[ovirt-users] [ATN] LDAP Users please read

Donny Davis donny at cloudspin.me
Thu Aug 6 13:49:03 UTC 2015


AAA ldap has been working great for me for quite some time now. Good work
Alon
On Aug 4, 2015 3:56 AM, "Alon Bar-Lev" <alonbl at redhat.com> wrote:

> Hello LDAP Users,
>
> If you migrated from 3.4 or if you used engine-managed-domains to add LDAP
> support into engine - this message is for you.
>
> In 3.5 we introduced a new LDAP provider[1][2], it is superset of the
> previous implementation, highlights includes:
>  * Better response times.
>  * Simplicity, Use of LDAP protocol only - kerberos is no longer needed.
>  * More LDAP implementations are supported.
>  * Flexible configuration, can be customized on site to support special
> setups.
>  * Supportability, better logs and feedbacks to enable remote support.
>  * Variety of fallback policies, examples: srvrecord, failover,
> round-robin and more.
>  * Active Directory: supports multiple domain in forest.
>
> In 3.5 the previous LDAP provider is marked as legacy, users' issues will
> be resolved by migration to the new provider.
>
> Upgrade to 4.0 will not be possible if legacy provider is being used.
>
> The new provider is working without any issue for quite some time, we
> would like to eliminate the remaining usage of the legacy provider as soon
> as possible.
>
> A tool was created[3] to automate the process, it should perform
> everything in safe and automatic process, while enables customization if
> such required. The one prerequisite that we could not automate easily is
> obtaining the CA certificate used by the LDAP server to communicate using
> SSL/TLS, you should acquire this manually and provide it as parameter.
>
> We (Ondra CCed and I) will help anyone that is experiencing issues with
> the process, please do not delay migration to the point it becomes
> emergency.
>
> Let's define a virtual goal -- in 1 month no legacy LDAP usage anywhere.
>
> Regards,
> Alon Bar-Lev.
>
> [1] http://www.ovirt.org/Features/AAA
> [2]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0
> [3]
> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150806/dc2b501a/attachment-0001.html>


More information about the Users mailing list