirt somehow with 3 = groups - > root-users, air trafdfic application operational-users and air traffic ap= plication technical-users. > > Not sure if you have technical developers at your organization, but at pa= st we developed an internal broker [1] which is not Ldap/Directory-Service = based. > We have future thoughts about supporting not just directory services. > But for now - perhaps the quickest thing for you guys (if you have a tech= nical team of developers) is to write your own broker, similar to the inter= nal broker). > I actually saw a non ldap broker that was implemented based on the way th= e internal broker was implemented. > But I really think you should reconsider your decision NOT to use ldap di= rectory-service > > > [1] - Internal broker - the piece of code responsible for the admin(a)int= eral user > > > Yair I feel that we do need a plain and simple user management broker (could = be file based similar to jboss user/group properties). Dennis concerns = about the time/money to invest in an up & running installation with few groups seems just. we can make /etc/ovirt-engine/user-management/users.properties and = group.properties users.properties: #key could be considered as the DN user1.name=3DDennis user1.id=3D{UUID} user1.groupids=3D{admins group id},{others} user1.pass=3Dplaintext group properties: admins.id=3D{UUID} admins.desc=3Dsome description >> ________________________________________ >> Von: Itamar Heim [iheim(a)redhat.com] >> Gesendet: Dienstag, 4. Dezember 2012 00:44 >> An: Dennis B=C3=B6ck >> Cc: users(a)oVirt.org >> Betreff: Re: [Users] Manage users without Red Hat Directory Server or >> IBM Tivoli Directory Server? >> >> On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: >>> Dear oVirt-Community, >>> >>> how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the = =E2=80=9CUsers=E2=80=9D-Tag of >>> the >>> web interface, I cannot create a new user. If I start a search, >>> only the >>> user =E2=80=9Cadmin=E2=80=9D is displayed. >>> >>> Is it maybe not possible to create users out of oVirt? >>> >>> Even users which I added locally (on the fedora host which runs the >>> ovirt engine) are not displayed. >>> >>> Can you only manage users if oVirt is connected to a Red Hat >>> Directory >>> Server or IBM Tivoli Directory Server? >>> >> can you please explain the use case where there is no existing >> directory >> to handle group membership and authentication? >> >> thanks, >> Itamar >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users --===============1446938347711768972==-- From iheim at redhat.com Wed Dec 5 04:52:51 2012 Content-Type: multipart/mixed; boundary="===============1223701266316603871==" MIME-Version: 1.0 From: Itamar Heim To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Wed, 05 Dec 2012 11:52:53 +0200 Message-ID: <50BF1975.20208@redhat.com> In-Reply-To: 50BF18ED.7070208@redhat.com --===============1223701266316603871== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 12/05/2012 11:50 AM, Roy Golan wrote: > On 12/05/2012 11:01 AM, Yair Zaslavsky wrote: >> >> ----- Original Message ----- >>> From: "Dennis B=C3=B6ck" >>> To: "Itamar Heim" >>> Cc: "users(a)oVirt.org" >>> Sent: Wednesday, December 5, 2012 10:48:58 AM >>> Subject: Re: [Users] Manage users without Red Hat Directory Server or >>> IBM Tivoli Directory Server? >>> >>> Dear Itamar, >>> >>> we (German Air Navigation Services) would like to use oVirt for >>> testing our air traffic applications. >>> In our air traffic application system, there is no directory service, >>> since we don't need one. Consequently our test system has no >>> directory service too. >>> We differentiate only between root-users (manage the OS), air traffic >>> application operational-users and air traffic application >>> technical-users. >>> For three kinds of users a directory service would mean too much >>> overhead. >>> oVirt is complex enough, therefore it would be advantegous to have a >>> simple user-management without the need to install/configure/run a >>> directory service infrastructure. >>> >>> Best regards >>> Dennis >> Hi Dennis, >> From what you're describing - you have to populate oVirt somehow with >> 3 groups - >> root-users, air trafdfic application operational-users and air traffic >> application technical-users. >> >> Not sure if you have technical developers at your organization, but at >> past we developed an internal broker [1] which is not >> Ldap/Directory-Service based. >> We have future thoughts about supporting not just directory services. >> But for now - perhaps the quickest thing for you guys (if you have a >> technical team of developers) is to write your own broker, similar to >> the internal broker). >> I