On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
+ LdapEncryptionType clear is not understandable.
What did you mean by that?


From: "Vinzenz Feenstra" <vfeenstr@redhat.com>
To: users@ovirt.org
Sent: Monday, November 19, 2012 11:29:42 AM
Subject: Re: [Users] I don't know how to add AD users


On 11/19/2012 10:01 AM, Cristian Falcas wrote:
Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is working correctly:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com");
$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");

Those are the commands I tried using:
engine-manage-domains -action=add -domain=site.example.com -provider=ActiveDirectory -user=user.name -interactive

engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user=user.name@company.com -interactive

engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user=user.name@site.example.com -interactive


You don't add an user this way. You add the domain. You have to pass the domain admin user and the domain admin password.
Then you can use the domain within the engine. e.g. search users, add access rights for vms etc.
Even login to the engine and assigning rights within the engine you can handle from the engine itself.

Regards,
And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: domain_used_in_command
Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.

Can someone help me with the correct parameters?


Best regards,
Cristian Falcas


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



-- 
Regards,

Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



That was the configuration needed for the wiki extension used for ldap authentication.

So the admin users is needed in order to retrieve the list of users only?

Can someone recommend the simplest ldap server installation I could use for this? I was thinking first at freeipa, but it's not compatible with mod_ssl, which is required by ovirt.

Best regards,
Cristian Falcas