On Thu, May 30, 2019 at 2:51 PM <rubennunes12@gmail.com> wrote:
1 - Result of the command: [root@ovirt ~]# ldapsearch -x -b "ou=People,dc=lab,dc=local" -s sub -h 192.168.16.114 -p 389 -D "uid=node1,ou=People,dc=lab,dc=local" -W 'uid=node1' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=People,dc=lab,dc=local> with scope subtree # filter: uid=node1 # requesting: ALL #
# node1, People, lab.local dn: uid=node1,ou=People,dc=lab,dc=local objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount sn: node1 givenName: node1 cn: node1 displayName: node1 uidNumber: 1000 gidNumber: 1000
Good! So I would clean the directory /etc/ovirt-engine/aaa from the profile1.properties, profile1-authn.properties, profile1-authz.properties files and the same for profile2 and perhaps also inside /etc/ovirt-engine/extensions.d/ there should be some xxx-authn.properties (perhaps xxx= ldap.com, the profile name you chose in previous attempts) remove them too and restart ovirt-engine service or the server itself (eventually putting into global maintenance if Self Hosted Engine setup) Then I would rerun the interactive setup ovirt-engine-extension-aaa-ldap-setup select 9 - OpenLDAP Standard Schema select to use DNS and policy 1 (single server) that should be resolved as you pointed out and put ldap.lab.local select Insecure select search user uid=node1,ou=People,dc=lab,dc=local enter the password enter the base dn ou=People,dc=lab,dc=local decide if you want sso for vms yes/no specify profile name lab.local HIH