Re: [ovirt-users] How to mapping LDAP users in AAA
----- Original Message -----
From: "lofyer" <lofyer(a)gmail.com>
To: "Yair Zaslavsky" <yzaslavs(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Tuesday, October 14, 2014 9:29:57 AM
Subject: Re: [ovirt-users] How to mapping LDAP users in AAA
Sun Java Access System Manager
this is not openldap... why do you use openldap profile?
please attach full export of this ldap server, output of:
rootdse:
$ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w
mypassword -s BASE
entities:
$ ldapsearch -o ldif-wrap=no -E pr=100/noprompt -H ldap://example.com -x -D
'cn=directory manager' -w mypassword -b <NAMING_CONTEXT>
在 14-10-14 下午1:52, Yair Zaslavsky 写道:
>
> ----- Original Message -----
>> From: "lofyer" <lofyer(a)gmail.com>
>> To: "users" <users(a)ovirt.org>
>> Sent: Tuesday, October 14, 2014 5:10:56 AM
>> Subject: [ovirt-users] How to mapping LDAP users in AAA
>>
>> I've got a LDAP server without kerberos and I am trying to intergrate
>> its users to oVirt-3.5 with AAA.
>> ==========================
> Which ldap server is that, what vendor?
>
>> /etc/ovirt-engine/aaa/example.properties:
>>
>> include = <openldap.properties>
>>
>> vars.user = cn=directory manager
>> vars.password = mypassword
>> vars.server = example.com
>>
>> #pool.default.ssl.startTLS = false
>> #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
>> #pool.default.ssl.truststore.password = admin
>>
>> pool.default.serverset.single.server = ${global:vars.server}
>> pool.default.auth.simple.bindDN = ${global:vars.user}
>> pool.default.auth.simple.password = ${global:vars.password}
>> ==========================
>>
>> This is my basic ldap infomation:
>>
>> ou=Groups
>> |
>> +---- cn=UserGroup1
>> |
>> +---- cn=UserGroup2
>>
>> ou=UserGroup1
>> |
>> +---- cn=user1
>> |
>> +---- cn=user2
>>
>>
>> ou=UserGroup2
>> |
>> +---- cn=user3
>> |
>> +---- cn=user4
>>
>> ==========================
>>
>> Now I can see example.com in web portal but I cannot list users in UG1
>> or UG2.
>>
>> I find that I could map DN, ID NAME, DISPLAY in the config file. What
>> should I add in the config file then?
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users