From jose.fernandes at locaweb.com.br Fri Mar 16 16:39:32 2018
Content-Type: multipart/mixed; boundary="===============4632573733384157119=="
MIME-Version: 1.0
From: Jose Fernandes <jose.fernandes at locaweb.com.br>
To: users at ovirt.org
Subject: Re: [ovirt-users] Setting up a LDAP conf
Date: Fri, 16 Mar 2018 16:39:29 +0000
Message-ID: <7b10a173ef8f4cfd99fe787350060ab6@locaweb.com.br>
In-Reply-To: a9de8075-b06c-6304-3b4d-6663fa2efa2f@redhat.com

--===============4632573733384157119==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

--_000_7b10a173ef8f4cfd99fe787350060ab6locawebcombr_
Content-Type: text/plain; charset=3D"Windows-1252"
Content-Transfer-Encoding: quoted-printable

Thanks Machacek!

________________________________
De: Ondra Machacek <omachace(a)redhat.com>
Enviado: sexta-feira, 16 de mar=3DE7o de 2018 12:32:38
Para: Jose Fernandes; users(a)ovirt.org
Assunto: Re: [ovirt-users] Setting up a LDAP conf

On 03/16/2018 12:26 AM, Jose Fernandes wrote:
> Hello,
>
>
> I have an OpenDJ LDAP server, and I need some help to do query on a
> specific filter search.

I remember I used to setup OpenDJ some time ago, please check this blog
post:

  http://machacekondra.blogspot.cz/2015/05/saml-and-ovirt-35.html

The important part there for you is the file:

  /usr/share/ovirt-engine-extension-aaa-ldap/profiles/opendj.properties

Then you can use it as 'include =3D3D <opendj.properties>' in authz/authn.

>
>
> We can't figure out how to create a "aaa/profile1.properties" file with
> these configs.
>
>
> This is how we can filter the users with ldapsearch on our ldap server:
>
>
> -H ldaps://server:port-D uid=3D3Duser,ou=3D3DOU,dc=3D3DSERVER,dc=3D3Dcom,=
dc=3D3Dbr =3D
-W -b
> ou=3D3Daa,dc=3D3Dbb,dc=3D3Dcc,dc=3D3Ddd uid=3D3Djose.fernandes
>
>
>   - My configuration does not permit I search the users on base, so I
> need to do this filter on "ou=3D3Daa,dc=3D3Dbb,dc=3D3Dcc,dc=3D3Ddd"
>
>   - Port is different from common.
>
>
> Someone can help me to create the config file?
>
>
> Regards,
>
> Jos=3DE9 Fernandes
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

