[Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
--_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear oVirt-Community, how can I add a new User? If I click "Add" under the "Users"-Tag of the web= interface, I cannot create a new user. If I start a search, only the user = "admin" is displayed. Is it maybe not possible to create users out of oVirt? Even users which I added locally (on the fedora host which runs the ovirt e= ngine) are not displayed. Can you only manage users if oVirt is connected to a Red Hat Directory Serv= er or IBM Tivoli Directory Server? Best regards Dennis --_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 1"> <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.E-MailFormatvorlage17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"DE" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Dear oVirt-Community,<o:p></o:p></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">how can I add a new User? If I = click “Add” under the “Users”-Tag of the web interf= ace, I cannot create a new user. If I start a search, only the user “= admin” is displayed. <o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Is it maybe not possible to cre= ate users out of oVirt?<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Even users which I added locall= y (on the fedora host which runs the ovirt engine) are not displayed.<o:p><= /o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Can you only manage users if oV= irt is connected to a Red Hat Directory Server or IBM Tivoli Directory Serv= er?<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Best regards<o:p></o:p></span><= /p> <p class=3D"MsoNormal"><span lang=3D"EN-US">Dennis <o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> </div> </body> </html> --_000_2452E8A35A372E4F8654136ACEABDBCE262FE64ADB3PRD0311MB403_--
----- Original Message -----
From: "Dennis Böck" <dennis@webdienstleistungen.com> To: "users@oVirt.org" <users@ovirt.org> Sent: Monday, December 3, 2012 8:51:33 AM Subject: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
oVirt indeed doesn't support managing internal users (the only internal user is admin@internal user). It allows you to work with several directory providers (IPA, Active Directory, RHDS, IBM Tivoli DS), and you should manage your users there. Let me know if you have more questions regarding that. Oved
Best regards
Dennis
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------040000080308070805010808 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click "Add" under the "Users"-Tag of the web interface, I cannot create a new user. If I start a search, only the user "admin" is displayed.
Is it maybe not possible to create users out of oVirt?
ovirt user-management relies on external directories - currently supported Red Hat IPA, Active Directory, RHDS and IBM Tivoli. to add a user one must first provision his domain (with LDAP and Kerberos) using ovirt using engine-manage-domains tool. http://www.ovirt.org/Building_oVirt_engine#Deploying_engine-config_.26_engin...
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
Best regards
Dennis
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------040000080308070805010808 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 12/03/2012 08:51 AM, Dennis Böck wrote:<br> </div> <blockquote cite="mid:2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <meta name="Generator" content="Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.E-MailFormatvorlage17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--> <div class="WordSection1"> <p class="MsoNormal">Dear oVirt-Community,<o:p></o:p></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed. <o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">Is it maybe not possible to create users out of oVirt?</span></p> </div> </blockquote> ovirt user-management relies on external directories - currently supported Red Hat IPA, Active Directory, RHDS and IBM Tivoli.<br> to add a user one must first provision his domain (with LDAP and Kerberos) using ovirt using engine-manage-domains tool.<br> <br> <a class="moz-txt-link-freetext" href="http://www.ovirt.org/Building_oVirt_engine#Deploying_engine-config_.26_engine-manage-domains">http://www.ovirt.org/Building_oVirt_engine#Deploying_engine-config_.26_engine-manage-domains</a><br> <br> <blockquote cite="mid:2452E8A35A372E4F8654136ACEABDBCE262FE64A@DB3PRD0311MB403.eurprd03.prod.outlook.com" type="cite"> <div class="WordSection1"> <p class="MsoNormal"><span lang="EN-US"><o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">Best regards<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US">Dennis <o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------040000080308070805010808--
On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication? thanks, Itamar
Dear Itamar, we (German Air Navigation Services) would like to use oVirt for testing our air traffic applications. In our air traffic application system, there is no directory service, since we don't need one. Consequently our test system has no directory service too. We differentiate only between root-users (manage the OS), air traffic application operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple user-management without the need to install/configure/run a directory service infrastructure. Best regards Dennis ________________________________________ Von: Itamar Heim [iheim@redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis Böck Cc: users@oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server? On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication? thanks, Itamar
----- Original Message -----
From: "Dennis Böck" <dennis@webdienstleistungen.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "users@oVirt.org" <users@ovirt.org> Sent: Wednesday, December 5, 2012 10:48:58 AM Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Dear Itamar,
we (German Air Navigation Services) would like to use oVirt for testing our air traffic applications. In our air traffic application system, there is no directory service, since we don't need one. Consequently our test system has no directory service too. We differentiate only between root-users (manage the OS), air traffic application operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple user-management without the need to install/configure/run a directory service infrastructure.