actually saw a non ldap broker that was implemented based on the way >> the internal broker was implemented. >> But I really think you should reconsider your decision NOT to use ldap >> directory-service >> >> >> [1] - Internal broker - the piece of code responsible for the >> admin(a)interal user >> >> >> Yair > I feel that we do need a plain and simple user management broker (could > be file based similar to jboss user/group properties). Dennis concerns > about the time/money to invest in an up & running > installation with few groups seems just. > > we can make /etc/ovirt-engine/user-management/users.properties and > group.properties > > users.properties: > > #key could be considered as the DN > > user1.name=3DDennis > user1.id=3D{UUID} > user1.groupids=3D{admins group id},{others} > user1.pass=3Dplaintext > > group properties: > > admins.id=3D{UUID} > admins.desc=3Dsome description there are enough implementations for these things, we don't need to = invent our own. > > >>> ________________________________________ >>> Von: Itamar Heim [iheim(a)redhat.com] >>> Gesendet: Dienstag, 4. Dezember 2012 00:44 >>> An: Dennis B=C3=B6ck >>> Cc: users(a)oVirt.org >>> Betreff: Re: [Users] Manage users without Red Hat Directory Server or >>> IBM Tivoli Directory Server? >>> >>> On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: >>>> Dear oVirt-Community, >>>> >>>> how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the = =E2=80=9CUsers=E2=80=9D-Tag of >>>> the >>>> web interface, I cannot create a new user. If I start a search, >>>> only the >>>> user =E2=80=9Cadmin=E2=80=9D is displayed. >>>> >>>> Is it maybe not possible to create users out of oVirt? >>>> >>>> Even users which I added locally (on the fedora host which runs the >>>> ovirt engine) are not displayed. >>>> >>>> Can you only manage users if oVirt is connected to a Red Hat >>>> Directory >>>> Server or IBM Tivoli Directory Server? >>>> >>> can you please explain the use case where there is no existing >>> directory >>> to handle group membership and authentication? >>> >>> thanks, >>> Itamar >>> _______________________________________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users --===============1223701266316603871==-- From medievalist at gmail.com Thu Dec 6 15:35:15 2012 Content-Type: multipart/mixed; boundary="===============3120228540256294202==" MIME-Version: 1.0 From: Charlie To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Thu, 06 Dec 2012 15:35:14 -0500 Message-ID: In-Reply-To: 50BF1975.20208@redhat.com --===============3120228540256294202== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Supporting non-Kerberos LDAP with simple authentication and no DNS integration would significantly decrease the work required for people like Dennis. Instead of having to set up Kerberos and DNS and an LDAP provider that integrates with both, he could just set up a very simple LDAP server and use a physically secured network or SSL with self-signed keys to protect his authentication traffic. There are already LDAP servers that use simple backends, including an OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a db. If the requirement for Kerberos and DNS directory integration were removed, and simple authentication worked, you would be able to support pretty much anything out there in the linux/unix world. That way oVirt wouldn't have to reinvent any wheels, and people like Dennis would have significantly less costly and time-consuming rebuilding of their networks to do before being able to implement oVirt. --Charlie On Wed, Dec 5, 2012 at 4:52 AM, Itamar Heim wrote: > On 12/05/2012 11:50 AM, Roy Golan wrote: >> >> On 12/05/2012 11:01 AM, Yair Zaslavsky wrote: >>> >>> >>> ----- Original Message ----- >>>> >>>> From: "Dennis B=C3=B6ck" >>>> To: "Itamar Heim" >>>> Cc: "users(a)oVirt.org" >>>> Sent: Wednesday, December 5, 2012 10:48:58 AM >>>> Subject: Re: [Users] Manage users without Red Hat Directory Server or >>>> IBM Tivoli Directory Server? >>>> >>>> Dear Itamar, >>>> >>>> we (German Air Navigation Services) would like to use oVirt for >>>> testing our air traffic applications. >>>> In our air traffic application system, there is no directory service, >>>> since we don't need one. Consequently our test system has no >>>> directory service too. >>>> We differentiate only between root-users (manage the OS), air traffic >>>> application operational-users and air traffic application >>>> technical-users. >>>> For three kinds of users a directory service would mean too much >>>> overhead. >>>> oVirt is complex enough, therefore it would be advantegous to have a >>>> simple user-management without the need to install/configure/run a >>>> directory service