<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 31, 2016 at 4:24 PM, Alexis HAUSER <span dir="ltr">&lt;<a href="mailto:alexis.hauser@telecom-bretagne.eu" target="_blank">alexis.hauser@telecom-bretagne.eu</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">&gt;&gt; Thank you, this actually works. Yes, I&#39;ll remove it as soon as possible.<br>
&gt;&gt; Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds most of the groups a user belongs to. RHEV + LDAP is only able to find one group a user belongs to &gt;&gt;(which is not the same group found when I search the same user with ldapsearch...Still not able to solve that mystery....)<br>
<br>
&gt;That&#39;s very strange, we test it and it works for us. But you said you<br>
&gt;use more namingContexts<br>
&gt;than one, right? It could be the problem as we support only one.<br>
<br>
<br>
Which attribute is used by RHEV/ovirt to guess which user a group belong (or the controry), in the case of LDAP and in the case of AD ?<br>
I can see that not all attributes are filled in the AD/LDAP database here.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​It depends on what profile do you include in /etc/ovirt-engine/aaa/&lt;PROFILE_NAME&gt;.properties:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">1) Included ad.properties are defined in /usr/share/ovirt-engine-extension-aaa-ldap/profiles/ad.properties​</div> <div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​and here are attribute mappings:<br><br>      attrmap.map-principal-record.attr.PrincipalRecord_DN.map = _dn                                                                                                                                                <br>      attrmap.map-principal-record.attr.PrincipalRecord_ID.map = objectGUID                                                                                                                                         <br>      attrmap.map-principal-record.attr.PrincipalRecord_ID.conversion = BASE64                                                                                                                                      <br>      attrmap.map-principal-record.attr.PrincipalRecord_NAME.map = name                                                                                                                                             <br>      attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = userPrincipalName                                                                                                                           <br>      attrmap.map-principal-record.attr.PrincipalRecord_DISPLAY_NAME.map = displayName                                                                                                                              <br>      attrmap.map-principal-record.attr.PrincipalRecord_DEPARTMENT.map = department                                                                                                                                 <br>      attrmap.map-principal-record.attr.PrincipalRecord_FIRST_NAME.map = givenName                                                                                                                                  <br>      attrmap.map-principal-record.attr.PrincipalRecord_LAST_NAME.map = sn                                                                                                                                          <br>      attrmap.map-principal-record.attr.PrincipalRecord_TITLE.map = title                                                                                                                                           <br>      attrmap.map-principal-record.attr.PrincipalRecord_EMAIL.map = mail                                                                                                                                            <br>                                                                                                                                                                                                              <br>      attrmap.map-group-record.attr.GroupRecord_DN.map = _dn                                                                                                                                                        <br>      attrmap.map-group-record.attr.GroupRecord_ID.map = objectGUID                                                                                                                                                 <br>      attrmap.map-group-record.attr.GroupRecord_ID.conversion = BASE64                                                                                                                                              <br>      attrmap.map-group-record.attr.GroupRecord_NAME.map = name                                                                                                                                                     <br>      attrmap.map-group-record.attr.GroupRecord_DISPLAY_NAME.map = description                                                                                                                                      <br>​<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">2) In case of LDAP, please take a look at include=&lt;XYZ.properties&gt; to find out what profile are you using<br><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
&gt;Run this command:<br>
&gt;$ keytool -storepasswd -keystore /path/to/jks/x.jks<br>
&gt;It will ask you for old and new password.<br>
<br>
<br>
Thank you, I&#39;ll ask rhev-docs to add this to the documentation, as they make you generate a new certificate even when using the automatic setup, which makes the automatically generated certificate useless.<br>
<br>
<br>
By the way, is there a list of all the possible options/values of .properties file ?<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">​<br>No tool for that, you need to investigate properties files. Please start reading README.profile in aaa-ldap package, which contains doc about the structure of each file.<br><br>​</div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>