Re: [Users] LDAP
On 02/20/2012 12:02 PM, Yair Zaslavsky wrote:
On 02/20/2012 09:39 AM, Oved Ourfalli wrote:
> Hey,
>
> More information on the domain infrastructure we have can be found in:
> http://www.ovirt.org/wiki/DomainInfrastructure
> (I might update it more soon, but it can give you a basic view of how the domain
management in oVirt is working, and what do you need to update in order to support a new
ldap provider).
>
> Oved
I just would like to add that in general, when one wants to add a new
LDAP server support, it should be realized that there are two main
issues to take care of:
a. How authentication to LDAP server is performed (examples we
encountered in the past - Kerberos/GSSAPI and SIMPLE).
The lack of SSL support is glaring. Except for AD, the whole world is
using SSL (TLS actually) for authentication and/or encryption.
b. How to perform the ldap queries (i.e - use proper schema)
Most products allow you to specify the search attribute (samaccountname
in AD for example).
Do we really need a lot more from the scheme?
(The base DN to search from is also a bit missing, but that's not part
of the scheme, but our own configuration)
Y.
This is at least how I see it.
Yair
> ----- Original Message -----
>> From: "Itamar Heim"<iheim(a)redhat.com>
>> To: "Nathan Stratton"<nathan(a)robotics.net>
>> Cc: users(a)ovirt.org
>> Sent: Sunday, February 19, 2012 11:14:24 PM
>> Subject: Re: [Users] LDAP
>>
>> On 02/19/2012 11:11 PM, Nathan Stratton wrote:
>>> On Sun, 19 Feb 2012, Itamar Heim wrote:
>>>
>>>> the current code supports AD, freeIPA/IPA and 389ds/RHDS.
>>>> if apache directory server is similar to any of them, you could
>>>> try
>>>> hacking the code to add support for it.
>>> Ok, will go with 389 for now, its in the family, tho Gluster is in
>>> the
>>> family and you don't support it as a storage file system... : )
>> please remember you need 389ds with kerberos support.
>>
>> gluster is in the works...
>> see:
>> http://www.ovirt.org/wiki/AddingGlusterSupportToOvirt
>>
>>> Just kidding, you guys are great, keep up the good work.
>>>
>>>> <>
>>> Nathan Stratton CTO, BlinkMind, Inc.
>>> nathan at robotics.net nathan at blinkmind.com
>>> http://www.robotics.net http://www.blinkmind.com
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users