<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 31, 2016 at 4:24 PM, Alexis HAUSER <span dir="ltr"><<a href="mailto:alexis.hauser@telecom-bretagne.eu" target="_blank">alexis.hauser@telecom-bretagne.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">>> Thank you, this actually works. Yes, I'll remove it as soon as possible.<br>
>> Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds most of the groups a user belongs to. RHEV + LDAP is only able to find one group a user belongs to >>(which is not the same group found when I search the same user with ldapsearch...Still not able to solve that mystery....)<br>
<br>
>That's very strange, we test it and it works for us. But you said you<br>
>use more namingContexts<br>
>than one, right? It could be the problem as we support only one.<br>
<br>
<br>
Which attribute is used by RHEV/ovirt to guess which user a group belong (or the controry), in the case of LDAP and in the case of AD ?<br>
I can see that not all attributes are filled in the AD/LDAP database here.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">It depends on what profile do you include in /etc/ovirt-engine/aaa/<PROFILE_NAME>.properties:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">1) Included ad.properties are defined in /usr/share/ovirt-engine-extension-aaa-ldap/profiles/ad.properties</div> <div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">and here are attribute mappings:<br><br> attrmap.map-principal-record.attr.PrincipalRecord_DN.map = _dn <br> attrmap.map-principal-record.attr.PrincipalRecord_ID.map = objectGUID <br> attrmap.map-principal-record.attr.PrincipalRecord_ID.conversion = BASE64 <br> attrmap.map-principal-record.attr.PrincipalRecord_NAME.map = name <br> attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = userPrincipalName <br> attrmap.map-principal-record.attr.PrincipalRecord_DISPLAY_NAME.map = displayName <br> attrmap.map-principal-record.attr.PrincipalRecord_DEPARTMENT.map = department <br> attrmap.map-principal-record.attr.PrincipalRecord_FIRST_NAME.map = givenName <br> attrmap.map-principal-record.attr.PrincipalRecord_LAST_NAME.map = sn <br> attrmap.map-principal-record.attr.PrincipalRecord_TITLE.map = title <br> attrmap.map-principal-record.attr.PrincipalRecord_EMAIL.map = mail <br> <br> attrmap.map-group-record.attr.GroupRecord_DN.map = _dn <br> attrmap.map-group-record.attr.GroupRecord_ID.map = objectGUID <br> attrmap.map-group-record.attr.GroupRecord_ID.conversion = BASE64 <br> attrmap.map-group-record.attr.GroupRecord_NAME.map = name <br> attrmap.map-group-record.attr.GroupRecord_DISPLAY_NAME.map = description <br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">2) In case of LDAP, please take a look at include=<XYZ.properties> to find out what profile are you using<br><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
>Run this command:<br>
>$ keytool -storepasswd -keystore /path/to/jks/x.jks<br>
>It will ask you for old and new password.<br>
<br>
<br>
Thank you, I'll ask rhev-docs to add this to the documentation, as they make you generate a new certificate even when using the automatic setup, which makes the automatically generated certificate useless.<br>
<br>
<br>
By the way, is there a list of all the possible options/values of .properties file ?<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br>No tool for that, you need to investigate properties files. Please start reading README.profile in aaa-ldap package, which contains doc about the structure of each file.<br><br></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>