----- Original Message ----- > From: "Itamar Heim" <ih...@redhat.com> > To: "Oved Ourfalli" <ov...@redhat.com> > Cc: users@ovirt.org, "Thierry Kauffmann" <thierry.kauffm...@univ-montp2.fr> > Sent: Tuesday, December 4, 2012 1:47:52 AM > Subject: Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine > > On 12/02/2012 08:10 AM, Oved Ourfalli wrote: > > > > > > ----- Original Message ----- > >> From: "Thierry Kauffmann" <thierry.kauffm...@univ-montp2.fr> > >> To: "cristi falcas" <cristi.fal...@gmail.com> > >> Cc: users@ovirt.org > >> Sent: Saturday, December 1, 2012 5:56:14 PM > >> Subject: [Users] OpenLDAP Simple Authentication in Ovirt Engine > >> > >> > >> > >> > >> > >> > >> Hi, > >> > >> I am currently testing Ovirt 3.1 standalone on Fedora 17. > >> > >> Until now, I could only use the default user admin@internal. > >> > >> Our Directory at the University is OpenLDAP. We use it for > >> authentication > >> WITHOUT Kerberos : Simple authentication. > >> > >> I wonder how to use this backend to authenticate users and manage > >> groups > >> in Ovirt. > >> > >> Has anyone already set this up ? > >> How to configure Ovirt to use Simple Authentication (No Kerberos). > >> > >> Cheers, > >> > >> -- > >> Thierry Kauffmann > >> Chef du Service Informatique // Facult? des Sciences // Universit? > >> de > >> Montpellier 2 > >> > >> [image: SIF - Service Informatique de la Facult? des Sciences] > >> <http://sif.info-ufr.univ-montp2.fr/> [image: > >> UM2 - Universit? de Montpellier 2] <http://www.univ-montp2.fr/> > >> Service > >> informatique de la Facult? des Sciences (SIF) > >> Universit? de Montpellier 2 > >> CC437 // Place Eug?ne Bataillon // 34095 Montpellier Cedex 5 > >> > >> T?l : 04 67 14 31 58 > >> email : thierry.kauffm...@univ-montp2.fr web : > >> http://sif.info-ufr.univ-montp2.fr/ > >> http://www.fdsweb.univ-montp2.fr/ > >> _______________________________________________ > >> Users mailing list Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users Hi, > >> > >> This is a response from an older thread from Yair Zaslavsky: > >> > >> " there is no code allowing to add simple-authentication domains > >> to > >> Manage-Domains. > >> In the past we did have the ability to do that, but there are > >> several > >> problematic issues." > >> > >> Best regards, Hi, > >> > >> correct-me if I am wrong but this wiki page ( > >> http://www.ovirt.org/DomainInfrastructure ) states clearly : > >> > >> > >> > >> > >> > >> 1. Authenticating Active Directory, IPA and RHDS using either > >> simple or gssapi authentication > >> 2. Querying the directory using the LDAP protocol > >> 3. Auto deducing the LDAP provider type > >> 4. Easily adding new LDAP provider types > >> 5. Easily adding new query types > >> > >> So what ? > >> > > We supported simple authentication in the past, but it is no longer > > supported, that's why you can't set that using the manage domains > > utility. > > It may work well in some providers (in the past we supported that > > for active directory, so I guess it would work there). > > I don't think we removed SIMPLE from the engine, we just don't > recommend > using it, since it doesn't encrypt user/password on the network (it > is > sometime useful for debugging). > We indeed didn't remove the engine code. We just blocked it from the utility. Once you have a configured oVirt domain, you can set the LDAPSecurityAuthentication configuration parameter (in the vdc_options table), to use simple, by putting a value of: domain1:SIMPLE,domain2:GSSAPI,domain3:SIMPLE and etc....
but, if you want to add a new domain with it then you would need to add it manually (can give a detailed explanation on how, if relevant). By default we work GSSAPI (I think the config option is empty by default which is equivalent to working GSSAPI). If/When we would need to support that again it shouldn't be a major effort to add the code... the testing with the different providers will be the hard part. Oved > > > > We also don't auto deduce the LDAP provider type anymore, as > > changes in the providers caused some issues with it. > > > > I'll edit the wiki accordingly (btw, I remember removing it from > > the wiki... so it is weird that it is still there...). > > > > Oved > > > >> > >> -- > >> signature-TK Thierry Kauffmann > >> Chef du Service Informatique // Faculté des Sciences // Université > >> de > >> Montpellier 2 > >> > >> > >> SIF - Service Informatique de la Faculté > >> des Sciences UM2 - > >> Université de Montpellier 2 Service > >> informatique de > >> la Faculté des Sciences (SIF) > >> Université de Montpellier 2 > >> CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5 > >> > >> Tél : 04 67 14 31 58 > >> email : thierry.kauffm...@univ-montp2.fr > >> web : http://sif.info-ufr.univ-montp2.fr/ > >> http://www.fdsweb.univ-montp2.fr/ > >> > >> _______________________________________________ > >> Users mailing list > >> Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users > >> > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users