[ovirt-users] Automated users/groups creation and updating them

Martin Perina mperina at redhat.com
Wed Jun 1 10:53:14 UTC 2016 

On Wed, Jun 1, 2016 at 11:54 AM, Alexis HAUSER <
alexis.hauser at telecom-bretagne.eu> wrote:

> Hi,
>
>
> I'm trying to find what are the different ways / approaches to automated
> users/groups creation, based on a LDAP/AD database.
>
> This is my first problematic : when a LDAP/AD provider is joined, and a
> user is created in ovirt from this provider, the user heritates a part of
> the attributes from this LDAP database. Now if I change one attribute on
> the LDAP side (for example "first name"), it isn't updated on the ovirt
> user.
> Would there be other way to update this information than creating /
> deleting the user ?
>

​Those informations should be updated after next login of the user. We did
synchronization in the past, but we decided not to do that any more due to
performance/sync issues.
​


>
> My second problematic is what should I use to automate creation of users.
>
> It seems possible with :
> - shell scripting : using ovirt-aaa-jdbc-tool
>

​This is usable only for users/groups in database​

​provided by aaa-jdbc extension
​

> - python SDK
> - java SDK
> - rest API
>
> Which one of these approaches would be the most simple ? I'm more familiar
> with shell scripting than other languages. That would be nice to find a way
> with it.
>
> Concerning ovirt-aaa-jdbc-tool, I've heard it was only adding/deleting
> users from the internal DB, not the others. In that case, is there a way in
> shell scripting to interact with other profiles than internal ?
>

​You can create as many aaa-jdbc profiles as needed, please take a look at
README.administrator inside aaa-jdbc package
​


>
> Is there files somewhere containing users and their informations I could
> modify ?
>
> What would happen if a user is in use and it is modified/deleted at the
> same time ?
>
> I know it makes a lot of questions, but I can't really get started before
> having those answers.
>

​We do not support modifying content of LDAP server, to do that you need to
use tools provided by your LDAP provider.

Martin Perina

​


> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160601/293405e9/attachment-0001.html>

More information about the Users mailing list