[Users] Adding LDAP server directly with its FQDN.

Andrew Cathrow acathrow at redhat.com
Sun Jul 1 11:46:32 UTC 2012 


----- Original Message -----
> From: "Oved Ourfalli" <ovedo at redhat.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>, "Sharad Mishra" <snmishra at linux.vnet.ibm.com>
> Cc: users at ovirt.org
> Sent: Sunday, July 1, 2012 2:50:53 AM
> Subject: Re: [Users] Adding LDAP server directly with its FQDN.
> 
> 
> 
> ----- Original Message -----
> > From: "Yair Zaslavsky" <yzaslavs at redhat.com>
> > To: users at ovirt.org
> > Sent: Sunday, July 1, 2012 7:57:25 AM
> > Subject: Re: [Users] Adding LDAP server directly with its FQDN.
> > 
> > On 06/29/2012 11:14 PM, snmishra at linux.vnet.ibm.com wrote:
> > > 
> > > Hi,
> > > 
> > >   Is there a way to directly add an LDAP server to ovirt?
> > >   Currently
> > >   I
> > > run engine-manage-domains with -domain=<domain-name>. This finds
> > > all the
> > > ldap servers in the domain. Can I skip this and just add the one
> > > I
> > > want?
> > > I have the fqdn of the ldap server.
> > > 
> > > Regards
> > > Sharad Mishra
> > > IBM
> > 
> > Hi Sharad,
> > Currently - no such way.
> > Bare in mind you need to provide also the user ID.
> > In addition - it may be that not all DS providers hold information
> > on
> > the users in the same way, and we perform some normalization in
> > order
> > to
> > store them at DB in the same format.
> > However, I guess we can run this "Guid encoding" code at
> > engine-manage-domains, and then, it will be possible to add the
> > user
> > (if
> > you provide the baseDN FQDN) to the system.
> > Feel free to suggest a patch ;)
> > In addition, an idea that popped to my head - let's say you want to
> > add
> > 100 users this way - will you provide for every one of them the
> > baseDN?
> > Maybe we should be able to configure a fefault base DN per domain?
> > 
> Hey,
> 
> We do have an entry in vdc_options called LdapServers.
> It is a per-domain configuration, just like the other LDAP related
> configuration options.
> When looking for LDAP servers, the engine uses the ones in this
> configuration. If empty, it goes to the DNS.
> Currently the engine-manage-domains utility doesn't set this option,
> but if you would like to work with one LDAP server for testing
> purposes, or as a workaround, then you can set it manually:
> domain:1ldapserver1, domain2:ldapserver2....

Would that mean that we can skip all the DNS SRV records?

> 
> Note that it only supports one LDAP server per domain.


> 
> Oved
> > 
> > > 
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > 
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list