<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    With UserRole you can only login to UserPortal, not webadmin. Do you

    have this issue when you try to login to UserPortal?<br>

    <br>

    <div class="moz-cite-prefix">On 09/23/2015 09:22 AM, Budur Nagaraju

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAHNF9Q99WKUBJXbXn_SMR8JUgexSc4g6=p41cFZmnSwMuYSR_g@mail.gmail.com"

      type="cite">

      <div dir="ltr">Provided the "user role" permissions  still same

        issue <br>

      </div>

      <div class="gmail_extra"><br>

        <div class="gmail_quote">On Wed, Sep 23, 2015 at 12:48 PM, Ondra

          Machacek <span dir="ltr">&lt;<a moz-do-not-send="true"

              href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">

            <div bgcolor="#FFFFFF" text="#000000"> Hi,<br>

              <br>

              your user <a moz-do-not-send="true"

                href="mailto:nbudoor@abc.net" target="_blank">nbudoor@abc.net</a>

              doesn't have appropriate permissions to login.<br>

              First you need to login as 'admin@internal' and assign him

              some permissions, then you will be able to login.<span

                class="HOEnZb"><font color="#888888"><br>

                  <br>

                  Ondra</font></span>

              <div>

                <div class="h5"><br>

                  <br>

                  <div>On 09/23/2015 09:15 AM, Budur Nagaraju wrote:<br>

                  </div>

                  <blockquote type="cite">

                    <div dir="ltr">

                      <div>

                        <div>

                          <div>

                            <div>HI All,<br>

                              <br>

                            </div>

                            After rectifying this  able to search the

                            domain in the users in UI,<br>

                          </div>

                          but unable to login getting the below error ,<br>

                          <br>

                          <br>

                          2015-09-23 12:41:47,482 WARN 

                          [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]

                          (ajp--127.0.0.1-8702-3) CanDoAction of action

                          LoginAdminUser failed for user <a

                            moz-do-not-send="true"

                            href="mailto:nbudoor@abc.net"

                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@abc.net">nbudoor@abc.net</a></a>.

                          Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>

                          <br>

                        </div>

                        Thanks,<br>

                      </div>

                      Nagaraju<br>

                      <br>

                      <div>

                        <div><br>

                          <div>

                            <div><br>

                              <br>

                            </div>

                          </div>

                        </div>

                      </div>

                    </div>

                    <div class="gmail_extra"><br>

                      <div class="gmail_quote">On Wed, Sep 23, 2015 at

                        12:13 PM, Ondra Machacek <span dir="ltr">&lt;<a

                            moz-do-not-send="true"

                            href="mailto:omachace@redhat.com"

                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:omachace@redhat.com">omachace@redhat.com</a></a>&gt;</span>

                        wrote:<br>

                        <blockquote class="gmail_quote" style="margin:0

                          0 0 .8ex;border-left:1px #ccc

                          solid;padding-left:1ex">

                          <div bgcolor="#FFFFFF" text="#000000"> Hi,<br>

                            <br>

                            as Alon already said, you have trailing

                            space in your configuration<br>

                            <br>

                            '<a moz-do-not-send="true"

                              href="http://my.abc.net" target="_blank">my.abc.net</a>

                            ' &lt;-- space at the end<br>

                            <br>

                            Please remove this space and try again.<br>

                            <br>

                            Ondra

                            <div>

                              <div><br>

                                <br>

                                <div>On 09/23/2015 05:35 AM, Budur

                                  Nagaraju wrote:<br>

                                </div>

                              </div>

                            </div>

                            <blockquote type="cite">

                              <div>

                                <div>

                                  <div dir="ltr">

                                    <div>

                                      <div>

                                        <div>

                                          <div>HI Alon,<br>

                                            <br>

                                          </div>

                                          Tried all the options but no

                                          luck ,<br>

                                          <br>

                                        </div>

                                        I have copied the logs in the

                                        pastebin  below is the link ,

                                        warning message is that unable

                                        to resolve the DNS ,let me know

                                        any help would I get .<br>

                                        <br>

                                        <a moz-do-not-send="true"

                                          href="http://pastebin.com/7qN9QnHK"

                                          target="_blank">http://pastebin.com/7qN9QnHK</a><br>

                                        <br>

                                      </div>

                                      Thanks,<br>

                                    </div>

                                    Nagaraju<br>

                                    <br>

                                  </div>

                                  <div class="gmail_extra"><br>

                                    <div class="gmail_quote">On Tue, Sep

                                      22, 2015 at 8:44 PM, Daniel

                                      Helgenberger <span dir="ltr">&lt;<a

                                          moz-do-not-send="true"

