<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: times new roman,new york,times,serif; font-size: 12pt; color: #000000'>Hi,<div>We're issuing a RootDSE query (once per LDAP domain configured).</div><div>We try to obtain from it the "defaultNamingContext" attribute.</div><div>If does not exist - we try to obtain ""NamingContexts"</div><div>We store the result at a "domainDn" (we have a data structure which maps domains to information objects, one of the fields at the information object is the DN of the domain) field, and we use it to compose the full ldap URL we send the queries to.</div><div><br><br><hr id="zwchr"><blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Andrej Bagon" <andrej.bagon@arnes.si><br><b>To: </b>"Itamar Heim" <iheim@redhat.com><br><b>Cc: </b>users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Oved Ourfalli" <oourfali@redhat.com><br><b>Sent: </b>Monday, March 18, 2013 9:07:06 AM<br><b>Subject: </b>Re: [Users] ldap simple<br><br>
Hi,<br>
<br>
the system is trying to bind to ldap as:<br>
bind request: uid=cn=ovirt,cn=Users,cn=Accounts,dc=ourdomain,dc=si<br>
<br>
I dont know how it knows dc=ourdomain,dc=si<br>
It should be<br>
bind request: cn=ovirt,ou=system,dc=ourdomain,dc=si" -b
"dc=arnes,dc=si<br>
<br>
The same with the search: we have users in form as:<br>
<a href="mailto:edupersonprincipalname=abagon@guest.arnes.si" target="_blank">edupersonprincipalname=username@users.ourdomain.si</a>,dc=users,dc=ourdomain,dc=si<br>
<br>
values in database:<br>
select * from vdc_options where option_name in
('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTypes','AdUserName','AdUserPassword')
order by option_id;<br>
option_id | option_name |
option_value | version <br>
-----------+----------------------------+--------------------------------+---------<br>
10 | AdUserName |
users.ourdomain.si:ovirt | general<br>
11 | AdUserPassword
|users.ourdomain.si:adminpassword | general<br>
69 | DomainName | users.ourdomain.si
| general<br>
130 | LDAPSecurityAuthentication|
users.ourdomain.si:SIMPLE | general<br>
132 | LdapServers |
users.ourdomain.si:server.ourdomain.si | general<br>
133 | LDAPProviderTypes |
users.ourdomain.si:rhds | general<br>
(6 rows)<br>
<br>
Best Regards,<br>
Andrej Bagon<br>
<br>
<br>
On 03/15/2013 12:09 PM, Itamar Heim wrote:
<blockquote cite="mid:51430171.2010904@redhat.com">On
03/14/2013 01:58 PM, Andrej Bagon wrote:
<br>
<blockquote>Hi,
<br>
<br>
is it possible to change the bind request that is sent to the
ldap
<br>
server? The default
uid=user,cn=Users,cn=Accounts,cn=our,cn=domain is
<br>
not suitable.
<br>
</blockquote>
<br>
can you please explain why / what you would like to change it to?
<br>
(not sure possible now, but there is work to make it more
configurable/pluggable)
<br>
<br>
</blockquote>
<br>
</blockquote><br></div></div></body></html>