--_000_7b10a173ef8f4cfd99fe787350060ab6locawebcombr_
Content-Type: text/html; charset=3D"Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D3D"Content-Type" content=3D3D"text/html; charset=3D3DWin=
dows-1=3D
252">
<meta name=3D3D"Generator" content=3D3D"Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; pad=
=3D
ding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content=3D3D"text/html; charset=3D3DUTF-8">
<style type=3D3D"text/css" style=3D3D"">
<!--
p
	{margin-top:0;
	margin-bottom:0}
-->
</style>
<div dir=3D3D"ltr">
<div id=3D3D"x_divtagdefaultwrapper" dir=3D3D"ltr" style=3D3D"font-size:12p=
t; col=3D
or:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Thanks Machacek!</p>
</div>
<hr tabindex=3D3D"-1" style=3D3D"display:inline-block; width:98%">
<div id=3D3D"x_divRplyFwdMsg" dir=3D3D"ltr"><font face=3D3D"Calibri, sans-s=
erif" =3D
color=3D3D"#000000" style=3D3D"font-size:11pt"><b>De:</b> Ondra Machacek &l=
t;om=3D
achace(a)redhat.com&gt;<br>
<b>Enviado:</b> sexta-feira, 16 de mar=3DE7o de 2018 12:32:38<br>
<b>Para:</b> Jose Fernandes; users(a)ovirt.org<br>
<b>Assunto:</b> Re: [ovirt-users] Setting up a LDAP conf</font>
<div>&nbsp;</div>
</div>
</div>
<font size=3D3D"2"><span style=3D3D"font-size:10pt;">
<div class=3D3D"PlainText">On 03/16/2018 12:26 AM, Jose Fernandes wrote:<br>
&gt; Hello,<br>
&gt; <br>
&gt; <br>
&gt; I have an OpenDJ LDAP server, and I need some help to do query on a <b=
=3D
r>
&gt; specific filter search.<br>
<br>
I remember I used to setup OpenDJ some time ago, please check this blog<br>
post:<br>
<br>
&nbsp; <a href=3D3D"http://machacekondra.blogspot.cz/2015/05/saml-and-ovirt=
-3=3D
5.html">http://machacekondra.blogspot.cz/2015/05/saml-and-ovirt-35.html</a>=
=3D
<br>
<br>
The important part there for you is the file:<br>
<br>
&nbsp; /usr/share/ovirt-engine-extension-aaa-ldap/profiles/opendj.propertie=
=3D
s<br>
<br>
Then you can use it as 'include =3D3D &lt;opendj.properties&gt;' in authz/a=
ut=3D
hn.<br>
<br>
&gt; <br>
&gt; <br>
&gt; We can't figure out how to create a &quot;aaa/profile1.properties&quot=
=3D
; file with <br>
&gt; these configs.<br>
&gt; <br>
&gt; <br>
&gt; This is how we can filter the users with&nbsp;ldapsearch on our ldap s=
=3D
erver:<br>
&gt; <br>
&gt; <br>
&gt; -H ldaps://server:port-D uid=3D3Duser,ou=3D3DOU,dc=3D3DSERVER,dc=3D3Dc=
om,dc=3D3D=3D
br -W -b <br>
&gt; ou=3D3Daa,dc=3D3Dbb,dc=3D3Dcc,dc=3D3Ddd uid=3D3Djose.fernandes<br>
&gt; <br>
&gt; <br>
&gt;&nbsp; &nbsp;- My configuration does not permit I search the users on b=
=3D
ase, so I <br>
&gt; need to do this filter on &quot;ou=3D3Daa,dc=3D3Dbb,dc=3D3Dcc,dc=3D3Dd=
d&quot;<=3D
br>
&gt; <br>
&gt;&nbsp; &nbsp;-&nbsp;Port is different from common.<br>
&gt; <br>
&gt; <br>
&gt; Someone can help me to create the config file?<br>
&gt; <br>
&gt; <br>
&gt; Regards,<br>
&gt; <br>
&gt; Jos=3DE9 Fernandes<br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; _______________________________________________<br>
&gt; Users mailing list<br>
&gt; Users(a)ovirt.org<br>
&gt; <a href=3D3D"http://lists.ovirt.org/mailman/listinfo/users">http://lis=
ts=3D
.ovirt.org/mailman/listinfo/users</a><br>
&gt; <br>
</div>
</span></font>
</body>
</html>

--_000_7b10a173ef8f4cfd99fe787350060ab6locawebcombr_--

--===============4632573733384157119==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

