11:18 p.m.
Hello,
Resources includes sysadmin documentation[1], integrator documentation[2], overview[3],
examples[4].
You did not specify what LDAP vendor it is.
I can guess your directory is Active Directory, hence all you need to do is follow the
"QUICK START"[5].
The rootDSE is determined automatically, all you need is to provide a valid user and
password.
What you are missing in your configuration is the include directive of the proper driver.
Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and
should be used unless there is an issue.
Alon
[1]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=b...
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=b...
[3] http://www.ovirt.org/Features/AAA
[4]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=t...
[5]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=b...
----- Original Message -----
From: "David Smith" <dsmith(a)mypchelp.com>
To: "users" <users(a)ovirt.org>
Sent: Tuesday, May 5, 2015 11:09:25 PM
Subject: [ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious
detail in documentation, the rest is java-programmer-oriented docs only that
I can find;
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO
control over the LDAP server.
So far I've managed to figure out through search after search to use LDAPS
(TLS isn't an option, thanks!)
Two parts I can't figure out; setting rootDN and setting the organization
filter-- members of that particular organization should have access to
ovirt, and none others.
vars.server = directory.ft.com
#
# Search user and its password.
#
vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.password = Ft######
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.rootDN = ${global:vars.urootdn}
pool.default.auth.simple.password = ${global:vars.password}
# enable SSL
pool.default.ssl.enable = true
#pool.default.ssl.insecure = false
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
pool.default.ssl.truststore.password = changeit
example config from testlink
$tlCfg->authentication['method'] = 'LDAP';
/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps:// directory.ft.com ';
$tlCfg->authentication['ldap_port'] = '636';
$tlCfg->authentication['ldap_version'] = '3';
$tlCfg->authentication['ldap_root_dn'] =
'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_dn'] =
'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_passwd'] = 'Ft######';
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
$tlCfg->authentication['ldap_organization'] =
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
'(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use
'sAMAccountName' for
Active Directory
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users