[ovirt-users] ldap and multiple profiles
Fabrice Bacchella
fabrice.bacchella at icloud.com
Mon Jul 4 14:13:21 UTC 2016
I want to setup two LDAP base profile.
One is backed using an active directory (for real users)
One is backed using an openldap (for service account).
I have to problem with this setup.
One it's that in the log I see many "Creating LDAP pool 'authz'" and "Creating LDAP pool 'authn'". If I have two LDAP backend, I'm afraid they will be a conflict of ldap pool if they used the same name.
I tried to add in my openldap.properties:
search.simple-namespace.pool = authz-prod
search.simple-user-fetch.pool = authz-prod
search.simple-resolve-groups-member.pool = authz-prod
search.simple-resolve-groups-memberOf-item.pool = authz-prod
search.simple-resolve-groups-memberOf.pool = authz-prod
search.simple-query-principals.pool = authz-prod
search.simple-query-groups.pool = authz-prod
Is that enough ? And Why is it replicated many time ?
I have another problem, there is a stupid bug in my openldap configuration, but it will be difficult to resolve that.
In it, there is two naming context
dc=sub,dc=example,dc=com
and
dc=example,dc=com
Ovirt only see the first one, and of course, with a little help from Murphy, I need the seconde one. Is there anything I can do about that ?
More information about the Users
mailing list