Best regards Dennis
Hi Dennis,
From what you're describing - you have to populate oVirt somehow with 3 groups - root-users, air trafdfic application operational-users and air traffic application technical-users.
Not sure if you have technical developers at your organization, but at past we developed an internal broker [1] which is not Ldap/Directory-Service based. We have future thoughts about supporting not just directory services. But for now - perhaps the quickest thing for you guys (if you have a technical team of developers) is to write your own broker, similar to the internal broker). I actually saw a non ldap broker that was implemented based on the way the internal broker was implemented. But I really think you should reconsider your decision NOT to use ldap directory-service [1] - Internal broker - the piece of code responsible for the admin@interal user Yair
________________________________________ Von: Itamar Heim [iheim@redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis Böck Cc: users@oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication?
thanks, Itamar _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
----- Original Message -----
From: "Dennis Böck" <dennis@webdienstleistungen.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "users@oVirt.org" <users@ovirt.org> Sent: Wednesday, December 5, 2012 10:48:58 AM Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Dear Itamar,
we (German Air Navigation Services) would like to use oVirt for testing our air traffic applications. In our air traffic application system, there is no directory service, since we don't need one. Consequently our test system has no directory service too. We differentiate only between root-users (manage the OS), air traffic application operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple user-management without the need to install/configure/run a directory service infrastructure.
Best regards Dennis Hi Dennis, From what you're describing - you have to populate oVirt somehow with 3 groups - root-users, air trafdfic application operational-users and air traffic application technical-users.
Not sure if you have technical developers at your organization, but at past we developed an internal broker [1] which is not Ldap/Directory-Service based. We have future thoughts about supporting not just directory services. But for now - perhaps the quickest thing for you guys (if you have a technical team of developers) is to write your own broker, similar to the internal broker). I actually saw a non ldap broker that was implemented based on the way the internal broker was implemented. But I really think you should reconsider your decision NOT to use ldap directory-service
[1] - Internal broker - the piece of code responsible for the admin@interal user
Yair
I feel that we do need a plain and simple user management broker (could be file based similar to jboss user/group properties). Dennis concerns about the time/money to invest in an up & running installation with few groups seems just. we can make /etc/ovirt-engine/user-management/users.properties and group.properties users.properties: #key could be considered as the DN user1.name=Dennis user1.id={UUID} user1.groupids={admins group id},{others} user1.pass=plaintext group properties: admins.id={UUID} admins.desc=some description
________________________________________ Von: Itamar Heim [iheim@redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis Böck Cc: users@oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication?
thanks, Itamar _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 12/05/2012 11:50 AM, Roy Golan wrote:
On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
----- Original Message -----
From: "Dennis Böck" <dennis@webdienstleistungen.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "users@oVirt.org" <users@ovirt.org> Sent: Wednesday, December 5, 2012 10:48:58 AM Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Dear Itamar,
we (German Air Navigation Services) would like to use oVirt for testing our air traffic applications. In our air traffic application system, there is no directory service, since we don't need one. Consequently our test system has no directory service too. We differentiate only between root-users (manage the OS), air traffic application operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple user-management without the need to install/configure/run a directory service infrastructure.
Best regards Dennis Hi Dennis, From what you're describing - you have to populate oVirt somehow with 3 groups - root-users, air trafdfic application operational-users and air traffic application technical-users.
Not sure if you have technical developers at your organization, but at past we developed an internal broker [1] which is not Ldap/Directory-Service based. We have future thoughts about supporting not just directory services. But for now - perhaps the quickest thing for you guys (if you have a technical team of developers) is to write your own broker, similar to the internal broker). I actually saw a non ldap broker that was implemented based on the way the internal broker was implemented. But I really think you should reconsider your decision NOT to use ldap directory-service
[1] - Internal broker - the piece of code responsible for the admin@interal user
Yair
I feel that we do need a plain and simple user management broker (could be file based similar to jboss user/group properties). Dennis concerns about the time/money to invest in an up & running installation with few groups seems just.
we can make /etc/ovirt-engine/user-management/users.properties and group.properties
users.properties:
#key could be considered as the DN
user1.name=Dennis user1.id={UUID} user1.groupids={admins group id},{others} user1.pass=plaintext
group properties:
admins.id={UUID} admins.desc=some description
there are enough implementations for these things, we don't need to invent our own.
