[Users] LDAP

Yaniv Kaul ykaul at redhat.com
Mon Feb 20 10:25:17 UTC 2012 

On 02/20/2012 12:02 PM, Yair Zaslavsky wrote:
> On 02/20/2012 09:39 AM, Oved Ourfalli wrote:
>> Hey,
>>
>> More information on the domain infrastructure we have can be found in:
>> http://www.ovirt.org/wiki/DomainInfrastructure
>> (I might update it more soon, but it can give you a basic view of how the domain management in oVirt is working, and what do you need to update in order to support a new ldap provider).
>>
>> Oved
> I just would like to add that in general, when one wants to add a new
> LDAP server support, it should be realized that there are two main
> issues to take care of:
> a. How authentication to LDAP server is performed (examples we
> encountered in the past - Kerberos/GSSAPI  and SIMPLE).

The lack of SSL support is glaring. Except for AD, the whole world is 
using SSL (TLS actually) for authentication and/or encryption.

> b. How to perform the ldap queries (i.e - use proper schema)

Most products allow you to specify the search attribute (samaccountname 
in AD for example).
Do we really need a lot more from the scheme?
(The base DN to search from is also a bit missing, but that's not part 
of the scheme, but our own configuration)
Y.

>
> This is at least how I see it.
>
> Yair
>
>> ----- Original Message -----
>>> From: "Itamar Heim"<iheim at redhat.com>
>>> To: "Nathan Stratton"<nathan at robotics.net>
>>> Cc: users at ovirt.org
>>> Sent: Sunday, February 19, 2012 11:14:24 PM
>>> Subject: Re: [Users] LDAP
>>>
>>> On 02/19/2012 11:11 PM, Nathan Stratton wrote:
>>>> On Sun, 19 Feb 2012, Itamar Heim wrote:
>>>>
>>>>> the current code supports AD, freeIPA/IPA and 389ds/RHDS.
>>>>> if apache directory server is similar to any of them, you could
>>>>> try
>>>>> hacking the code to add support for it.
>>>> Ok, will go with 389 for now, its in the family, tho Gluster is in
>>>> the
>>>> family and you don't support it as a storage file system... : )
>>> please remember you need 389ds with kerberos support.
>>>
>>> gluster is in the works...
>>> see:
>>> http://www.ovirt.org/wiki/AddingGlusterSupportToOvirt
>>>
>>>> Just kidding, you guys are great, keep up the good work.
>>>>
>>>>> <>
>>>> Nathan Stratton CTO, BlinkMind, Inc.
>>>> nathan at robotics.net nathan at blinkmind.com
>>>> http://www.robotics.net http://www.blinkmind.com
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list