                                          href="mailto:daniel.helgenberger@m-box.de"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box.de</a></a>&gt;</span>

                                      wrote:<br>

                                      <blockquote class="gmail_quote"

                                        style="margin:0 0 0

                                        .8ex;border-left:1px #ccc

                                        solid;padding-left:1ex">Hello

                                        Budur,<br>

                                        <br>

                                        I've done this recently. Alon,

                                        no offense, but the docs are not

                                        quite strait forward...<br>

                                        <br>

                                        Requirements:<br>

                                         - LDAP server (obviously) -

                                        called here <a

                                          moz-do-not-send="true"

                                          href="http://ldap.mydomain.com"

                                          rel="noreferrer"

                                          target="_blank">ldap.mydomain.com</a><br>

                                         - LDAP bind account - called

                                        here <a moz-do-not-send="true"

href="mailto:ldap@mydomain.com" target="_blank">ldap@mydomain.com</a>,

                                        password 'Passw@rd'<br>

                                         - At least one existing account

                                        in ladp, called <a

                                          moz-do-not-send="true"

                                          href="mailto:user@mydomain.com"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomain.com">user@mydomain.com</a></a><br>

                                        <br>

                                        Please note, the most common

                                        issue will be DNS.<br>

                                        <br>

                                        I'll describe in short what

                                        steps need to be taken. All this

                                        needs to be done on your engine

                                        host. In the end this was quite

                                        easy :)<br>

                                        <br>

                                        1. Install the packages:

                                        ovirt-engine-extension-aaa-ldap

                                        and openldap-clients (these are

                                        only for testing your setup)<br>

                                        2. Test if ldap is working in

                                        general. (The extension uses the

                                        global catalog at least for AD,

                                        this was news to me):<br>

                                          # ldapsearch -E

                                        pr=1024/noprompt -o ldif-wrap=no

                                        -H <a moz-do-not-send="true">ldap://</a><a

                                          moz-do-not-send="true"

                                          href="http://ldap.mydomain.com:3268/"

                                          rel="noreferrer"

                                          target="_blank">ldap.mydomain.com:3268/</a>

                                        -x \<br>

                                              -D '<a

                                          moz-do-not-send="true"

                                          href="mailto:ldap@mydomain.com"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ldap@mydomain.com">ldap@mydomain.com</a></a>'

                                        -w Passw@rd -b '' 

                                        '(userPrincipalName=<a

                                          moz-do-not-send="true"

                                          href="mailto:user@mydomian.com"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomian.com">user@mydomian.com</a></a>)'

                                        cn userPrincipalName<br>

                                        <br>

                                          If this command does not

                                        return details of the user, do

                                        debug your ldap and continue

                                        once this works. Example:<br>

                                        <br>

                                        # extended LDIF<br>

                                        #<br>

                                        # LDAPv3<br>

                                        # base &lt;&gt; with scope

                                        subtree<br>

                                        # filter: (userPrincipalName=<a

                                          moz-do-not-send="true"

                                          href="mailto:user@mydomain.com"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomain.com">user@mydomain.com</a></a>)<br>

                                        # requesting: cn

                                        userPrincipalName<br>

                                        # with pagedResults control:

                                        size=1024<br>

                                        #<br>

                                        <br>

                                        # Some Name, some-ou, <a

                                          moz-do-not-send="true"

                                          href="http://mydomain.com"

                                          rel="noreferrer"

                                          target="_blank">mydomain.com</a><br>

                                        dn: CN=Some

                                        Name,OU=some-ou,DC=mydomain,DC=com<br>

                                        cn: Some Name<br>

                                        userPrincipalName: <a

                                          moz-do-not-send="true"

                                          href="mailto:user@mydomain.com"

                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomain.com">user@mydomain.com</a></a><br>

                                        <br>

                                        # search result<br>

                                        search: 2<br>

                                        result: 0 Success<br>

                                        control: 1.2.840.113556.1.4.319

                                        false MIQXGSGSGSgEABAA=<br>

                                        pagedresults: cookie=<br>

                                        <br>

                                        # numResponses: 2<br>

                                        # numEntries: 1<br>

                                        <br>

                                        <br>

                                        3. Copy the examples as

                                        mentioned from the readme.<br>

                                        4. You only need to modify

                                        /etc/ovirt-engine/aaa/int.m-box.de.properties;

