[rhos-list] Fwd: RE: LDAP/AD

Adam Young ayoung at redhat.com
Tue Sep 11 21:22:36 UTC 2012 

This is a discussion I'm party to between the Hyper-V Dev and CERN 
regarding Keystone LDAP usage to access their Active Directory structure.

Thought some of you might be interested.


-------- Original Message --------
Subject: 	RE: LDAP/AD
Date: 	Tue, 11 Sep 2012 20:59:56 +0000
From: 	Peter Pouliot <ppouliot at microsoft.com>
To: 	Tim Bell <Tim.Bell at cern.ch>, "Adam Young (ayoung at redhat.com)" 
<ayoung at redhat.com>
CC: 	John Dickinson <me at not.mn>, Joseph Heck <heckj at mac.com>, Jose 
Castro Leon <jose.castro.leon at cern.ch>



Tim,


Thanks for the information.   I'm in agreement on LDAP and wasn't 
suggesting Native AD support.   However being able to utilize the 
existing  information is key.

P

*From:*Tim Bell [mailto:Tim.Bell at cern.ch]
*Sent:* Tuesday, September 11, 2012 3:15 PM
*To:* Peter Pouliot; Adam Young (ayoung at redhat.com)
*Cc:* John Dickinson; Joseph Heck; Jose Castro Leon
*Subject:* RE: LDAP/AD

Peter,

>From CERN's first quick analysis in the past week or so, AD integration 
can be done within the framework of a flexible OpenLDAP driver. We may 
need some configuration flags, some mapping from roles to group members 
and some recommendations for AD administrators to index certain parts of 
the tree (we have groups with 1,000s of members and 48,000 users in our AD).

Given the good AD/LDAP built in compatibility, we can make things 
generic if we find the right schema options. I do not think we've the 
critical mass currently for AD-only support. I'd much rather have a good 
LDAP support and a recommendation on how to provide an AD view which is 
performant and compatible for both OpenLDAP and AD backends.

A few beers, a white board, the key guys and we can sort this out ...

Tim

*From:*Peter Pouliot [mailto:ppouliot at microsoft.com] 
<mailto:[mailto:ppouliot at microsoft.com]>
*Sent:* 11 September 2012 21:03
*To:* Tim Bell; Adam Young (ayoung at redhat.com <mailto:ayoung at redhat.com>)
*Cc:* John Dickinson; Joseph Heck
*Subject:* RE: Hyper-V Meeting Minutes

Tim,

I agree on not having fragmentation.

John had approached me a while back around some AD discussion  and I 
know I had some a conversation with Joe somewhere along the lines at the 
April summit.

John and Joe,


I figured this is a great point to bring you both in.  I know each of 
you also have showed some interest in advancing the Active Directory 
integration.

It's probably a great time to try to organize our efforts .

What do you both think about Tim's suggestion of a Bof Slot on the Topic 
in SD?

pp

*From:*Tim Bell [mailto:Tim.Bell at cern.ch] 
<mailto:[mailto:Tim.Bell at cern.ch]>
*Sent:* Tuesday, September 11, 2012 2:17 PM
*To:* Peter Pouliot; Adam Young (ayoung at redhat.com 
<mailto:ayoung at redhat.com>)
*Subject:* RE: Hyper-V Meeting Minutes

I've already got the CERN troops voting for the Hyper-V and Redhat talks J

I'll certainly give some prominence to the work with Microsoft and 
Redhat in the CERN user story too, so your votes are welcome...

In any case, we should get a BoF slot for OpenLDAP/AD integration .. it 
does not need a massive investment but we should avoid fragmentation....

We're also trying to do some PKI testing too .... Another hot topic for 
us....

Ti

*From:*Peter Pouliot [mailto:ppouliot at microsoft.com] 
<mailto:[mailto:ppouliot at microsoft.com]>
*Sent:* 11 September 2012 19:57
*To:* Tim Bell; Adam Young (ayoung at redhat.com <mailto:ayoung at redhat.com>)
*Subject:* RE: Hyper-V Meeting Minutes

Tim,


Awesome!   We'd love to make sure everyone interested meets up at the 
summit.

I'm looking forward to seeing what you have done already.


Adam and I have been talking about this for a while. (We actually work 
close by to each other in Cambridge MA).

I've been trying to get more free cycles to help w/ the testing and 
potentially help with integration to use other AD object properties.

We should definitely sync up together and get a good understanding of 
your needs at CERN.   I should be able to guide some of the momentum 
towards the work internally if the external interest is there.

PS.  Votes for Hyper-V Presentations help the cause.

J

p

*From:*Tim Bell [mailto:Tim.Bell at cern.ch] 
<mailto:[mailto:Tim.Bell at cern.ch]>
*Sent:* Tuesday, September 11, 2012 1:32 PM
*To:* Peter Pouliot; Adam Young (ayoung at redhat.com 
<mailto:ayoung at redhat.com>)
*Subject:* FW: Hyper-V Meeting Minutes

Peter/Adam,

Pleased to see that the AD integration work is of interest. I've asked 
Jose to brief you further on the thoughts and options.

For the summit, Jose, Belmiro and I will be there. I've got some 
management board related meetings but I'd be delighted to get together 
with you both and discuss further integration work of common interest.

Tim

*From:*Peter Pouliot [mailto:ppouliot at microsoft.com] 
<mailto:[mailto:ppouliot at microsoft.com]>
*Sent:* 11 September 2012 17:56
*To:* openstack-dev at lists.openstack.org 
<mailto:openstack-dev at lists.openstack.org>
*Subject:* [openstack-dev] Hyper-V Meeting Minutes

Meeting ended Tue Sep 11 15:47:37 2012 UTC.  Information about MeetBot 
at http://wiki.debian.org/MeetBot . (v 0.1.4)

Minutes: 
http://eavesdrop.openstack.org/meetings/hyper_v/2012/hyper_v.2012-09-11-15.00.html

Minutes (text): 
http://eavesdrop.openstack.org/meetings/hyper_v/2012/hyper_v.2012-09-11-15.00.txt

Log: 
http://eavesdrop.openstack.org/meetings/hyper_v/2012/hyper_v.2012-09-11-15.00.log.html

Peter J. Pouliot, CISSP

Senior SDET, OpenStack

Microsoft

New England Research & Development Center

One Memorial Drive,Cambridge, MA 02142

PPOULIOT at microsoft.com <mailto:PPOULIOT at microsoft.com> | Tel: +1(857) 
453 6436




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20120911/63af5346/attachment.htm>

More information about the rhos-list mailing list