1:36 p.m.
Hello,
as part of our policy I have to change from LDAP to Active Directory for
authentication in our oVirt system. I have managed to configure a test system that allows
users to login using the CN (sAMAccountName) as before. The users in the system using the
AD namespace are using their UPN for their user name.
Do we have to copy permissions from all the old accounts to their new accounts or is there
a way to rename them to the UPN retaining there old permissions?
Thanks,
Paul S.
2:31 p.m.
On Thu, Jul 5, 2018 at 12:36 PM, <p.staniforth(a)leedsbeckett.ac.uk> wrote:
Hello,
as part of our policy I have to change from LDAP to Active
Directory for authentication in our oVirt system.
Hmm, do I understand that correctly that you were moving oVirt users from
some other LDAP server to AD? Any reason other than political to do that?
I have managed to configure a test system that allows users to login
using
the CN (sAMAccountName) as before. The users in the system using the AD
namespace are using their UPN for their user name.
Do we have to copy permissions from all the old accounts to their new
accounts or is there a way to rename them to the UPN retaining there old
permissions?
I don't think there is any other way than to copy permissions. But you can
automate the process using for example
ovirt_permissions/ovirt_permissions_facts Ansible modules [1] or one of
our SDKs (Python, Java, Ruby).
Martin
[1]
https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.htm...
Thanks,
Paul S.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
message/3W3UAU3G3V53E7GT4CKT2MIH3GAFZ4DU/
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
12:57 p.m.
Thanks Martin,
Not really, my initial attempts were held up because I got
confused with the new usrname format which is now UPN@domain and now equated to
name@domain@domain or name@subdomain.domain(a)domain.
It may be easier for us to add permissions to the templates,VM, and disks or to use the
roles service to find the user/object.
Regards,
Paul S.
________________________________
From: Martin Perina <mperina(a)redhat.com>
Sent: 08 July 2018 12:31
To: Staniforth, Paul
Cc: users; Ondra Machacek
Subject: Re: [ovirt-users] change from LDAP to AD authentication
On Thu, Jul 5, 2018 at 12:36 PM,
<p.staniforth@leedsbeckett.ac.uk<mailto:p.staniforth@leedsbeckett.ac.uk>>
wrote:
Hello,
as part of our policy I have to change from LDAP to Active Directory for
authentication in our oVirt system.
?Hmm, do I understand that correctly that you were moving oVirt users from some other LDAP
server to AD? Any reason other than political to do that?
?
I have managed to configure a test system that allows users to login using the CN
(sAMAccountName) as before. The users in the system using the AD namespace are using their
UPN for their user name.
Do we have to copy permissions from all the old accounts to their new accounts or is there
a way to rename them to the UPN retaining there old permissions?
?I don't think there is any other way than to copy permissions. But you can automate
the process using for example ovirt_permissions/ovirt_permissions?_facts Ansible modules
[1] or one of our SDKs (Python, Java, Ruby).
Martin
[1] https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.htm...
Thanks,
Paul S.
_______________________________________________
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to users-leave@ovirt.org<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3W3UAU3G3V5...
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
To view the terms under which this email is distributed, please go to:-
http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html
2329
days inactive
2333
days old
2 comments
3 participants
participants (3)
-
Martin Perina -
p.staniforth@leedsbeckett.ac.uk -
Staniforth, Paul