Re: [Users] LDAP

Mon, 20 Feb 2012 02:25:23 -0800 

On 02/20/2012 12:02 PM, Yair Zaslavsky wrote:

On 02/20/2012 09:39 AM, Oved Ourfalli wrote:

Hey,

More information on the domain infrastructure we have can be found in:
http://www.ovirt.org/wiki/DomainInfrastructure
(I might update it more soon, but it can give you a basic view of how the 
domain management in oVirt is working, and what do you need to update in order 
to support a new ldap provider).

Oved

I just would like to add that in general, when one wants to add a new
LDAP server support, it should be realized that there are two main
issues to take care of:
a. How authentication to LDAP server is performed (examples we
encountered in the past - Kerberos/GSSAPI  and SIMPLE).
The lack of SSL support is glaring. Except for AD, the whole world is using SSL (TLS actually) for authentication and/or encryption. 


b. How to perform the ldap queries (i.e - use proper schema)
Most products allow you to specify the search attribute (samaccountname in AD for example). 
Do we really need a lot more from the scheme?
(The base DN to search from is also a bit missing, but that's not part of the scheme, but our own configuration) 
Y.



This is at least how I see it.

Yair


----- Original Message -----

From: "Itamar Heim"<ih...@redhat.com>
To: "Nathan Stratton"<nat...@robotics.net>
Cc: users@ovirt.org
Sent: Sunday, February 19, 2012 11:14:24 PM
Subject: Re: [Users] LDAP

On 02/19/2012 11:11 PM, Nathan Stratton wrote:

On Sun, 19 Feb 2012, Itamar Heim wrote:


the current code supports AD, freeIPA/IPA and 389ds/RHDS.
if apache directory server is similar to any of them, you could
try
hacking the code to add support for it.

Ok, will go with 389 for now, its in the family, tho Gluster is in
the
family and you don't support it as a storage file system... : )

please remember you need 389ds with kerberos support.

gluster is in the works...
see:
http://www.ovirt.org/wiki/AddingGlusterSupportToOvirt


Just kidding, you guys are great, keep up the good work.


<>

Nathan Stratton CTO, BlinkMind, Inc.
nathan at robotics.net nathan at blinkmind.com
http://www.robotics.net http://www.blinkmind.com

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to