Automated users/groups creation and updating them

Hi, I'm trying to find what are the different ways / approaches to automated users/groups creation, based on a LDAP/AD database. This is my first problematic : when a LDAP/AD provider is joined, and a user is created in ovirt from this provider, the user heritates a part of the attributes from this LDAP database. Now if I change one attribute on the LDAP side (for example "first name"), it isn't updated on the ovirt user. Would there be other way to update this information than creating / deleting the user ? My second problematic is what should I use to automate creation of users. It seems possible with : - shell scripting : using ovirt-aaa-jdbc-tool - python SDK - java SDK - rest API Which one of these approaches would be the most simple ? I'm more familiar with shell scripting than other languages. That would be nice to find a way with it. Concerning ovirt-aaa-jdbc-tool, I've heard it was only adding/deleting users from the internal DB, not the others. In that case, is there a way in shell scripting to interact with other profiles than internal ? Is there files somewhere containing users and their informations I could modify ? What would happen if a user is in use and it is modified/deleted at the same time ? I know it makes a lot of questions, but I can't really get started before having those answers.

On Wed, Jun 1, 2016 at 11:54 AM, Alexis HAUSER < alexis.hauser@telecom-bretagne.eu> wrote:
Hi,
I'm trying to find what are the different ways / approaches to automated users/groups creation, based on a LDAP/AD database.
This is my first problematic : when a LDAP/AD provider is joined, and a user is created in ovirt from this provider, the user heritates a part of the attributes from this LDAP database. Now if I change one attribute on the LDAP side (for example "first name"), it isn't updated on the ovirt user. Would there be other way to update this information than creating / deleting the user ?
Those informations should be updated after next login of the user. We did synchronization in the past, but we decided not to do that any more due to performance/sync issues.
My second problematic is what should I use to automate creation of users.
It seems possible with : - shell scripting : using ovirt-aaa-jdbc-tool
This is usable only for users/groups in database provided by aaa-jdbc extension
- python SDK - java SDK - rest API
Which one of these approaches would be the most simple ? I'm more familiar with shell scripting than other languages. That would be nice to find a way with it.
Concerning ovirt-aaa-jdbc-tool, I've heard it was only adding/deleting users from the internal DB, not the others. In that case, is there a way in shell scripting to interact with other profiles than internal ?
You can create as many aaa-jdbc profiles as needed, please take a look at README.administrator inside aaa-jdbc package
Is there files somewhere containing users and their informations I could modify ?
What would happen if a user is in use and it is modified/deleted at the same time ?
I know it makes a lot of questions, but I can't really get started before having those answers.
We do not support modifying content of LDAP server, to do that you need to use tools provided by your LDAP provider. Martin Perina
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Alexis HAUSER
-
Martin Perina