I finally got this to work so I'm posting what I did in case it may help someone else
in the future. Hopefully the format of this site won't make it hard to read.
- Thanks to Edward Berger who got me to the right direction and providing this link:
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/prof...
- Also Thanks to Ondra Machacek for advising to use the ovirt-engine-extensions-tool
All changes are made on /etc/ovirt-engine/aaa/MYDOMAIN.com.properties
- Once I added this line:
sequence.openldap-init-vars.040.var-set.value =
(objectClass=Person)(${seq:simple_attrsUserName}=*)
- I was getting this error:
-->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='null'
2019-09-06 10:50:18,837-04 SEVERE Cannot locate principal 'null'
- So then I changed the Principal map from "uid" to "cn" by adding
this line:
attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn
- After that, it pulled the user principal name, but then when trying to add a user in the
web interface, it would fail with this error:
ERROR: null value in column "external_id" violates not-null constraint
- So I mapped the PrincipalRecord_ID to the user mail attribute figuring that would be
fine since emails are mostly unique anyway,by adding the following line:
attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail
My configuration: /etc/ovirt-engine/aaa/MYDOMAIN.com.properties
include = <openldap.properties>
vars.server =
SERVERNAME.MYDOMAIN.com
vars.user = LDAPuser(a)MYDOMAIN.com
vars.password = USER PASSWORD
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = single
pool.default.serverset.single.server = ${global:vars.server}
attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn
attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail
sequence.openldap-init-vars.010.description = set base dn
sequence.openldap-init-vars.010.type = var-set
sequence.openldap-init-vars.010.var-set.variable = simple_attrsBaseDN
sequence.openldap-init-vars.010.var-set.value = DC=MYDOMAIN,DC=com
sequence.openldap-init-vars.020.var-set.value = cn
sequence.openldap-init-vars.040.var-set.value =
(objectClass=Person)(${seq:simple_attrsUserName}=*)