From andrej.bagon at arnes.si Mon Mar 18 03:07:08 2013 Content-Type: multipart/mixed; boundary="===============5247139840516743101==" MIME-Version: 1.0 From: Andrej Bagon To: users at ovirt.org Subject: Re: [Users] ldap simple Date: Mon, 18 Mar 2013 08:07:06 +0100 Message-ID: <5146BD1A.9050806@arnes.si> In-Reply-To: 51430171.2010904@redhat.com --===============5247139840516743101== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable This is a multi-part message in MIME format. --------------090006050100020008090701 Content-Type: text/plain; charset=3DISO-8859-1 Content-Transfer-Encoding: 7bit Hi, the system is trying to bind to ldap as: bind request: uid=3Dcn=3Dovirt,cn=3DUsers,cn=3DAccounts,dc=3Dourdomain,dc= =3Dsi I dont know how it knows dc=3Dourdomain,dc=3Dsi It should be bind request: cn=3Dovirt,ou=3Dsystem,dc=3Dourdomain,dc=3Dsi" -b "dc=3Darnes= ,dc=3Dsi The same with the search: we have users in form as: edupersonprincipalname=3Dusername(a)users.ourdomain.si ,dc=3Dusers,dc=3Do= urdomain,dc=3Dsi values in database: select * from vdc_options where option_name in ('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTypes= ','AdUserName','AdUserPassword') order by option_id; option_id | option_name | option_value = | version -----------+----------------------------+--------------------------------+-= -------- 10 | AdUserName | users.ourdomain.si:ovirt | general 11 | AdUserPassword = |users.ourdomain.si:adminpassword | general 69 | DomainName | users.ourdomain.si | general 130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE | general 132 | LdapServers | users.ourdomain.si:server.ourdomain.si | general 133 | LDAPProviderTypes | users.ourdomain.si:rhds | general (6 rows) Best Regards, Andrej Bagon On 03/15/2013 12:09 PM, Itamar Heim wrote: > On 03/14/2013 01:58 PM, Andrej Bagon wrote: >> Hi, >> >> is it possible to change the bind request that is sent to the ldap >> server? The default uid=3Duser,cn=3DUsers,cn=3DAccounts,cn=3Dour,cn=3Ddo= main is >> not suitable. > > can you please explain why / what you would like to change it to? > (not sure possible now, but there is work to make it more > configurable/pluggable) > --------------090006050100020008090701 Content-Type: text/html; charset=3DISO-8859-1 Content-Transfer-Encoding: 7bit Hi,

the system is trying to bind to ldap as:
bind request: uid=3Dcn=3Dovirt,cn=3DUsers,cn=3DAccounts,dc=3Dourdomain,= dc=3Dsi

I dont know how it knows dc=3Dourdomain,dc=3Dsi
It should be
bind request: cn=3Dovirt,ou=3Dsystem,dc=3Dourdomain,dc=3Dsi" -b "dc=3Darnes,dc=3Dsi

The same with the search: we have users in form as:
edu= personprincipalname=3Dusername(a)users.ourdomain.si,dc=3Dusers,dc=3Dour= domain,dc=3Dsi

values in database:
select * from vdc_options where option_name in ('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderT= ypes','AdUserName','AdUserPassword') order by option_id;
 option_id |        option_name=          |    &= nbsp;     option_value          | ve= rsion
-----------+----------------------------+--------------------------------+-= --------
        10 | AdUserName  &= nbsp;           &nbs= p;  | users.ourdomain.si:ovirt        = ;   | general
        11 | AdUserPassword &nb= sp;           |users.ourdomain.si:adminpassword       | gene= ral
        69 | DomainName  &= nbsp;           &nbs= p;  | users.ourdomain.si             = ;    | general
       130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE       &nbs= p;  | general
       132 | LdapServers   = ;             | users.ourdomain.si:server.ourdomain.si | general
       133 | LDAPProviderTypes  = ;        | users.ourdomain.si:rhds        =     | general
(6 rows)

Best Regards,
Andrej Bagon


On 03/15/2013 12:09 PM, Itamar Heim wrote:
On 03/14/2013 01:58 PM, Andrej Bagon wrote:
Hi,

is it possible to change the bind request that is sent to the ldap
server? The default uid=3Duser,cn=3DUsers,cn=3DAccounts,cn=3Dour,cn=3Ddomain is
not suitable.