LS1fMDAwXzdiMTBhMTczZWY4ZjRjZmQ5OWZlNzg3MzUwMDYwYWI2bG9jYXdlYmNvbWJyXwpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9IldpbmRvd3MtMTI1MiIKQ29udGVudC1UcmFu
c2Zlci1FbmNvZGluZzogcXVvdGVkLXByaW50YWJsZQoKVGhhbmtzIE1hY2hhY2VrIQoKX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX18KRGU6IE9uZHJhIE1hY2hhY2VrIDxvbWFjaGFjZUBy
ZWRoYXQuY29tPgpFbnZpYWRvOiBzZXh0YS1mZWlyYSwgMTYgZGUgbWFyPUU3byBkZSAyMDE4IDEy
OjMyOjM4ClBhcmE6IEpvc2UgRmVybmFuZGVzOyB1c2Vyc0BvdmlydC5vcmcKQXNzdW50bzogUmU6
IFtvdmlydC11c2Vyc10gU2V0dGluZyB1cCBhIExEQVAgY29uZgoKT24gMDMvMTYvMjAxOCAxMjoy
NiBBTSwgSm9zZSBGZXJuYW5kZXMgd3JvdGU6Cj4gSGVsbG8sCj4KPgo+IEkgaGF2ZSBhbiBPcGVu
REogTERBUCBzZXJ2ZXIsIGFuZCBJIG5lZWQgc29tZSBoZWxwIHRvIGRvIHF1ZXJ5IG9uIGEKPiBz
cGVjaWZpYyBmaWx0ZXIgc2VhcmNoLgoKSSByZW1lbWJlciBJIHVzZWQgdG8gc2V0dXAgT3BlbkRK
IHNvbWUgdGltZSBhZ28sIHBsZWFzZSBjaGVjayB0aGlzIGJsb2cKcG9zdDoKCiAgaHR0cDovL21h
Y2hhY2Vrb25kcmEuYmxvZ3Nwb3QuY3ovMjAxNS8wNS9zYW1sLWFuZC1vdmlydC0zNS5odG1sCgpU
aGUgaW1wb3J0YW50IHBhcnQgdGhlcmUgZm9yIHlvdSBpcyB0aGUgZmlsZToKCiAgL3Vzci9zaGFy
ZS9vdmlydC1lbmdpbmUtZXh0ZW5zaW9uLWFhYS1sZGFwL3Byb2ZpbGVzL29wZW5kai5wcm9wZXJ0
aWVzCgpUaGVuIHlvdSBjYW4gdXNlIGl0IGFzICdpbmNsdWRlID0zRCA8b3BlbmRqLnByb3BlcnRp
ZXM+JyBpbiBhdXRoei9hdXRobi4KCj4KPgo+IFdlIGNhbid0IGZpZ3VyZSBvdXQgaG93IHRvIGNy
ZWF0ZSBhICJhYWEvcHJvZmlsZTEucHJvcGVydGllcyIgZmlsZSB3aXRoCj4gdGhlc2UgY29uZmln
cy4KPgo+Cj4gVGhpcyBpcyBob3cgd2UgY2FuIGZpbHRlciB0aGUgdXNlcnMgd2l0aCBsZGFwc2Vh
cmNoIG9uIG91ciBsZGFwIHNlcnZlcjoKPgo+Cj4gLUggbGRhcHM6Ly9zZXJ2ZXI6cG9ydC1EIHVp
ZD0zRHVzZXIsb3U9M0RPVSxkYz0zRFNFUlZFUixkYz0zRGNvbSxkYz0zRGJyID0KLVcgLWIKPiBv
dT0zRGFhLGRjPTNEYmIsZGM9M0RjYyxkYz0zRGRkIHVpZD0zRGpvc2UuZmVybmFuZGVzCj4KPgo+
ICAgLSBNeSBjb25maWd1cmF0aW9uIGRvZXMgbm90IHBlcm1pdCBJIHNlYXJjaCB0aGUgdXNlcnMg
b24gYmFzZSwgc28gSQo+IG5lZWQgdG8gZG8gdGhpcyBmaWx0ZXIgb24gIm91PTNEYWEsZGM9M0Ri
YixkYz0zRGNjLGRjPTNEZGQiCj4KPiAgIC0gUG9ydCBpcyBkaWZmZXJlbnQgZnJvbSBjb21tb24u
Cj4KPgo+IFNvbWVvbmUgY2FuIGhlbHAgbWUgdG8gY3JlYXRlIHRoZSBjb25maWcgZmlsZT8KPgo+
Cj4gUmVnYXJkcywKPgo+IEpvcz1FOSBGZXJuYW5kZXMKPgo+Cj4KPiBfX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwo+IFVzZXJzIG1haWxpbmcgbGlzdAo+IFVz
ZXJzQG92aXJ0Lm9yZwo+IGh0dHA6Ly9saXN0cy5vdmlydC5vcmcvbWFpbG1hbi9saXN0aW5mby91
