[ovirt-users] ldap and multiple profiles
Ondra Machacek
omachace at redhat.com
Mon Jul 11 15:53:44 UTC 2016
On 07/04/2016 04:13 PM, Fabrice Bacchella wrote:
> I want to setup two LDAP base profile.
>
> One is backed using an active directory (for real users)
> One is backed using an openldap (for service account).
>
> I have to problem with this setup.
>
> One it's that in the log I see many "Creating LDAP pool 'authz'" and "Creating LDAP pool 'authn'". If I have two LDAP backend, I'm afraid they will be a conflict of ldap pool if they used the same name.
I am unsure I understand the problem, if you will use different profiles
you won't share the
pool. Can you send the log and explain on that what's going on, so we
can understand the
problem?
>
> I tried to add in my openldap.properties:
>
> search.simple-namespace.pool = authz-prod
> search.simple-user-fetch.pool = authz-prod
> search.simple-resolve-groups-member.pool = authz-prod
> search.simple-resolve-groups-memberOf-item.pool = authz-prod
> search.simple-resolve-groups-memberOf.pool = authz-prod
> search.simple-query-principals.pool = authz-prod
> search.simple-query-groups.pool = authz-prod
>
> Is that enough ? And Why is it replicated many time ?
>
> I have another problem, there is a stupid bug in my openldap configuration, but it will be difficult to resolve that.
>
> In it, there is two naming context
> dc=sub,dc=example,dc=com
> and
> dc=example,dc=com
>
> Ovirt only see the first one, and of course, with a little help from Murphy, I need the seconde one. Is there anything I can do about that ?
Yes, you can. Please see[1] and check 'Is it possible to use specific
base DN instead of automatic resolution?'
[1] http://www.ovirt.org/develop/release-management/features/infra/aaa_faq/
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list