[Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?

Roy Golan rgolan at redhat.com
Wed Dec 5 09:50:37 UTC 2012 

On 12/05/2012 11:01 AM, Yair Zaslavsky wrote:
>
> ----- Original Message -----
>> From: "Dennis Böck" <dennis at webdienstleistungen.com>
>> To: "Itamar Heim" <iheim at redhat.com>
>> Cc: "users at oVirt.org" <users at ovirt.org>
>> Sent: Wednesday, December 5, 2012 10:48:58 AM
>> Subject: Re: [Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
>>
>> Dear Itamar,
>>
>> we (German Air Navigation Services) would like to use oVirt for
>> testing our air traffic applications.
>> In our air traffic application system, there is no directory service,
>> since we don't need one. Consequently our test system has no
>> directory service too.
>> We differentiate only between root-users (manage the OS), air traffic
>> application operational-users and air traffic application
>> technical-users.
>> For three kinds of users a directory service would mean too much
>> overhead.
>> oVirt is complex enough, therefore it would be advantegous to have a
>> simple user-management without the need to install/configure/run a
>> directory service infrastructure.
>>
>> Best regards
>> Dennis
> Hi Dennis,
>  From what you're describing - you have to populate oVirt somehow with 3 groups -
> root-users, air trafdfic application operational-users and air traffic application technical-users.
>
> Not sure if you have technical developers at your organization, but at past we developed an internal broker [1] which is not Ldap/Directory-Service based.
> We have future thoughts about supporting not just directory services.
> But for now - perhaps the quickest thing for you guys (if you have a technical team of developers) is to write your own broker, similar to the internal broker).
> I actually saw a non ldap broker that was implemented based on the way the internal broker was implemented.
> But I really think you should reconsider your decision NOT to use ldap directory-service
>
>
> [1] - Internal broker - the piece of code responsible for the admin at interal user
>
>
> Yair
I feel that we do need a plain and simple user management broker (could 
be file based similar to jboss user/group properties). Dennis concerns 
about the time/money to invest in an up & running
installation with few groups seems just.

we can make /etc/ovirt-engine/user-management/users.properties and 
group.properties

users.properties:

  #key could be considered as the DN

  user1.name=Dennis
  user1.id={UUID}
  user1.groupids={admins group id},{others}
  user1.pass=plaintext

group properties:

  admins.id={UUID}
  admins.desc=some description


>> ________________________________________
>> Von: Itamar Heim [iheim at redhat.com]
>> Gesendet: Dienstag, 4. Dezember 2012 00:44
>> An: Dennis Böck
>> Cc: users at oVirt.org
>> Betreff: Re: [Users] Manage users without Red Hat Directory Server or
>> IBM Tivoli Directory Server?
>>
>> On 12/03/2012 08:51 AM, Dennis Böck wrote:
>>> Dear oVirt-Community,
>>>
>>> how can I add a new User? If I click “Add” under the “Users”-Tag of
>>> the
>>> web interface, I cannot create a new user. If I start a search,
>>> only the
>>> user “admin” is displayed.
>>>
>>> Is it maybe not possible to create users out of oVirt?
>>>
>>> Even users which I added locally (on the fedora host which runs the
>>> ovirt engine) are not displayed.
>>>
>>> Can you only manage users if oVirt is connected to a Red Hat
>>> Directory
>>> Server or IBM Tivoli Directory Server?
>>>
>> can you please explain the use case where there is no existing
>> directory
>> to handle group membership and authentication?
>>
>> thanks,
>>      Itamar
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list