<div dir="ltr">I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find;<div><br></div><div><a href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git">https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git</a><br></div><div><br></div><div>Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server.</div><div><br></div><div>So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!)</div><div>Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others.</div><div><br></div><div><div>vars.server = <a href="http://directory.ft.com">directory.ft.com</a></div><div><br></div><div>#</div><div># Search user and its password.</div><div>#</div><div>vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com</div><div>vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com</div><div>vars.password = <span style="color:rgb(122,71,7);line-height:19.1099987030029px">Ft######</span></div><div><br></div><div>pool.default.serverset.single.server = ${global:vars.server}</div><div>pool.default.serverset.single.port = 636</div><div>pool.default.auth.simple.bindDN = ${global:vars.user}</div><div>pool.default.auth.simple.rootDN = ${global:vars.urootdn}</div><div>pool.default.auth.simple.password = ${global:vars.password}</div><div><br></div><div># enable SSL</div><div>pool.default.ssl.enable = true</div><div>#pool.default.ssl.insecure = false</div><div><br></div><div># Create keystore, import certificate chain and uncomment</div><div># if using ssl/tls.</div><div>#pool.default.ssl.startTLS = true</div><div>pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks</div><div>pool.default.ssl.truststore.password = changeit</div></div><div><br></div><div><br></div><div><pre style="width:auto;color:rgb(122,71,7);line-height:19.1099987030029px;overflow:auto!important">example config from testlink
$tlCfg->authentication['method'] = 'LDAP';
/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://<a href="http://directory.ft.com">directory.ft.com</a>';
$tlCfg->authentication['ldap_port'] = '636';
$tlCfg->authentication['ldap_version'] = '3';
$tlCfg->authentication['ldap_root_dn'] = 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_dn'] = 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_passwd'] = 'Ft######';
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
$tlCfg->authentication['ldap_organization'] = '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory</pre></div></div>