3:09 a.m.
------=_Part_8850427_1953928570.1363594171897
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Hi,
We're issuing a RootDSE query (once per LDAP domain configured).
We try to obtain from it the "defaultNamingContext" attribute.
If does not exist - we try to obtain ""NamingContexts"
We store the result at a "domainDn" (we have a data structure which maps domains
to information objects, one of the fields at the information object is the DN of the
domain) field, and we use it to compose the full ldap URL we send the queries to.
----- Original Message -----
From: "Andrej Bagon" <andrej.bagon(a)arnes.si>
To: "Itamar Heim" <iheim(a)redhat.com>
Cc: users(a)ovirt.org, "Yair Zaslavsky" <yzaslavs(a)redhat.com>, "Oved
Ourfalli" <oourfali(a)redhat.com>
Sent: Monday, March 18, 2013 9:07:06 AM
Subject: Re: [Users] ldap simple
Hi,
the system is trying to bind to ldap as:
bind request: uid=cn=ovirt,cn=Users,cn=Accounts,dc=ourdomain,dc=si
I dont know how it knows dc=ourdomain,dc=si
It should be
bind request: cn=ovirt,ou=system,dc=ourdomain,dc=si" -b
"dc=arnes,dc=si
The same with the search: we have users in form as:
edupersonprincipalname=username(a)users.ourdomain.si
,dc=users,dc=ourdomain,dc=si
values in database:
select * from vdc_options where option_name in
('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTypes','AdUserName','AdUserPassword')
order by option_id;
option_id | option_name | option_value | version
-----------+----------------------------+--------------------------------+---------
10 | AdUserName | users.ourdomain.si:ovirt | general
11 | AdUserPassword |users.ourdomain.si:adminpassword | general
69 | DomainName | users.ourdomain.si | general
130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE | general
132 | LdapServers | users.ourdomain.si:server.ourdomain.si | general
133 | LDAPProviderTypes | users.ourdomain.si:rhds | general
(6 rows)
Best Regards,
Andrej Bagon
On 03/15/2013 12:09 PM, Itamar Heim wrote:
> On 03/14/2013 01:58 PM, Andrej Bagon wrote:
> > Hi,
> >
>
> > is it possible to change the bind request that is sent to
the
> > ldap
>
> > server? The default
> > uid=user,cn=Users,cn=Accounts,cn=our,cn=domain
> > is
>
> > not suitable.
>
> can you please explain why / what you would like to change it
to?
> (not sure possible now, but there is work to make it more
> configurable/pluggable)
------=_Part_8850427_1953928570.1363594171897
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><style type=3D'text/css'>p { margin: 0;
}</style></head><body><=
div style=3D'font-family: times new roman,new york,times,serif; font-size: =
12pt; color: #000000'>Hi,<div>We're issuing a RootDSE query (once per
LDAP =
domain configured).</div><div>We try to obtain from it the
"defaultNamingCo=
ntext" attribute.</div><div>If does not exist - we try to obtain
""NamingCo=
ntexts"</div><div>We store the result at a "domainDn" (we have
a data struc=
ture which maps domains to information objects, one of the fields at the in=
formation object is the DN of the domain) field, and we use it to com=
pose the full ldap URL we send the queries
to.</div><div><br><br><hr id=3D"=
zwchr"><blockquote style=3D"border-left:2px solid rgb(16, 16,
255);margin-l=
eft:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;te=
xt-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">=
<b>From: </b>"Andrej Bagon"
&lt;andrej.bagon(a)arnes.si&gt;<br><b>To: </b>"It=
amar Heim" &lt;iheim(a)redhat.com&gt;<br><b>Cc:
</b>users(a)ovirt.org, "Yair Za=
slavsky" &lt;yzaslavs(a)redhat.com&gt;, "Oved Ourfalli"
&lt;oourfali(a)redhat.c=
om><br><b>Sent: </b>Monday, March 18, 2013 9:07:06
AM<br><b>Subject: </b=
Re: [Users] ldap simple<br><br>
=20
=20
=20
=20
Hi,<br>
<br>
the system is trying to bind to ldap as:<br>
bind request: uid=3Dcn=3Dovirt,cn=3DUsers,cn=3DAccounts,dc=3Dourdomain,=
dc=3Dsi<br>
<br>
I dont know how it knows dc=3Dourdomain,dc=3Dsi<br>
It should be<br>
bind request: cn=3Dovirt,ou=3Dsystem,dc=3Dourdomain,dc=3Dsi" -b
"dc=3Darnes,dc=3Dsi<br>
<br>
The same with the search: we have users in form as:<br>
<a href=3D"mailto:edupersonprincipalname=3Dabagon@guest.arnes.si" targe=
t=3D"_blank">edupersonprincipalname=3Dusername(a)users.ourdomain.si</a>,dc=3D=
users,dc=3Dourdomain,dc=3Dsi<br>
<br>
values in database:<br>
select * from vdc_options where option_name in
('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderT=
ypes','AdUserName','AdUserPassword')
order by option_id;<br>
option_id
| option_name=
| &=
nbsp;
option_value
| ve=
rsion <br>
-----------+----------------------------+--------------------------------+-=
--------<br>
10 |
AdUserName &=
nbsp; &nbs=
p; |
users.ourdomain.si:ovirt  =
; | general<br>
11 |
AdUserPassword &nb=
sp;
|users.ourdomain.si:adminpassword |
gene=
ral<br>
69 |
DomainName &=
nbsp; &nbs=
p; | users.ourdomain.si
 =
; | general<br>
130 |
LDAPSecurityAuthentication|
users.ourdomain.si:SIMPLE &nbs=
p; | general<br>
132 |
LdapServers  =
;
|
users.ourdomain.si:server.ourdomain.si | general<br>
133 |
LDAPProviderTypes  =
; |
users.ourdomain.si:rhds =
| general<br>
(6 rows)<br>
<br>
Best Regards,<br>
Andrej Bagon<br>
<br>
<br>
On 03/15/2013 12:09 PM, Itamar Heim wrote:
<blockquote cite=3D"mid:51430171.2010904@redhat.com">On
03/14/2013 01:58 PM, Andrej Bagon wrote:
<br>
<blockquote>Hi,
<br>
<br>
is it possible to change the bind request that is sent to the
ldap
<br>
server? The default
uid=3Duser,cn=3DUsers,cn=3DAccounts,cn=3Dour,cn=3Ddomain is
<br>
not suitable.
<br>
</blockquote>
<br>
can you please explain why / what you would like to change it to?
<br>
(not sure possible now, but there is work to make it more
configurable/pluggable)
<br>
<br>
</blockquote>
<br>
=20
</blockquote><br></div></div></body></html>
------=_Part_8850427_1953928570.1363594171897--