[Users] LDAP

[Itamar Heim]

On 02/22/2012 11:02 PM, Nathan Stratton wrote:
>
> On Wed, 22 Feb 2012, Oved Ourfalli wrote:
>
>> Hey,
>>
>> This error usually happens where there is no krb5.conf file, or there
>> is one, but your domain isn't in that.
>> The krb5.conf file should be located in
>> $JBOSS_HOME/standalone/configuration directory.
>
> Ya, I gave up on the 389/Kerberos, looking at FreeIPA now.
>
> BTW, why can't we just use LDAP???

well, this goes to history, as ovirt was ported from a C# solution 
focused that evolved to server virtualization from VDI (virtual desktops).
virtual desktops were mostly windows.
so integration with AD was a must, and was based on kerberos (in C#)
java port first supported backward compatibility.
nothing prevents adding LDAP support, but it probably requires 
supporting multiple LDAP redundant servers and SSL.

btw, the code for basic LDAP (WITHOUT SECURITY) may still work, if you 
change the authentication type to "SIMPLE".
but it is never discussed as a deployment option, as it is not secure.