On Wed, Jun 1, 2016 at 11:54 AM, Alexis HAUSER <
I'm trying to find what are the different ways / approaches to automated
users/groups creation, based on a LDAP/AD database.
This is my first problematic : when a LDAP/AD provider is joined, and a
user is created in ovirt from this provider, the user heritates a part of
the attributes from this LDAP database. Now if I change one attribute on
the LDAP side (for example "first name"), it isn't updated on the ovirt
Would there be other way to update this information than creating /
deleting the user ?
Those informations should be updated after next login of the user. We did
synchronization in the past, but we decided not to do that any more due to
My second problematic is what should I use to automate creation of users.
It seems possible with :
- shell scripting : using ovirt-aaa-jdbc-tool
This is usable only for users/groups in database
provided by aaa-jdbc extension
- python SDK
- java SDK
- rest API
Which one of these approaches would be the most simple ? I'm more familiar
with shell scripting than other languages. That would be nice to find a way
Concerning ovirt-aaa-jdbc-tool, I've heard it was only adding/deleting
users from the internal DB, not the others. In that case, is there a way in
shell scripting to interact with other profiles than internal ?
You can create as many aaa-jdbc profiles as needed, please take a look at
README.administrator inside aaa-jdbc package
Is there files somewhere containing users and their informations I could
What would happen if a user is in use and it is modified/deleted at the
same time ?
I know it makes a lot of questions, but I can't really get started before
having those answers.
We do not support modifying content of LDAP server, to do that you need to
use tools provided by your LDAP provider.
Users mailing list