Re: [ovirt-users] Errors while trying to join an external LDPA provider
On 05/03/2016 11:58 AM, Alexis HAUSER wrote:
>> Thank you, now I see the correct namespace shown, but still no way to login with
any user...Any idea ?
>>
> Hard to say without logs, can you please share log output of
> ovirt-engine-extensions-tool?
> Please run it with:
> ovirt-engine-extensions-tool --log-level=FINEST --log-file=output.log
> aaa login-user --profile=xxx --user-name=xxx
I attached the log file
Thanks,
for some reason it can't find the user 'myuser'.
The search command that is executed is:
LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
'ou=people,o=unix,dc=somewhere,dc=any' -D
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
'(&(objectClass=uidObject)(uid=*)(uid=myuser))'
Is that searchbase(-b param) ok?
Does 'cn=mysearchuser' user have appropriate permissions to see users?
Or do you use rfc2307? You can find out running this command:
LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
'ou=people,o=unix,dc=somewhere,dc=any' -D
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
If ^this command will find your user then just change in
/etc/ovirt-engine/aaa/your_profile.properties:
include = <openldap.properties>
to
include = <rfc2307-openldap.properties>