[Users] LDAP

[Yair Zaslavsky]

On 02/26/2012 05:21 PM, Nathan Stratton wrote:
> On Sun, 26 Feb 2012, Yaniv Kaul wrote:
> 
>> On 02/26/2012 09:46 AM, Yair Zaslavsky wrote:
>>> On 02/26/2012 09:45 AM, Yair Zaslavsky wrote:
>>>> On 02/26/2012 09:18 AM, Oved Ourfalli wrote:
>>>>> Found the problem.
>>>>> We are identifying if the LDAP server is AD or not by checking if
>>>>> the root DSE contains the "defaultNamingContext" attribute.
>>>>> This attribute is not in the LDAP standard, thus it appears in AD,
>>>>> and not in IPA and RHDS...
>>>>>
>>>>> Looking at the rootDSE you provided it looks like it was added to
>>>>> IPA, therefore we identify it as AD.
>>>>>
>>>>> Can you open us a bug on that upstream?
>>>>> Given that issue, I think we should also provide a way to set the
>>>>> ldap provider type (using the engine-manage-domains utility), in
>>>>> order to workaround such issues in the future.
>>>> Don't you think that now this key (i.e providerType=IPA) kinda becomes
>>>> mandatory?
>>> Or actually, maybe we should have it optional - if set - then this value
>>> will be used for providerType, if not - our "auto-deduction" mechanism
>>> takes place.
>>>
>>> Thoughts?
>>
>> Drop the auto-detection.
> 
> Thats a good point, I think the auto-detection is a bit overkill, most
> users know what they are running. Is there someting I can add to the
> oVirt DB manually so I can skip the engine-manage-domains utility for
> now and move forward with using FreeIPA?
Nathan, IMHO, you will still encounter auto detection issues, during
invocation of rootDSE queries when working with ldap related flows with
engine-core. This means you will still get wrong provider type.
This is something we should fix.
Oved - am I correct here?
> 
>> <>
> Nathan Stratton                                CTO, BlinkMind, Inc.
> nathan at robotics.net                         nathan at blinkmind.com
> http://www.robotics.net                        http://www.blinkmind.com