<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>Hi Ondra,<br><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-m_1440103561714093278gmail-">
<br></span>
Not really. aaa-ldap by default uses just simple bind, no gssapi.<br>
If you have any problems with certificate I would suggest you to check if you are using the correct one, correctly. More info for it can be<br>
found here:<br>
<br>
<br>
<a href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863fcb0f72bc3a;hb=HEAD#l397" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/gitwe<wbr>b?p=ovirt-engine-extension-aaa<wbr>-ldap.git;a=blob;f=README;h=<wbr>1f4381e4f0d22acdda63c56a84863f<wbr>cb0f72bc3a;hb=HEAD#l397</a><span class="gmail-m_1440103561714093278gmail-"><br>
<br></span></blockquote><br><br></div><div class="gmail_quote">I've run the following tests in that README you posted above, and all worked fine:<br><br>ovirt-engine-extensions-tool aaa login-user --profile=<a href="http://mydomain.com">mydomain.com</a> --user-name=myuser<br>ovirt-engine-extensions-tool aaa search --extension-name=mydomain.com-authz --entity=principal --entity-name=myuser<br>LDAPTLS_REQCERT=never ldapsearch -ZZ -H ldap://<a href="http://ad.mydomain.com">ad.mydomain.com</a> -x -D "CN=myuser,CN=Users,DC=mydomain,DC=com" -W -b "dc=mydomain,dc=com"<br><br></div><div class="gmail_quote">I thought I wouldn't need to import any certificate from AD - is that a requirement?<br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><div>Do I need to set up Apache separately to use LDAP auth? The service principals exist in the krb5.keytab, but I don't if that is only if you are using SSO.<br></div><div> <span class="gmail-m_1440103561714093278gmail-"><br></span></div><div><span class="gmail-m_1440103561714093278gmail-">Thanks,<br><br></span></div><div><span class="gmail-m_1440103561714093278gmail-">Cam<br></span></div><div><span class="gmail-m_1440103561714093278gmail-"><br></span><span class="gmail-m_1440103561714093278gmail-"></span>
_______________________________________________<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br>
</blockquote>
</blockquote></div><br></div></div>