can you please explain why / what you would like to change it to?
(not sure possible now, but there is work to make it more configurable/pluggable)


--------------090006050100020008090701-- --===============5247139840516743101== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KLS0tLS0tLS0tLS0t LS0wOTAwMDYwNTAxMDAwMjAwMDgwOTA3MDEKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy c2V0PUlTTy04ODU5LTEKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKSGksCgp0aGUg c3lzdGVtIGlzIHRyeWluZyB0byBiaW5kIHRvIGxkYXAgYXM6CmJpbmQgcmVxdWVzdDogdWlkPWNu PW92aXJ0LGNuPVVzZXJzLGNuPUFjY291bnRzLGRjPW91cmRvbWFpbixkYz1zaQoKSSBkb250IGtu b3cgaG93IGl0IGtub3dzIGRjPW91cmRvbWFpbixkYz1zaQpJdCBzaG91bGQgYmUKYmluZCByZXF1 ZXN0OiBjbj1vdmlydCxvdT1zeXN0ZW0sZGM9b3VyZG9tYWluLGRjPXNpIiAtYiAiZGM9YXJuZXMs ZGM9c2kKClRoZSBzYW1lIHdpdGggdGhlIHNlYXJjaDogd2UgaGF2ZSB1c2VycyBpbiBmb3JtIGFz OgplZHVwZXJzb25wcmluY2lwYWxuYW1lPXVzZXJuYW1lQHVzZXJzLm91cmRvbWFpbi5zaQo8bWFp bHRvOmVkdXBlcnNvbnByaW5jaXBhbG5hbWU9YWJhZ29uQGd1ZXN0LmFybmVzLnNpPixkYz11c2Vy cyxkYz1vdXJkb21haW4sZGM9c2kKCnZhbHVlcyBpbiBkYXRhYmFzZToKc2VsZWN0ICogZnJvbSB2 ZGNfb3B0aW9ucyB3aGVyZSBvcHRpb25fbmFtZSBpbgooJ0RvbWFpbk5hbWUnLCdMZGFwU2VydmVy cycsJ0xEQVBTZWN1cml0eUF1dGhlbnRpY2F0aW9uJywnTERBUFByb3ZpZGVyVHlwZXMnLCdBZFVz ZXJOYW1lJywnQWRVc2VyUGFzc3dvcmQnKQpvcmRlciBieSBvcHRpb25faWQ7CiBvcHRpb25faWQg fCAgICAgICAgb3B0aW9uX25hbWUgICAgICAgICB8ICAgICAgICAgIG9wdGlvbl92YWx1ZSAgICAg ICAgIAp8IHZlcnNpb24KLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSst LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0KICAgICAgICAxMCB8IEFk VXNlck5hbWUgICAgICAgICAgICAgICAgIHwKdXNlcnMub3VyZG9tYWluLnNpOm92aXJ0ICAgICAg ICAgICB8IGdlbmVyYWwKICAgICAgICAxMSB8IEFkVXNlclBhc3N3b3JkICAgICAgICAgICAgCnx1 c2Vycy5vdXJkb21haW4uc2k6YWRtaW5wYXNzd29yZCAgICAgICB8IGdlbmVyYWwKICAgICAgICA2 OSB8IERvbWFpbk5hbWUgICAgICAgICAgICAgICAgIHwgdXNlcnMub3VyZG9tYWluLnNpCiAgICAg ICAgICAgICAgICB8IGdlbmVyYWwKICAgICAgIDEzMCB8IExEQVBTZWN1cml0eUF1dGhlbnRpY2F0 aW9ufAp1c2Vycy5vdXJkb21haW4uc2k6U0lNUExFICAgICAgICAgIHwgZ2VuZXJhbAogICAgICAg MTMyIHwgTGRhcFNlcnZlcnMgICAgICAgICAgICAgICAgfAp1c2Vycy5vdXJkb21haW4uc2k6c2Vy dmVyLm91cmRvbWFpbi5zaSB8IGdlbmVyYWwKICAgICAgIDEzMyB8IExEQVBQcm92aWRlclR5cGVz ICAgICAgICAgIHwKdXNlcnMub3VyZG9tYWluLnNpOnJoZHMgICAgICAgICAgICB8IGdlbmVyYWwK KDYgcm93cykKCkJlc3QgUmVnYXJkcywKQW5kcmVqIEJhZ29uCgoKT24gMDMvMTUvMjAxMyAxMjow OSBQTSwgSXRhbWFyIEhlaW0gd3JvdGU6Cj4gT24gMDMvMTQvMjAxMyAwMTo1OCBQTSwgQW5kcmVq IEJhZ29uIHdyb3RlOgo+PiBIaSwKPj4KPj4gaXMgaXQgcG9zc2libGUgdG8gY2hhbmdlIHRoZSBi