Bug 1063095 (oVirt-AAA-LDAP)

Summary: OVIRT35 - [RFE][AAA] engine should have a generic LDAP provider
Product: [Retired] oVirt Reporter: Yair Zaslavsky <yzaslavs>
Component: ovirt-engine-coreAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.5CC: alonbl, audgiri, bazulay, gklein, iheim, oourfali, rbalakri, riehecky, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: A complete new LDAP support for ovirt-engine. Reason: Legacy LDAP support was complex implementation required kerberos, dns, ldap settings. It was monolithic in term of no new technologies can be added. No customization was possible. Result: A complete new implementation provided by the ovirt-engine-extension-aaa-ldap package. No migration sequence is provided, existing users can continue to use the legacy implementation. Migration can be done manually by adding the new provider, assigning permissions to users and group from the new provider, and removing the permissions of the users and groups of the old provider, during migration phase both providers can co-exist.
 Story Points: ---
Clone Of:
: 1072861 (view as bug list) Environment:
Last Closed: 2014-10-17 12:36:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 584625, 650593, 675701, 766601, 798075, 835438, 840421, 871408, 885206, 963936, 980965, 1053030, 1062320, 1064161, 1072861, 1104074, 1110765, 1118251, 1130316, 1131179, 1134004, 1134855, 1136708, 1151127, 1165721, 1171395, 1172173, 1180154, 1213387    
Bug Blocks: 1076964, 1083736    

Description Yair Zaslavsky 2014-02-10 01:18:23 UTC 
Description of problem:

Following BZ1032682 -
We should include a generic LDAP directory provider replacing the current ldap provider.
For this provider should be able to configure the queries and the returned attribute via a configuration file, in order to support adding future ldap vendors via configuration, and not via code.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Barak 2014-03-05 08:11:51 UTC 
2 additional requirements:
- to be able to build such a provider externally (outside of the engine code)
- such a generic provider should come with configuration templates for all 
  currently supported legacy providers (AD, IPA, RHDS, openLDAP ...)
Comment 2 Alon Bar-Lev 2014-03-16 20:45:21 UTC 
*** Bug 1072861 has been marked as a duplicate of this bug. ***
Comment 3 Alon Bar-Lev 2014-06-11 14:30:55 UTC 
moving to post as we have prototype.
Comment 4 Sandro Bonazzola 2014-10-17 12:36:00 UTC 
oVirt 3.5 has been released and should include the fix for this issue.