[ovirt-users] ovirt with 389 server inactive groups

Yair Zaslavsky yzaslavs at redhat.com
Mon Aug 11 17:00:20 UTC 2014



----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Maurice James" <mjames at media-node.com>
> Cc: users at ovirt.org
> Sent: Saturday, August 9, 2014 9:33:16 AM
> Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
> 
> 
> 
> ----- Original Message -----
> > From: "Maurice James" <mjames at media-node.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "Itamar Heim" <iheim at redhat.com>, users at ovirt.org
> > Sent: Saturday, August 9, 2014 3:47:04 AM
> > Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
> > 
> > Does this still require the use of kerberos? Will 389-ds work on its own?
> 
> In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap mix.
> 
> It will be great to receive feedback[2].
> 
> 389ds is not supported directly, I think it is similar to IPA as it uses 389.
> Maybe I should rename the profile of ipa to 389 if it works properly.
> 

Sorry for the very late response, I was on PTO -
Prior to 3.5 - 389ds was supported via the RHDS provider 
AFAIK,
389ds is "upstream" version for RHDS...

> Regards,
> Alon
> 
> [1]
> http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master
> [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html
> 
> > 
> > ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > To: "Itamar Heim" <iheim at redhat.com>
> > Cc: users at ovirt.org
> > Sent: Friday, August 8, 2014 3:45:07 PM
> > Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Itamar Heim" <iheim at redhat.com>
> > > To: "Paul Robert Marino" <prmarino1 at gmail.com>, users at ovirt.org
> > > Sent: Friday, August 8, 2014 10:37:11 PM
> > > Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
> > > 
> > > On 08/07/2014 07:06 PM, Paul Robert Marino wrote:
> > > > I have ovirt engine running and connected to a 389 server with the
> > > > memberof plugin enabled and working properly.
> > > >
> > > > I can add users and assign them to roles without any issues.
> > > >
> > > > when I look at a user I can see all the LDAP groups they are a member
> > > > of.
> > > >
> > > > when I run engine-manage-domains  -action=validate it tells me the
> > > > domain is valid.
> > > >
> > > > here is my problem when I try to assign a role to an LDAP group it
> > > > looks like it works but in the general tab when under the group it
> > > > tells me the status is Inactive.
> > > >
> > > > dose any one know how to enable the group?
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > > >
> > > 
> > > 3.4 or new 3.5 Generic LDAP provider?
> > 
> > 
> > On case this is 3.5 it is known issue, all groups will be seen as inactive,
> > this field will probably be removed from UI, as groups are no longer
> > fetched
> > periodically.
> > This field is totally ignored.
> > 
> > Alon
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list