[Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?

Itamar Heim iheim at redhat.com
Wed Dec 5 04:52:53 EST 2012


On 12/05/2012 11:50 AM, Roy Golan wrote:
> On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
>>
>> ----- Original Message -----
>>> From: "Dennis Böck" <dennis at webdienstleistungen.com>
>>> To: "Itamar Heim" <iheim at redhat.com>
>>> Cc: "users at oVirt.org" <users at ovirt.org>
>>> Sent: Wednesday, December 5, 2012 10:48:58 AM
>>> Subject: Re: [Users] Manage users without Red Hat Directory Server or
>>> IBM Tivoli Directory Server?
>>>
>>> Dear Itamar,
>>>
>>> we (German Air Navigation Services) would like to use oVirt for
>>> testing our air traffic applications.
>>> In our air traffic application system, there is no directory service,
>>> since we don't need one. Consequently our test system has no
>>> directory service too.
>>> We differentiate only between root-users (manage the OS), air traffic
>>> application operational-users and air traffic application
>>> technical-users.
>>> For three kinds of users a directory service would mean too much
>>> overhead.
>>> oVirt is complex enough, therefore it would be advantegous to have a
>>> simple user-management without the need to install/configure/run a
>>> directory service infrastructure.
>>>
>>> Best regards
>>> Dennis
>> Hi Dennis,
>>  From what you're describing - you have to populate oVirt somehow with
>> 3 groups -
>> root-users, air trafdfic application operational-users and air traffic
>> application technical-users.
>>
>> Not sure if you have technical developers at your organization, but at
>> past we developed an internal broker [1] which is not
>> Ldap/Directory-Service based.
>> We have future thoughts about supporting not just directory services.
>> But for now - perhaps the quickest thing for you guys (if you have a
>> technical team of developers) is to write your own broker, similar to
>> the internal broker).
>> I actually saw a non ldap broker that was implemented based on the way
>> the internal broker was implemented.
>> But I really think you should reconsider your decision NOT to use ldap
>> directory-service
>>
>>
>> [1] - Internal broker - the piece of code responsible for the
>> admin at interal user
>>
>>
>> Yair
> I feel that we do need a plain and simple user management broker (could
> be file based similar to jboss user/group properties). Dennis concerns
> about the time/money to invest in an up & running
> installation with few groups seems just.
>
> we can make /etc/ovirt-engine/user-management/users.properties and
> group.properties
>
> users.properties:
>
>   #key could be considered as the DN
>
>   user1.name=Dennis
>   user1.id={UUID}
>   user1.groupids={admins group id},{others}
>   user1.pass=plaintext
>
> group properties:
>
>   admins.id={UUID}
>   admins.desc=some description

there are enough implementations for these things, we don't need to 
invent our own.

>
>
>>> ________________________________________
>>> Von: Itamar Heim [iheim at redhat.com]
>>> Gesendet: Dienstag, 4. Dezember 2012 00:44
>>> An: Dennis Böck
>>> Cc: users at oVirt.org
>>> Betreff: Re: [Users] Manage users without Red Hat Directory Server or
>>> IBM Tivoli Directory Server?
>>>
>>> On 12/03/2012 08:51 AM, Dennis Böck wrote:
>>>> Dear oVirt-Community,
>>>>
>>>> how can I add a new User? If I click “Add” under the “Users”-Tag of
>>>> the
>>>> web interface, I cannot create a new user. If I start a search,
>>>> only the
>>>> user “admin” is displayed.
>>>>
>>>> Is it maybe not possible to create users out of oVirt?
>>>>
>>>> Even users which I added locally (on the fedora host which runs the
>>>> ovirt engine) are not displayed.
>>>>
>>>> Can you only manage users if oVirt is connected to a Red Hat
>>>> Directory
>>>> Server or IBM Tivoli Directory Server?
>>>>
>>> can you please explain the use case where there is no existing
>>> directory
>>> to handle group membership and authentication?
>>>
>>> thanks,
>>>      Itamar
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users





More information about the Users mailing list