aW5kIHJlcXVlc3QgdGhhdCBpcyBzZW50IHRvIHRoZSBsZGFwCj4+IHNlcnZlcj8gVGhlIGRlZmF1 bHQgdWlkPXVzZXIsY249VXNlcnMsY249QWNjb3VudHMsY249b3VyLGNuPWRvbWFpbiBpcwo+PiBu b3Qgc3VpdGFibGUuCj4KPiBjYW4geW91IHBsZWFzZSBleHBsYWluIHdoeSAvIHdoYXQgeW91IHdv dWxkIGxpa2UgdG8gY2hhbmdlIGl0IHRvPwo+IChub3Qgc3VyZSBwb3NzaWJsZSBub3csIGJ1dCB0 aGVyZSBpcyB3b3JrIHRvIG1ha2UgaXQgbW9yZQo+IGNvbmZpZ3VyYWJsZS9wbHVnZ2FibGUpCj4K CgotLS0tLS0tLS0tLS0tLTA5MDAwNjA1MDEwMDAyMDAwODA5MDcwMQpDb250ZW50LVR5cGU6IHRl eHQvaHRtbDsgY2hhcnNldD1JU08tODg1OS0xCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdi aXQKCjxodG1sPgogIDxoZWFkPgogICAgPG1ldGEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0 PUlTTy04ODU5LTEiCiAgICAgIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSI+CiAgPC9oZWFkPgog IDxib2R5IGJnY29sb3I9IiNGRkZGRkYiIHRleHQ9IiMwMDAwMDAiPgogICAgSGksPGJyPgogICAg PGJyPgogICAgdGhlIHN5c3RlbSBpcyB0cnlpbmcgdG8gYmluZCB0byBsZGFwIGFzOjxicj4KICAg IGJpbmQgcmVxdWVzdDogdWlkPWNuPW92aXJ0LGNuPVVzZXJzLGNuPUFjY291bnRzLGRjPW91cmRv bWFpbixkYz1zaTxicj4KICAgIDxicj4KICAgIEkgZG9udCBrbm93IGhvdyBpdCBrbm93cyBkYz1v dXJkb21haW4sZGM9c2k8YnI+CiAgICBJdCBzaG91bGQgYmU8YnI+CiAgICBiaW5kIHJlcXVlc3Q6 IGNuPW92aXJ0LG91PXN5c3RlbSxkYz1vdXJkb21haW4sZGM9c2kiIC1iCiAgICAiZGM9YXJuZXMs ZGM9c2k8YnI+CiAgICA8YnI+CiAgICBUaGUgc2FtZSB3aXRoIHRoZSBzZWFyY2g6IHdlIGhhdmUg dXNlcnMgaW4gZm9ybSBhczo8YnI+CiAgICA8YSBocmVmPSJtYWlsdG86ZWR1cGVyc29ucHJpbmNp cGFsbmFtZT1hYmFnb25AZ3Vlc3QuYXJuZXMuc2kiPmVkdXBlcnNvbnByaW5jaXBhbG5hbWU9dXNl cm5hbWVAdXNlcnMub3VyZG9tYWluLnNpPC9hPixkYz11c2VycyxkYz1vdXJkb21haW4sZGM9c2k8 YnI+CiAgICA8YnI+CiAgICB2YWx1ZXMgaW4gZGF0YWJhc2U6PGJyPgogICAgc2VsZWN0ICogZnJv bSB2ZGNfb3B0aW9ucyB3aGVyZSBvcHRpb25fbmFtZSBpbgogICAgKCdEb21haW5OYW1lJywnTGRh cFNlcnZlcnMnLCdMREFQU2VjdXJpdHlBdXRoZW50aWNhdGlvbicsJ0xEQVBQcm92aWRlclR5cGVz JywnQWRVc2VyTmFtZScsJ0FkVXNlclBhc3N3b3JkJykKICAgIG9yZGVyIGJ5IG9wdGlvbl9pZDs8 YnI+CiAgICAmbmJzcDtvcHRpb25faWQgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyBvcHRpb25fbmFtZSZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7CiAgICBvcHRpb25fdmFsdWUmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCB2ZXJzaW9uIDxicj4KLS0tLS0tLS0tLS0rLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LSstLS0tLS0tLS08YnI+CiAgICAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgMTAgfCBBZFVzZXJOYW1lJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IHwKICAgIHVzZXJzLm91cmRvbWFpbi5zaTpvdmlydCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8IGdlbmVyYWw8YnI+CiAgICAm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgMTEgfCBBZFVzZXJQYXNz