On 05/03/2016 11:58 AM, Alexis HAUSER wrote:
Thank you, now I see the correct namespace shown, but still no way to login with any user...Any idea ?
Hard to say without logs, can you please share log output of ovirt-engine-extensions-tool? Please run it with: ovirt-engine-extensions-tool --log-level=FINEST --log-file=output.log aaa login-user --profile=xxx --user-name=xxx
I attached the log file
Thanks, for some reason it can't find the user 'myuser'. The search command that is executed is: LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 'ou=people,o=unix,dc=somewhere,dc=any' -D 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W '(&(objectClass=uidObject)(uid=*)(uid=myuser))' Is that searchbase(-b param) ok? Does 'cn=mysearchuser' user have appropriate permissions to see users? Or do you use rfc2307? You can find out running this command: LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 'ou=people,o=unix,dc=somewhere,dc=any' -D 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W '(&(objectClass=posixAccount)(uid=*)(uid=myuser))' If ^this command will find your user then just change in /etc/ovirt-engine/aaa/your_profile.properties: include = <openldap.properties> to include = <rfc2307-openldap.properties>