________________________________________ Von: Itamar Heim [iheim@redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis Böck Cc: users@oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication?
thanks, Itamar _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Supporting non-Kerberos LDAP with simple authentication and no DNS integration would significantly decrease the work required for people like Dennis. Instead of having to set up Kerberos and DNS and an LDAP provider that integrates with both, he could just set up a very simple LDAP server and use a physically secured network or SSL with self-signed keys to protect his authentication traffic. There are already LDAP servers that use simple backends, including an OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a db. If the requirement for Kerberos and DNS directory integration were removed, and simple authentication worked, you would be able to support pretty much anything out there in the linux/unix world. That way oVirt wouldn't have to reinvent any wheels, and people like Dennis would have significantly less costly and time-consuming rebuilding of their networks to do before being able to implement oVirt. --Charlie On Wed, Dec 5, 2012 at 4:52 AM, Itamar Heim <iheim@redhat.com> wrote:
On 12/05/2012 11:50 AM, Roy Golan wrote:
On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
----- Original Message -----
From: "Dennis Böck" <dennis@webdienstleistungen.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "users@oVirt.org" <users@ovirt.org> Sent: Wednesday, December 5, 2012 10:48:58 AM Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Dear Itamar,
we (German Air Navigation Services) would like to use oVirt for testing our air traffic applications. In our air traffic application system, there is no directory service, since we don't need one. Consequently our test system has no directory service too. We differentiate only between root-users (manage the OS), air traffic application operational-users and air traffic application technical-users. For three kinds of users a directory service would mean too much overhead. oVirt is complex enough, therefore it would be advantegous to have a simple user-management without the need to install/configure/run a directory service infrastructure.
Best regards Dennis
Hi Dennis, From what you're describing - you have to populate oVirt somehow with 3 groups - root-users, air trafdfic application operational-users and air traffic application technical-users.
Not sure if you have technical developers at your organization, but at past we developed an internal broker [1] which is not Ldap/Directory-Service based. We have future thoughts about supporting not just directory services. But for now - perhaps the quickest thing for you guys (if you have a technical team of developers) is to write your own broker, similar to the internal broker). I actually saw a non ldap broker that was implemented based on the way the internal broker was implemented. But I really think you should reconsider your decision NOT to use ldap directory-service
[1] - Internal broker - the piece of code responsible for the admin@interal user
Yair
I feel that we do need a plain and simple user management broker (could be file based similar to jboss user/group properties). Dennis concerns about the time/money to invest in an up & running installation with few groups seems just.
we can make /etc/ovirt-engine/user-management/users.properties and group.properties
users.properties:
#key could be considered as the DN
user1.name=Dennis user1.id={UUID} user1.groupids={admins group id},{others} user1.pass=plaintext
group properties:
admins.id={UUID} admins.desc=some description
there are enough implementations for these things, we don't need to invent our own.
________________________________________ Von: Itamar Heim [iheim@redhat.com] Gesendet: Dienstag, 4. Dezember 2012 00:44 An: Dennis Böck Cc: users@oVirt.org Betreff: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
On 12/03/2012 08:51 AM, Dennis Böck wrote:
Dear oVirt-Community,
how can I add a new User? If I click “Add” under the “Users”-Tag of the web interface, I cannot create a new user. If I start a search, only the user “admin” is displayed.
Is it maybe not possible to create users out of oVirt?
Even users which I added locally (on the fedora host which runs the ovirt engine) are not displayed.
Can you only manage users if oVirt is connected to a Red Hat Directory Server or IBM Tivoli Directory Server?
can you please explain the use case where there is no existing directory to handle group membership and authentication?
thanks, Itamar _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 12/06/2012 10:35 PM, Charlie wrote:
Supporting non-Kerberos LDAP with simple authentication and no DNS integration would significantly decrease the work required for people like Dennis. Instead of having to set up Kerberos and DNS and an LDAP provider that integrates with both, he could just set up a very simple LDAP server and use a physically secured network or SSL with self-signed keys to protect his authentication traffic.
There are already LDAP servers that use simple backends, including an OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a db. If the requirement for Kerberos and DNS directory integration were removed, and simple authentication worked, you would be able to support pretty much anything out there in the linux/unix world.
That way oVirt wouldn't have to reinvent any wheels, and people like Dennis would have significantly less costly and time-consuming rebuilding of their networks to do before being able to implement oVirt.
I agree. hopefully we'll get to fix this soon.
participants (6)
-
Charlie -
Dennis Böck -
Itamar Heim -
Oved Ourfalli -
Roy Golan -
Yair Zaslavsky