c2Vycwo+CgotLV8wMDBfN2IxMGExNzNlZjhmNGNmZDk5ZmU3ODczNTAwNjBhYjZsb2Nhd2ViY29t
YnJfCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJXaW5kb3dzLTEyNTIiCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUKCjxodG1sPgo8aGVhZD4KPG1l
dGEgaHR0cC1lcXVpdj0zRCJDb250ZW50LVR5cGUiIGNvbnRlbnQ9M0QidGV4dC9odG1sOyBjaGFy
c2V0PTNEV2luZG93cy0xPQoyNTIiPgo8bWV0YSBuYW1lPTNEIkdlbmVyYXRvciIgY29udGVudD0z
RCJNaWNyb3NvZnQgRXhjaGFuZ2UgU2VydmVyIj4KPCEtLSBjb252ZXJ0ZWQgZnJvbSB0ZXh0IC0t
PjxzdHlsZT48IS0tIC5FbWFpbFF1b3RlIHsgbWFyZ2luLWxlZnQ6IDFwdDsgcGFkPQpkaW5nLWxl
ZnQ6IDRwdDsgYm9yZGVyLWxlZnQ6ICM4MDAwMDAgMnB4IHNvbGlkOyB9IC0tPjwvc3R5bGU+Cjwv
aGVhZD4KPGJvZHk+CjxtZXRhIGNvbnRlbnQ9M0QidGV4dC9odG1sOyBjaGFyc2V0PTNEVVRGLTgi
Pgo8c3R5bGUgdHlwZT0zRCJ0ZXh0L2NzcyIgc3R5bGU9M0QiIj4KPCEtLQpwCgl7bWFyZ2luLXRv
cDowOwoJbWFyZ2luLWJvdHRvbTowfQotLT4KPC9zdHlsZT4KPGRpdiBkaXI9M0QibHRyIj4KPGRp
diBpZD0zRCJ4X2RpdnRhZ2RlZmF1bHR3cmFwcGVyIiBkaXI9M0QibHRyIiBzdHlsZT0zRCJmb250
LXNpemU6MTJwdDsgY29sPQpvcjojMDAwMDAwOyBmb250LWZhbWlseTpDYWxpYnJpLEFyaWFsLEhl
bHZldGljYSxzYW5zLXNlcmlmIj4KPHA+VGhhbmtzIE1hY2hhY2VrITwvcD4KPC9kaXY+CjxociB0
YWJpbmRleD0zRCItMSIgc3R5bGU9M0QiZGlzcGxheTppbmxpbmUtYmxvY2s7IHdpZHRoOjk4JSI+
CjxkaXYgaWQ9M0QieF9kaXZScGx5RndkTXNnIiBkaXI9M0QibHRyIj48Zm9udCBmYWNlPTNEIkNh
bGlicmksIHNhbnMtc2VyaWYiID0KY29sb3I9M0QiIzAwMDAwMCIgc3R5bGU9M0QiZm9udC1zaXpl
OjExcHQiPjxiPkRlOjwvYj4gT25kcmEgTWFjaGFjZWsgJmx0O29tPQphY2hhY2VAcmVkaGF0LmNv
bSZndDs8YnI+CjxiPkVudmlhZG86PC9iPiBzZXh0YS1mZWlyYSwgMTYgZGUgbWFyPUU3byBkZSAy
MDE4IDEyOjMyOjM4PGJyPgo8Yj5QYXJhOjwvYj4gSm9zZSBGZXJuYW5kZXM7IHVzZXJzQG92aXJ0
Lm9yZzxicj4KPGI+QXNzdW50bzo8L2I+IFJlOiBbb3ZpcnQtdXNlcnNdIFNldHRpbmcgdXAgYSBM
REFQIGNvbmY8L2ZvbnQ+CjxkaXY+Jm5ic3A7PC9kaXY+CjwvZGl2Pgo8L2Rpdj4KPGZvbnQgc2l6
ZT0zRCIyIj48c3BhbiBzdHlsZT0zRCJmb250LXNpemU6MTBwdDsiPgo8ZGl2IGNsYXNzPTNEIlBs
YWluVGV4dCI+T24gMDMvMTYvMjAxOCAxMjoyNiBBTSwgSm9zZSBGZXJuYW5kZXMgd3JvdGU6PGJy
PgomZ3Q7IEhlbGxvLDxicj4KJmd0OyA8YnI+CiZndDsgPGJyPgomZ3Q7IEkgaGF2ZSBhbiBPcGVu
REogTERBUCBzZXJ2ZXIsIGFuZCBJIG5lZWQgc29tZSBoZWxwIHRvIGRvIHF1ZXJ5IG9uIGEgPGI9
CnI+CiZndDsgc3BlY2lmaWMgZmlsdGVyIHNlYXJjaC48YnI+Cjxicj4KSSByZW1lbWJlciBJIHVz
ZWQgdG8gc2V0dXAgT3BlbkRKIHNvbWUgdGltZSBhZ28sIHBsZWFzZSBjaGVjayB0aGlzIGJsb2c8