infrastructure. >>>> >>>> Best regards >>>> Dennis >>> >>> Hi Dennis, >>> From what you're describing - you have to populate oVirt somehow with >>> 3 groups - >>> root-users, air trafdfic application operational-users and air traffic >>> application technical-users. >>> >>> Not sure if you have technical developers at your organization, but at >>> past we developed an internal broker [1] which is not >>> Ldap/Directory-Service based. >>> We have future thoughts about supporting not just directory services. >>> But for now - perhaps the quickest thing for you guys (if you have a >>> technical team of developers) is to write your own broker, similar to >>> the internal broker). >>> I actually saw a non ldap broker that was implemented based on the way >>> the internal broker was implemented. >>> But I really think you should reconsider your decision NOT to use ldap >>> directory-service >>> >>> >>> [1] - Internal broker - the piece of code responsible for the >>> admin(a)interal user >>> >>> >>> Yair >> >> I feel that we do need a plain and simple user management broker (could >> be file based similar to jboss user/group properties). Dennis concerns >> about the time/money to invest in an up & running >> installation with few groups seems just. >> >> we can make /etc/ovirt-engine/user-management/users.properties and >> group.properties >> >> users.properties: >> >> #key could be considered as the DN >> >> user1.name=3DDennis >> user1.id=3D{UUID} >> user1.groupids=3D{admins group id},{others} >> user1.pass=3Dplaintext >> >> group properties: >> >> admins.id=3D{UUID} >> admins.desc=3Dsome description > > > there are enough implementations for these things, we don't need to invent > our own. > > >> >> >>>> ________________________________________ >>>> Von: Itamar Heim [iheim(a)redhat.com] >>>> Gesendet: Dienstag, 4. Dezember 2012 00:44 >>>> An: Dennis B=C3=B6ck >>>> Cc: users(a)oVirt.org >>>> Betreff: Re: [Users] Manage users without Red Hat Directory Server or >>>> IBM Tivoli Directory Server? >>>> >>>> On 12/03/2012 08:51 AM, Dennis B=C3=B6ck wrote: >>>>> >>>>> Dear oVirt-Community, >>>>> >>>>> how can I add a new User? If I click =E2=80=9CAdd=E2=80=9D under the = =E2=80=9CUsers=E2=80=9D-Tag of >>>>> the >>>>> web interface, I cannot create a new user. If I start a search, >>>>> only the >>>>> user =E2=80=9Cadmin=E2=80=9D is displayed. >>>>> >>>>> Is it maybe not possible to create users out of oVirt? >>>>> >>>>> Even users which I added locally (on the fedora host which runs the >>>>> ovirt engine) are not displayed. >>>>> >>>>> Can you only manage users if oVirt is connected to a Red Hat >>>>> Directory >>>>> Server or IBM Tivoli Directory Server? >>>>> >>>> can you please explain the use case where there is no existing >>>> directory >>>> to handle group membership and authentication? >>>> >>>> thanks, >>>> Itamar >>>> _______________________________________________ >>>> Users mailing list >>>> Users(a)ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>> _______________________________________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users --===============3120228540256294202==-- From iheim at redhat.com Fri Dec 7 09:56:02 2012 Content-Type: multipart/mixed; boundary="===============0295724213948601095==" MIME-Version: 1.0 From: Itamar Heim To: users at ovirt.org Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? Date: Fri, 07 Dec 2012 16:56:04 +0200 Message-ID: <50C20384.7040409@redhat.com> In-Reply-To: CAJb3uA5qXMM+_hVWORw32obK7nyz6o57nqrnPdhSPsWQOb8xSw@mail.gmail.com --===============0295724213948601095== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 12/06/2012 10:35 PM, Charlie wrote: > Supporting non-Kerberos LDAP with simple authentication and no DNS > integration would significantly decrease the work required for people > like Dennis. Instead of having to set up Kerberos and DNS and an LDAP > provider that integrates with both, he could just set up a very simple > LDAP server and use a physically secured network or SSL with > self-signed keys to protect his authentication traffic. > > There are already LDAP servers that use simple backends, including an > OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a > db. If the requirement for Kerberos and DNS directory integration > were removed, and simple authentication worked, you would be able to > support pretty much anything out there in the linux/unix world. > > That way oVirt wouldn't have to reinvent any wheels, and people like > Dennis would have significantly less costly and time-consuming > rebuilding of their networks to do before being able to implement > oVirt. I agree. hopefully we'll get to fix this soon. --===============0295724213948601095==--