                                        leave the rest as is.<br>

                                        5. There, set:<br>

                                        <br>

                                          vars.domain = <a

                                          moz-do-not-send="true"

                                          href="http://ldap.mydomain.com"

                                          rel="noreferrer"

                                          target="_blank">ldap.mydomain.com</a><br>

                                          vars.user =

                                        ldap@${global:vars.domain}<br>

                                          vars.password = Passw@rd<br>

                                        <br>

                                        6. Restart ovirt engine service<br>

                                        7. Log in as admin@einternal and

                                        add user rights and roles from

                                        the new provider<br>

                                        <br>

                                        Hope this helps.<br>

                                        <span><br>

                                          On <a moz-do-not-send="true"

                                            href="tel:22.09.2015%2016"

                                            value="+12209201516"

                                            target="_blank">22.09.2015

                                            16</a>:46, Budur Nagaraju

                                          wrote:<br>

                                          &gt;<br>

                                          &gt; below are the three files

                                          which I have modified.<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt; [root@cstlb2

                                          extensions.d]# cat

                                          profile1-authn.properties<br>

                                        </span>&gt; <a

                                          moz-do-not-send="true"

                                          href="http://ovirt.engine.extension.name"

                                          rel="noreferrer"

                                          target="_blank">ovirt.engine.extension.name</a>

                                        &lt;<a moz-do-not-send="true"

                                          href="http://ovirt.engine.extension.name"

                                          target="_blank">http://ovirt.engine.extension.name</a>&gt;

                                        = cloudspin-authn<br>

                                        <span>&gt;

                                          ovirt.engine.extension.bindings.method

                                          = jbossmodule<br>

                                          &gt;

                                          ovirt.engine.extension.binding.jbossmodule.module

                                          =<br>

                                          &gt;

                                          org.ovirt.engine-extensions.aaa.ldap<br>

                                          &gt;

                                          ovirt.engine.extension.binding.jbossmodule.class

                                          =<br>

                                          &gt;

                                          org.ovirt.engineextensions.aaa.ldap.AuthnExtension<br>

                                          &gt;

                                          ovirt.engine.extension.provides

                                          =

                                          org.ovirt.engine.api.extensions.aaa.Authn<br>

                                        </span>&gt; <a

                                          moz-do-not-send="true"

                                          href="http://ovirt.engine.aaa.authn.profile.name"

                                          rel="noreferrer"

                                          target="_blank">ovirt.engine.aaa.authn.profile.name</a>

                                        &lt;<a moz-do-not-send="true"

                                          href="http://ovirt.engine.aaa.authn.profile.name"

                                          rel="noreferrer"

                                          target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>

                                        <span>&gt; = cloudspin<br>

                                          &gt;

                                          ovirt.engine.aaa.authn.authz.plugin

                                          = cloudspin-auth<br>

                                          &gt; config.profile.file.1 =

                                          /etc/ovirt-engine/aaa/ldap1.properties<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt; [root@cstlb2

                                          extensions.d]# ls<br>

                                          &gt;

                                          profile1-authn.properties 

                                          profile1-authz.properties<br>

                                          &gt; [root@cstlb2

                                          extensions.d]# cat

                                          profile1-authz.properties<br>

                                        </span>&gt; <a

                                          moz-do-not-send="true"

                                          href="http://ovirt.engine.extension.name"

                                          rel="noreferrer"

                                          target="_blank">ovirt.engine.extension.name</a>

                                        &lt;<a moz-do-not-send="true"

                                          href="http://ovirt.engine.extension.name"

                                          target="_blank">http://ovirt.engine.extension.name</a>&gt;

                                        = cloudspin-authz<br>

                                        <div>

                                          <div>&gt;

                                            ovirt.engine.extension.bindings.method

                                            = jbossmodule<br>

                                            &gt;

                                            ovirt.engine.extension.binding.jbossmodule.module

                                            =<br>

                                            &gt;

                                            org.ovirt.engine-extensions.aaa.ldap<br>

                                            &gt;

                                            ovirt.engine.extension.binding.jbossmodule.class

                                            =<br>

                                            &gt;

                                            org.ovirt.engineextensions.aaa.ldap.AuthzExtension<br>

                                            &gt;