d29yZCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOwogICAgfHVzZXJzLm91cmRvbWFpbi5zaTphZG1pbnBhc3N3b3Jk ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8IGdlbmVyYWw8YnI+CiAgICAmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgNjkgfCBEb21haW5OYW1lJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwgdXNlcnMub3VyZG9tYWluLnNpCiAg ICAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCBnZW5lcmFsPGJyPgogICAgJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDEzMCB8IExEQVBTZWN1cml0eUF1dGhl bnRpY2F0aW9ufAogICAgdXNlcnMub3VyZG9tYWluLnNpOlNJTVBMRSZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8IGdlbmVyYWw8YnI+CiAgICAm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgMTMyIHwgTGRhcFNlcnZlcnMmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfAogICAgdXNlcnMub3VyZG9tYWluLnNpOnNl cnZlci5vdXJkb21haW4uc2kgfCBnZW5lcmFsPGJyPgogICAgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IDEzMyB8IExEQVBQcm92aWRlclR5cGVzJm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwKICAgIHVzZXJzLm91cmRvbWFp bi5zaTpyaGRzJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwgZ2VuZXJhbDxicj4KICAgICg2IHJvd3MpPGJyPgogICAgPGJy PgogICAgQmVzdCBSZWdhcmRzLDxicj4KICAgIEFuZHJlaiBCYWdvbjxicj4KICAgIDxicj4KICAg IDxicj4KICAgIE9uIDAzLzE1LzIwMTMgMTI6MDkgUE0sIEl0YW1hciBIZWltIHdyb3RlOgogICAg PGJsb2NrcXVvdGUgY2l0ZT0ibWlkOjUxNDMwMTcxLjIwMTA5MDRAcmVkaGF0LmNvbSIgdHlwZT0i Y2l0ZSI+T24KICAgICAgMDMvMTQvMjAxMyAwMTo1OCBQTSwgQW5kcmVqIEJhZ29uIHdyb3RlOgog ICAgICA8YnI+CiAgICAgIDxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPkhpLAogICAgICAgIDxicj4K ICAgICAgICA8YnI+CiAgICAgICAgaXMgaXQgcG9zc2libGUgdG8gY2hhbmdlIHRoZSBiaW5kIHJl cXVlc3QgdGhhdCBpcyBzZW50IHRvIHRoZQogICAgICAgIGxkYXAKICAgICAgICA8YnI+CiAgICAg ICAgc2VydmVyPyBUaGUgZGVmYXVsdAogICAgICAgIHVpZD11c2VyLGNuPVVzZXJzLGNuPUFjY291 bnRzLGNuPW91cixjbj1kb21haW4gaXMKICAgICAgICA8YnI+CiAgICAgICAgbm90IHN1aXRhYmxl LgogICAgICAgIDxicj4KICAgICAgPC9ibG9ja3F1b3RlPgogICAgICA8YnI+CiAgICAgIGNhbiB5 b3UgcGxlYXNlIGV4cGxhaW4gd2h5IC8gd2hhdCB5b3Ugd291bGQgbGlrZSB0byBjaGFuZ2UgaXQg dG8/CiAgICAgIDxicj4KICAgICAgKG5vdCBzdXJlIHBvc3NpYmxlIG5vdywgYnV0IHRoZXJlIGlz IHdvcmsgdG8gbWFrZSBpdCBtb3JlCiAgICAgIGNvbmZpZ3VyYWJsZS9wbHVnZ2FibGUpCiAgICAg IDxicj4KICAgICAgPGJyPgogICAgPC9ibG9ja3F1b3RlPgogICAgPGJyPgogIDwvYm9keT4KPC9o dG1sPgoKLS0tLS0tLS0tLS0tLS0wOTAwMDYwNTAxMDAwMjAwMDgwOTA3MDEtLQo= --===============5247139840516743101==--