1 - Result of the command:
[root@ovirt ~]# ldapsearch -x -b "ou=People,dc=lab,dc=local" -s sub -h 192.168.16.114 -p 389 -D "uid=node1,ou=People,dc=lab,dc=local" -W 'uid=node1'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=lab,dc=local> with scope subtree
# filter: uid=node1
# requesting: ALL
#
# node1, People, lab.local
dn: uid=node1,ou=People,dc=lab,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
sn: node1
givenName: node1
cn: node1
displayName: node1
uidNumber: 1000
gidNumber: 1000
Good!
So I would clean the directory /etc/ovirt-engine/aaa from the profile1.properties, profile1-authn.properties, profile1-authz.properties files and the same for profile2
and perhaps also inside /etc/ovirt-engine/extensions.d/ there should be some xxx-authn.properties (perhaps xxx=
ldap.com, the profile name you chose in previous attempts) remove them too
and restart ovirt-engine service or the server itself (eventually putting into global maintenance if Self Hosted Engine setup)
Then I would rerun the interactive setup
ovirt-engine-extension-aaa-ldap-setup
select 9 - OpenLDAP Standard Schema
select to use DNS and policy 1 (single server) that should be resolved as you pointed out and put ldap.lab.local
select Insecure
select search user uid=node1,ou=People,dc=lab,dc=local
enter the password
enter the base dn ou=People,dc=lab,dc=local
decide if you want sso for vms yes/no
specify profile name lab.local
HIH