                                            ovirt.engine.extension.provides

                                            =

                                            org.ovirt.engine.api.extensions.aaa.Authz<br>

                                            &gt; config.profile.file.1 =

/etc/ovirt-engine/aaa/ldap1.properties<br>

                                            &gt; [root@cstlb2

                                            extensions.d]#<br>

                                            &gt;<br>

                                            &gt;<br>

                                            &gt;<br>

                                            &gt; [root@cstlb2 aaa]# pwd<br>

                                            &gt; /etc/ovirt-engine/aaa<br>

                                            &gt; [root@cstlb2 aaa]# ls<br>

                                            &gt; ldap1.properties<br>

                                            &gt; [root@cstlb2 aaa]# cat

                                            ldap1.properties<br>

                                            &gt; #<br>

                                            &gt; # Select one<br>

                                            &gt; #<br>

                                            &gt; include =

                                            &lt;openldap.properties&gt;<br>

                                            &gt; #include =

                                            &lt;389ds.properties&gt;<br>

                                            &gt; #include =

                                            &lt;rhds.properties&gt;<br>

                                            &gt; #include =

                                            &lt;ipa.properties&gt;<br>

                                            &gt; #include =

                                            &lt;iplanet.properties&gt;<br>

                                            &gt; #include =

                                            &lt;rfc2307.properties&gt;<br>

                                            &gt; #include =

                                            &lt;rfc2307-openldap.properties&gt;<br>

                                            &gt;<br>

                                            &gt; #<br>

                                            &gt; # Server<br>

                                            &gt; #<br>

                                          </div>

                                        </div>

                                        &gt; vars.server = <a

                                          moz-do-not-send="true"

                                          href="http://my.abc.net"

                                          rel="noreferrer"

                                          target="_blank">my.abc.net</a>

                                        &lt;<a moz-do-not-send="true"

                                          href="http://my.abc.net"

                                          target="_blank">http://my.abc.net</a>&gt;<br>

                                        <span>&gt;<br>

                                          &gt; #<br>

                                          &gt; # Search user and its

                                          password.<br>

                                          &gt; #<br>

                                          &gt; vars.user =<br>

                                          &gt;

uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net<br>

                                          &gt; vars.password = company<br>

                                          &gt;<br>

                                          &gt;

                                          pool.default.serverset.single.server

                                          = ${global:vars.server}<br>

                                          &gt;

                                          pool.default.auth.simple.bindDN

                                          = ${global:vars.user}<br>

                                          &gt;

                                          pool.default.auth.simple.password

                                          = ${global:vars.password}<br>

                                          &gt;<br>

                                          &gt; # Create keystore, import

                                          certificate chain and

                                          uncomment<br>

                                          &gt; # if using ssl/tls.<br>

                                          &gt;

                                          #pool.default.ssl.startTLS =

                                          true<br>

                                          &gt;

                                          #pool.default.ssl.truststore.file

                                          =

                                          ${local:_basedir}/${global:vars.server}.jks<br>

                                          &gt;

                                          #pool.default.ssl.truststore.password

                                          = changeit<br>

                                          &gt; [root@cstlb2 aaa]#<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt; On Tue, Sep 22, 2015 at

                                          8:07 PM, Alon Bar-Lev &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a><br>

                                        </span><span>&gt; &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>&gt;&gt;

                                          wrote:<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          &gt;     ----- Original

                                          Message -----<br>

                                        </span><span>&gt;     &gt; From:

                                          "Budur Nagaraju" &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:nbudoor@gmail.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:nbudoor@gmail.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>&gt;&gt;<br>

                                          &gt;     &gt; To: "Alon

                                          Bar-Lev" &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>&gt;&gt;<br>

                                          &gt;     &gt; <a

                                            moz-do-not-send="true"

                                            href="mailto:Cc%3Ausers@ovirt.org"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:Cc:users@ovirt.org">Cc:users@ovirt.org</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:users@ovirt.org"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a></a>&gt;<br>

                                          &gt;     &gt; Sent: Tuesday,

                                          September 22, 2015 5:35:16 PM<br>

                                          &gt;     &gt; Subject: Re:

                                          [ovirt-users] LDAP

                                          Authentication<br>

                                          &gt;     &gt;<br>

                                          &gt;     &gt; its too

                                          complicated ,you have any

                                          script or video ?<br>

                                          &gt;<br>

                                          &gt;     in 3.6 we have a

                                          setup script.<br>

                                          &gt;     for now:<br>

                                          &gt;<br>

                                          &gt;     cp -r

                                          /usr/share/ovirt-engine/examples/simple/.

