[ovirt-users] LDAP

Alon Bar-Lev alonbl at redhat.com
Thu Nov 20 09:18:50 UTC 2014 


----- Original Message -----
> From: "Koen Vanoppen" <vanoppen.koen at gmail.com>
> To: users at ovirt.org
> Sent: Thursday, November 20, 2014 11:11:57 AM
> Subject: Re: [ovirt-users] LDAP
> 
> Is it stable? Because it is for production environment on the Brussels
> Airport... Can't be messed around with :-)

Well, it is new... as any new component first should be tested in semi-production, if it meets your needs you can promote.
>From my tests it is more stable than the legacy implementation as it is much simpler, it does not relay on dns records, kerberos nor static configuration that assumed to suit all.
It also provide much better performance.
I could release this now, but I am waiting to one first of ovirt-engine-3.5.1 to make it easier to deploy,
And of course I would like more people to test this and report back results.

> 
> 2014-11-20 10:10 GMT+01:00 Alon Bar-Lev < alonbl at redhat.com > :
> 
> 
> 
> 
> 
> ----- Original Message -----
> > From: "Koen Vanoppen" < vanoppen.koen at gmail.com >
> > To: users at ovirt.org
> > Sent: Thursday, November 20, 2014 10:51:06 AM
> > Subject: [ovirt-users] LDAP
> > 
> > Hello everybody,
> > 
> > We updated our ovirt to 3.5, but now we see some errors concerning LDAP. I
> > already searched oonline for a guide for the AAA config, but can't seem to
> > find something...
> > Does anybody already has a clear how-to for the AAA config?
> > 
> > This is the error we get sometimes in our engine.log (we are still able to
> > login with ldap btw):
> > 
> > 2014-11-20 06:42:06,539 ERROR
> > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > (ajp--127.0.0.1-8702-32) Failed ldap search server
> > ldap://***.brussels.airport:*** using user ****@BRUSSELS.AIRPORT due to :
> > [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error
> > processing name, data 0, v23f0]; nested exception is
> > javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
> > LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
> > remaining name ''. We should try the next server
> 
> CCing Yair he might have a clue.
> 
> Would you like to test the next generation of LDAP provider? It should be
> much simpler than current provider, it uses only LDAP protocol, and enable
> you to customize almost everything.
> 
> It is available in ovirt-engine-3.5-snapshots repository, package name is
> ovirt-engine-extension-aaa-ldap, documentation is available within package
> and here[1], I will be glad to help if you decide to check it out.
> 
> Regards,
> Alon Bar-Lev.
> 
> [1]
> http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list