Re: [ovirt-users] Errors while trying to join an external LDPA provider
As I explained, my groups are not in the same dn path than my users.
As it
is not possible to add multiple dn path, my only solution is to use users.
Well, that's the 1st time I've heard about LDAP setup where
users and
groups of one domain are not under same baseDN. Usually all LDAP setups
have some baseDN (for example 'dc=company,dc=com') and somewhere under this
baseDN (not necessarily directly under it) we could find users and groups.
The only exception to this is ActiveDirectory with multi-domain trust
inside single forrest (which we currently support and user of domainA can
be a member of a group from domainB) and multi-forrest trust (which we
don't support).
Oh thank you, it actually helped a lot : I just realize the search was
"recursive" and now it actually works and seem to solve my problem.
Now I only have to check if adding permissions to group apply to users who belong to this
group, but I guess it should.
Those users have attributes like "member of" which still
keep the
information about what group they belong too. I didn't find any way using
the interface to filter by attribute, for example to show all users member
of group "foo".
"
> We don't support LDAP searches in the webadmin UI, because we
don't
distinguish betweem LDAP (ovirt-engine-extension-aaa-ldap) or
database
(ovirt-engine-extension-aaa-jdbc) providers, both of them provides users
and groups for oVirt using same AAA interface.
And only a part of the attributes are imported to the database (it doesn't seem to be
able to display them from the web interface) ?
That would be a nice feature to be able to filter from any attribute of users.
Do you think I should open a new RFE bug about it ?