                                          /etc/ovirt-engine/<br>

                                          &gt;<br>

                                          &gt;     this is written in

                                          the README.<br>

                                          &gt;<br>

                                          &gt;     then customize files

                                          at

                                          /etc/ovirt-engine/extnesions.d/*<br>

                                          &gt;   

                                           /etc/ovirt-engine/aaa/* to

                                          match your setup<br>

                                          &gt;<br>

                                          &gt;     &gt;<br>

                                          &gt;     &gt;<br>

                                        </span><span>&gt;     &gt; On

                                          Tue, Sep 22, 2015 at 8:00 PM,

                                          Alon Bar-Lev &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>&gt;&gt;

                                          wrote:<br>

                                          &gt;     &gt;<br>

                                          &gt;     &gt; &gt;<br>

                                          &gt;     &gt; &gt;<br>

                                          &gt;     &gt; &gt; -----

                                          Original Message -----<br>

                                        </span>

                                        <div>

                                          <div>&gt;     &gt; &gt; &gt;

                                            From: "Budur Nagaraju" &lt;<a

                                              moz-do-not-send="true"

                                              href="mailto:nbudoor@gmail.com"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>

                                            &lt;mailto:<a

                                              moz-do-not-send="true"

                                              href="mailto:nbudoor@gmail.com"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>&gt;&gt;<br>

                                            &gt;     &gt; &gt; &gt; To:

                                            "Alon Bar-Lev" &lt;<a

                                              moz-do-not-send="true"

                                              href="mailto:alonbl@redhat.com"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>

                                            &lt;mailto:<a

                                              moz-do-not-send="true"

                                              href="mailto:alonbl@redhat.com"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>&gt;&gt;<br>

                                            &gt;     &gt; &gt; &gt; <a

                                              moz-do-not-send="true"

                                              href="mailto:Cc:users@ovirt.org"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:Cc:users@ovirt.org">Cc:users@ovirt.org</a></a>

                                            &lt;mailto:<a

                                              moz-do-not-send="true"

                                              href="mailto:users@ovirt.org"

                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a></a>&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            Sent: Tuesday, September 22,

                                            2015 5:24:36 PM<br>

                                            &gt;     &gt; &gt; &gt;

                                            Subject: Re: [ovirt-users]

                                            LDAP Authentication<br>

                                            &gt;     &gt; &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt; HI

                                            Alon,<br>

                                            &gt;     &gt; &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            Below is the configuration

                                            which I have done ,but

                                            unable to search the<br>

                                            &gt;     &gt; &gt; &gt;

                                            users in UI<br>

                                            &gt;     &gt; &gt; &gt; can

                                            you pls help me ?<br>

                                            &gt;     &gt; &gt;<br>

                                            &gt;     &gt; &gt; you need

                                            three files, see the<br>

                                            &gt;     &gt; &gt;

                                            /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple<br>

                                            &gt;     &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            [root@cstlb2 aaa]# cat

                                            ldap1.properties<br>

                                            &gt;     &gt; &gt; &gt; #<br>

                                            &gt;     &gt; &gt; &gt; #

                                            Select one<br>

                                            &gt;     &gt; &gt; &gt; #<br>

                                            &gt;     &gt; &gt; &gt;

                                            include =

                                            &lt;openldap.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;389ds.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;rhds.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;ipa.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;iplanet.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;rfc2307.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;

                                            #include =

                                            &lt;rfc2307-openldap.properties&gt;<br>

                                            &gt;     &gt; &gt; &gt;<br>

                                            &gt;     &gt; &gt; &gt; #<br>

                                            &gt;     &gt; &gt; &gt; #

                                            Server<br>

                                            &gt;     &gt; &gt; &gt; #<br>

                                          </div>

                                        </div>

                                        &gt;     &gt; &gt; &gt;

                                        vars.server =<a

                                          moz-do-not-send="true"

                                          href="http://my.abc.net"

                                          rel="noreferrer"

                                          target="_blank">my.abc.net</a>

                                        &lt;<a moz-do-not-send="true"

                                          href="http://my.abc.net"

                                          target="_blank">http://my.abc.net</a>&gt;<br>

                                        <span>&gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; #<br>

                                          &gt;     &gt; &gt; &gt; #

                                          Search user and its password.<br>

                                          &gt;     &gt; &gt; &gt; #<br>

                                          &gt;     &gt; &gt; &gt;

                                          vars.user =<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt;

uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net<br>

                                          &gt;     &gt; &gt; &gt;

                                          vars.password = company1<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt;

                                          pool.default.serverset.single.server

                                          = ${global:vars.server}<br>

                                          &gt;     &gt; &gt; &gt;

