12:50 p.m.
On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
----- Original Message -----
> From: "Dennis Böck" <dennis(a)webdienstleistungen.com>
> To: "Itamar Heim" <iheim(a)redhat.com>
> Cc: "users(a)oVirt.org" <users(a)ovirt.org>
> Sent: Wednesday, December 5, 2012 10:48:58 AM
> Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli
Directory Server?
>
> Dear Itamar,
>
> we (German Air Navigation Services) would like to use oVirt for
> testing our air traffic applications.
> In our air traffic application system, there is no directory service,
> since we don't need one. Consequently our test system has no
> directory service too.
> We differentiate only between root-users (manage the OS), air traffic
> application operational-users and air traffic application
> technical-users.
> For three kinds of users a directory service would mean too much
> overhead.
> oVirt is complex enough, therefore it would be advantegous to have a
> simple user-management without the need to install/configure/run a
> directory service infrastructure.
>
> Best regards
> Dennis
Hi Dennis,
From what you're describing - you have to populate oVirt somehow with 3 groups -
root-users, air trafdfic application operational-users and air traffic application
technical-users.
Not sure if you have technical developers at your organization, but at past we developed
an internal broker [1] which is not Ldap/Directory-Service based.
We have future thoughts about supporting not just directory services.
But for now - perhaps the quickest thing for you guys (if you have a technical team of
developers) is to write your own broker, similar to the internal broker).
I actually saw a non ldap broker that was implemented based on the way the internal
broker was implemented.
But I really think you should reconsider your decision NOT to use ldap directory-service
[1] - Internal broker - the piece of code responsible for the admin@interal user
Yair
I feel that we do need a plain and simple user management broker (could
be file based similar to jboss user/group properties). Dennis concerns
about the time/money to invest in an up & running
installation with few groups seems just.
we can make /etc/ovirt-engine/user-management/users.properties and
group.properties
users.properties:
#key could be considered as the DN
user1.name=Dennis
user1.id={UUID}
user1.groupids={admins group id},{others}
user1.pass=plaintext
group properties:
admins.id={UUID}
admins.desc=some description
> ________________________________________
> Von: Itamar Heim [iheim(a)redhat.com]
> Gesendet: Dienstag, 4. Dezember 2012 00:44
> An: Dennis Böck
> Cc: users(a)oVirt.org
> Betreff: Re: [Users] Manage users without Red Hat Directory Server or
> IBM Tivoli Directory Server?
>
> On 12/03/2012 08:51 AM, Dennis Böck wrote:
>> Dear oVirt-Community,
>>
>> how can I add a new User? If I click “Add” under the “Users”-Tag of
>> the
>> web interface, I cannot create a new user. If I start a search,
>> only the
>> user “admin” is displayed.
>>
>> Is it maybe not possible to create users out of oVirt?
>>
>> Even users which I added locally (on the fedora host which runs the
>> ovirt engine) are not displayed.
>>
>> Can you only manage users if oVirt is connected to a Red Hat
>> Directory
>> Server or IBM Tivoli Directory Server?
>>
> can you please explain the use case where there is no existing
> directory
> to handle group membership and authentication?
>
> thanks,
> Itamar
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users