YnI+CnBvc3Q6PGJyPgo8YnI+CiZuYnNwOyA8YSBocmVmPTNEImh0dHA6Ly9tYWNoYWNla29uZHJh
LmJsb2dzcG90LmN6LzIwMTUvMDUvc2FtbC1hbmQtb3ZpcnQtMz0KNS5odG1sIj5odHRwOi8vbWFj
aGFjZWtvbmRyYS5ibG9nc3BvdC5jei8yMDE1LzA1L3NhbWwtYW5kLW92aXJ0LTM1Lmh0bWw8L2E+
PQo8YnI+Cjxicj4KVGhlIGltcG9ydGFudCBwYXJ0IHRoZXJlIGZvciB5b3UgaXMgdGhlIGZpbGU6
PGJyPgo8YnI+CiZuYnNwOyAvdXNyL3NoYXJlL292aXJ0LWVuZ2luZS1leHRlbnNpb24tYWFhLWxk
YXAvcHJvZmlsZXMvb3BlbmRqLnByb3BlcnRpZT0Kczxicj4KPGJyPgpUaGVuIHlvdSBjYW4gdXNl
IGl0IGFzICdpbmNsdWRlID0zRCAmbHQ7b3BlbmRqLnByb3BlcnRpZXMmZ3Q7JyBpbiBhdXRoei9h
dXQ9CmhuLjxicj4KPGJyPgomZ3Q7IDxicj4KJmd0OyA8YnI+CiZndDsgV2UgY2FuJ3QgZmlndXJl
IG91dCBob3cgdG8gY3JlYXRlIGEgJnF1b3Q7YWFhL3Byb2ZpbGUxLnByb3BlcnRpZXMmcXVvdD0K
OyBmaWxlIHdpdGggPGJyPgomZ3Q7IHRoZXNlIGNvbmZpZ3MuPGJyPgomZ3Q7IDxicj4KJmd0OyA8
YnI+CiZndDsgVGhpcyBpcyBob3cgd2UgY2FuIGZpbHRlciB0aGUgdXNlcnMgd2l0aCZuYnNwO2xk
YXBzZWFyY2ggb24gb3VyIGxkYXAgcz0KZXJ2ZXI6PGJyPgomZ3Q7IDxicj4KJmd0OyA8YnI+CiZn
dDsgLUggbGRhcHM6Ly9zZXJ2ZXI6cG9ydC1EIHVpZD0zRHVzZXIsb3U9M0RPVSxkYz0zRFNFUlZF
UixkYz0zRGNvbSxkYz0zRD0KYnIgLVcgLWIgPGJyPgomZ3Q7IG91PTNEYWEsZGM9M0RiYixkYz0z
RGNjLGRjPTNEZGQgdWlkPTNEam9zZS5mZXJuYW5kZXM8YnI+CiZndDsgPGJyPgomZ3Q7IDxicj4K
Jmd0OyZuYnNwOyAmbmJzcDstIE15IGNvbmZpZ3VyYXRpb24gZG9lcyBub3QgcGVybWl0IEkgc2Vh
cmNoIHRoZSB1c2VycyBvbiBiPQphc2UsIHNvIEkgPGJyPgomZ3Q7IG5lZWQgdG8gZG8gdGhpcyBm
aWx0ZXIgb24gJnF1b3Q7b3U9M0RhYSxkYz0zRGJiLGRjPTNEY2MsZGM9M0RkZCZxdW90Ozw9CmJy
PgomZ3Q7IDxicj4KJmd0OyZuYnNwOyAmbmJzcDstJm5ic3A7UG9ydCBpcyBkaWZmZXJlbnQgZnJv
bSBjb21tb24uPGJyPgomZ3Q7IDxicj4KJmd0OyA8YnI+CiZndDsgU29tZW9uZSBjYW4gaGVscCBt
ZSB0byBjcmVhdGUgdGhlIGNvbmZpZyBmaWxlPzxicj4KJmd0OyA8YnI+CiZndDsgPGJyPgomZ3Q7
IFJlZ2FyZHMsPGJyPgomZ3Q7IDxicj4KJmd0OyBKb3M9RTkgRmVybmFuZGVzPGJyPgomZ3Q7IDxi
cj4KJmd0OyA8YnI+CiZndDsgPGJyPgomZ3Q7IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fPGJyPgomZ3Q7IFVzZXJzIG1haWxpbmcgbGlzdDxicj4KJmd0OyBV
c2Vyc0BvdmlydC5vcmc8YnI+CiZndDsgPGEgaHJlZj0zRCJodHRwOi8vbGlzdHMub3ZpcnQub3Jn
L21haWxtYW4vbGlzdGluZm8vdXNlcnMiPmh0dHA6Ly9saXN0cz0KLm92aXJ0Lm9yZy9tYWlsbWFu
L2xpc3RpbmZvL3VzZXJzPC9hPjxicj4KJmd0OyA8YnI+CjwvZGl2Pgo8L3NwYW4+PC9mb250Pgo8
L2JvZHk+CjwvaHRtbD4KCi0tXzAwMF83YjEwYTE3M2VmOGY0Y2ZkOTlmZTc4NzM1MDA2MGFiNmxv
Y2F3ZWJjb21icl8tLQo=

--===============4632573733384157119==--