                                          pool.default.auth.simple.bindDN

                                          = ${global:vars.user}<br>

                                          &gt;     &gt; &gt; &gt;

                                          pool.default.auth.simple.password

                                          = ${global:vars.password}<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; #

                                          Create keystore, import

                                          certificate chain and

                                          uncomment<br>

                                          &gt;     &gt; &gt; &gt; # if

                                          using ssl/tls.<br>

                                          &gt;     &gt; &gt; &gt;

                                          #pool.default.ssl.startTLS =

                                          true<br>

                                          &gt;     &gt; &gt; &gt;

                                          #pool.default.ssl.truststore.file

                                          =<br>

                                          &gt;     &gt; &gt; &gt;

                                          ${local:_basedir}/${global:vars.server}.jks<br>

                                          &gt;     &gt; &gt; &gt;

                                          #pool.default.ssl.truststore.password

                                          = changeit<br>

                                          &gt;     &gt; &gt; &gt;

                                          [root@cstlb2 aaa]#<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                        </span><span>&gt;     &gt; &gt;

                                          &gt; On Tue, Sep 22, 2015 at

                                          7:25 PM, Alon Bar-Lev &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:alonbl@redhat.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>&gt;&gt;

                                          wrote:<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          ----- Original Message -----<br>

                                        </span><span>&gt;     &gt; &gt;

                                          &gt; &gt; &gt; From: "Budur

                                          Nagaraju" &lt;<a

                                            moz-do-not-send="true"

                                            href="mailto:nbudoor@gmail.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:nbudoor@gmail.com"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a>&gt;&gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt; <a

                                            moz-do-not-send="true"

                                            href="mailto:To:users@ovirt.org"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:To:users@ovirt.org">To:users@ovirt.org</a></a>

                                          &lt;mailto:<a

                                            moz-do-not-send="true"

                                            href="mailto:users@ovirt.org"

                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a></a>&gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt; Sent: Tuesday, September

                                          22, 2015 4:34:46 PM<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt; Subject: [ovirt-users]

                                          LDAP Authentication<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt; HI All,<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          &gt; Can someone help me in

                                          configuring LDAP

                                          authentication for Ovirt ?<br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;

                                          Please review:<br>

                                          &gt;     &gt; &gt; &gt; &gt;<a

                                            moz-do-not-send="true"

                                            href="http://www.ovirt.org/Features/AAA"

                                            target="_blank"><a class="moz-txt-link-freetext" href="http://www.ovirt.org/Features/AAA">http://www.ovirt.org/Features/AAA</a></a><br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt;<a

                                            moz-do-not-send="true"

href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0"

                                            rel="noreferrer"

                                            target="_blank"><a class="moz-txt-link-freetext" href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0">https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0</a></a><br>

                                          &gt;     &gt; &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt; &gt;<br>

                                          &gt;     &gt; &gt;<br>

                                          &gt;     &gt;<br>

                                          &gt;<br>

                                          &gt;<br>

                                          <br>

                                        </span>--<br>

                                        Daniel Helgenberger<br>

                                        m box bewegtbild GmbH<br>

                                        <br>

                                        P: +49/30/2408781-22<br>

                                        F: +49/30/2408781-10<br>

                                        <br>

                                        ACKERSTR. 19<br>

                                        D-10115 BERLIN<br>

                                        <br>

                                        <br>

                                        <a moz-do-not-send="true"

                                          href="http://www.m-box.de"

                                          rel="noreferrer"

                                          target="_blank">www.m-box.de</a> 

                                        <a moz-do-not-send="true"

                                          href="http://www.monkeymen.tv"

                                          target="_blank">www.monkeymen.tv</a><br>

                                        <br>

                                        Geschäftsführer: Martin

                                        Retschitzegger / Michaela

                                        Göllner<br>

                                        Handeslregister: Amtsgericht

                                        Charlottenburg / HRB 112767<br>

                                      </blockquote>

                                    </div>

                                    <br>

                                  </div>

                                  <br>

                                  <fieldset></fieldset>

                                  <br>

                                </div>

                              </div>

                              <pre>_______________________________________________

Users mailing list

<a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>

<a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a>

</pre>

                            </blockquote>

                            <br>

                          </div>

                        </blockquote>

                      </div>

                      <br>

                    </div>

                  </blockquote>

                  <br>

                </div>

              </div>

            </div>

          </blockquote>

        </div>

        <br>

      </div>

    </blockquote>

    <br>

  </body>

</html>