[Users] Adding LDAP server directly with its FQDN.
Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=<domain-name>. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM
On 06/29/2012 11:14 PM, snmishra@linux.vnet.ibm.com wrote:
Hi,
Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=<domain-name>. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server.
Regards Sharad Mishra IBM
Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this "Guid encoding" code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
On 06/29/2012 11:14 PM, snmishra@linux.vnet.ibm.com wrote:
Hi,
Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=<domain-name>. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server.
Regards Sharad Mishra IBM
Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this "Guid encoding" code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain?
Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2.... Note that it only supports one LDAP server per domain. Oved
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Oved Ourfalli" <ovedo@redhat.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Sharad Mishra" <snmishra@linux.vnet.ibm.com> Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:50:53 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
On 06/29/2012 11:14 PM, snmishra@linux.vnet.ibm.com wrote:
Hi,
Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=<domain-name>. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server.
Regards Sharad Mishra IBM
Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this "Guid encoding" code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain?
Hey,
We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2....
Would that mean that we can skip all the DNS SRV records?
Note that it only supports one LDAP server per domain.
Oved
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Andrew Cathrow" <acathrow@redhat.com> To: "Oved Ourfalli" <ovedo@redhat.com> Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:46:32 PM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
----- Original Message -----
From: "Oved Ourfalli" <ovedo@redhat.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Sharad Mishra" <snmishra@linux.vnet.ibm.com> Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:50:53 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN.
On 06/29/2012 11:14 PM, snmishra@linux.vnet.ibm.com wrote:
Hi,
Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=<domain-name>. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server.
Regards Sharad Mishra IBM
Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this "Guid encoding" code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain?
Hey,
We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2....
Would that mean that we can skip all the DNS SRV records?
Not the kerberos ones, only the LDAP ones. And, it also currently supports only one LDAP server per domain (this entry was originally used in order to specify that the LDAP server is localhost. Instead of just writing an entry specifying whether the LDAP server is local or not, we did a more general configuration). It is no longer in use for that purpose, but the config entry is still there.
Note that it only supports one LDAP server per domain.
Oved
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Andrew Cathrow -
Oved Ourfalli -
snmishraï¼ linux.vnet.ibm.com -
Yair Zaslavsky