[ovirt-users] Re: change from LDAP to AD authentication

2018-07-09 Thread Staniforth, Paul 
Thanks Martin,

 Not really, my initial attempts were held up because I 
got confused with the new usrname format which is now UPN@domain and now 
equated to name@domain@domain or name@subdomain.domain@domain.

It may be easier for us to add permissions to the templates,VM, and disks or to 
use the roles service to find the user/object.


Regards,

  Paul S.


From: Martin Perina 
Sent: 08 July 2018 12:31
To: Staniforth, Paul
Cc: users; Ondra Machacek
Subject: Re: [ovirt-users] change from LDAP to AD authentication



On Thu, Jul 5, 2018 at 12:36 PM, 
mailto:p.stanifo...@leedsbeckett.ac.uk>> wrote:
Hello,
 as part of our policy I have to change from LDAP to Active Directory 
for authentication in our oVirt system.

?Hmm, do I understand that correctly that you were moving oVirt users from some 
other LDAP server to AD? Any reason other than political to do that?
?
I have managed to configure a test system that allows users to login using the 
CN (sAMAccountName) as before. The users in the system using the AD namespace 
are using their UPN for their user name.
Do we have to copy permissions from all the old accounts to their new accounts 
or is there a way to rename them to the UPN retaining there old permissions?

?I don't think there is any other way than to copy permissions. But you can 
automate the process using for example 
ovirt_permissions/ovirt_permissions?_facts Ansible modules [1] or one of our 
SDKs (Python, Java, Ruby).

Martin

[1] 
https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html#ovirt


Thanks,
Paul S.
___
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to 
users-le...@ovirt.org<mailto:users-le...@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3W3UAU3G3V53E7GT4CKT2MIH3GAFZ4DU/



--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
To view the terms under which this email is distributed, please go to:-
http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PVYRJMD3JVVBS5BQNBZZ6VGETAH2HZNZ/

[ovirt-users] Re: change from LDAP to AD authentication

2018-07-08 Thread Martin Perina 
On Thu, Jul 5, 2018 at 12:36 PM,  wrote:

> Hello,
>  as part of our policy I have to change from LDAP to Active
> Directory for authentication in our oVirt system.


​Hmm, do I understand that correctly that you were moving oVirt users from
some other LDAP server to AD? Any reason other than political to do that?
​

> I have managed to configure a test system that allows users to login using
> the CN (sAMAccountName) as before. The users in the system using the AD
> namespace are using their UPN for their user name.
> Do we have to copy permissions from all the old accounts to their new
> accounts or is there a way to rename them to the UPN retaining there old
> permissions?
>

​I don't think there is any other way than to copy permissions. But you can
automate the process using for example
ovirt_permissions/ovirt_permissions​_facts Ansible modules [1] or one of
our SDKs (Python, Java, Ruby).

Martin

[1]
https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html#ovirt


> Thanks,
> Paul S.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/3W3UAU3G3V53E7GT4CKT2MIH3GAFZ4DU/
>



-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XQZ66LBZSP3FMMZBM3DGMD45I5552SQZ/