[Ovirt-devel] LDAP fallback
Scott Seago
sseago at redhat.com
Tue May 20 13:05:02 UTC 2008
Hugh O. Brock wrote:
>
>
> Hey Scott.
>
> I have committed this on the basis that it built and
> installed. However there is now a problem with the
> "grant_admin_privileges" script in that it requires an ldap server
> (this is from Darryl's patch, not yours), so I wasn't able to test it
> fully.
>
> On that topic, do we want to make "grant_admin_privileges" fall back
> gracefully if auth is turned off (as it is in my case at the moment)?
>
> Take care,
> --Hugh
>
This is a good question. At one point we'd planned a "turn auth off"
flag (for development use only), but ultimately decided to abandon that
effort. But when we were only using kerberos (and not LDAP yet), turning
off auth turned out to be a two-line change to ovirt-wui.conf. Now that
we get the user list from ldap, turning auth _and_ ldap off would be a
larger effort, since we'd need some alternate means of generating a user
list. Is this something we want to do, or are we now at the point that
_all_ running ovirt instances, even dev ones, must point to a freeipa
server?
Scott
More information about the ovirt-devel
mailing list