The domainInfrastructure wiki page is helpful.  The examples are
great.  It has enough information to understand how oVirt formats an
LDAP filter string, for example, which is very important.  The
constant use of the word "domain" is confusing, though.

People outside the Microsoft world don't know that Microsoft
documentation uses three different definitions of domain, sometimes in
the same document.  Most people will probably just assume you mean an
IANA domain.

I've worked with LDAP for over ten years, and I read the oVirt
domainInfrastructure page three or four times but I still couldn't
figure out why it kept talking about domains and LDAP at the same time
until I took a week of AD classes and studied a couple of O'Reilly AD

For example, when the oVirt wiki talks about "root DSE for domain" it
doesn't make sense to anyone who isn't already familiar with AD.  A
rootDSE describes the configuration of a DSA instance (LDAP server
daemon) as defined in RFC4512 section 5.1, and doesn't have anything
to do with domains.  The word domain does not occur in RFC4512 or
RFC2251 at all.  The page doesn't explain why oVirt needs a domain and
a root DSE to have any special relationship.  ISPs load information
for hundreds of IANA domains under a single root DSE and it's not a
problem; I've done five domains in one DSA under one root DSE.

If there was an oVirt wiki page called LDAP or
DirectoryInfrastructure, that page could explain if domains really
need to be part of oVirt, and if so which kind of domain, and then
link the current domainInfrastructure page.  Or it could link a
separate page for each directory supported by oVirt, and the current
domainInfrastructure page could become an activeDirectory page and
retain all the AD-specific language.


On Wed, Nov 14, 2012 at 8:50 AM, Oved Ourfalli <> wrote:
> ----- Original Message -----
>> From: "Jiri Belka" <>
>> To:
>> Sent: Wednesday, November 14, 2012 9:30:39 AM
>> Subject: Re: [Users] Ovirt 3.1 and Samba4 AD
>> On 11/13/2012 09:40 PM, Charlie wrote:
>> > I would like to help oVirt gain compatibility with standards-based
>> > services like OpenLDAP, but the code's in a language I haven't used
>> > and a version control system I haven't used and the wiki has no
>> > LDAP
>> > interaction design documents (other than the sources themselves)
>> > and
>> > I've got very limited free time, all of which makes it hard to
>> > contribute.
>> +1
> We do have some wiki pages that can be useful to set up a development 
> environment, like:
> Architecture page:
> And specifically, there is a wiki page on the LDAP infrastructure, that can 
> give a clue on what entities we have there, and how to work with them:
>> --
>> Jiri Belka
>> _______________________________________________
>> Users mailing list
Users mailing list

Reply via email to