This is a multi-part message in MIME format. --------------020703070204080601010105 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hi, your user nbudoor@abc.net doesn't have appropriate permissions to login. First you need to login as 'admin@internal' and assign him some permissions, then you will be able to login. Ondra On 09/23/2015 09:15 AM, Budur Nagaraju wrote:
HI All,
After rectifying this able to search the domain in the users in UI, but unable to login getting the below error ,
2015-09-23 12:41:47,482 WARN [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for user nbudoor@abc.net <mailto:nbudoor@abc.net>. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
Thanks, Nagaraju
On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>> wrote:
Hi,
as Alon already said, you have trailing space in your configuration
'my.abc.net <http://my.abc.net> ' <-- space at the end
Please remove this space and try again.
Ondra
On 09/23/2015 05:35 AM, Budur Nagaraju wrote:
HI Alon,
Tried all the options but no luck ,
I have copied the logs in the pastebin below is the link , warning message is that unable to resolve the DNS ,let me know any help would I get .
Thanks, Nagaraju
On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> wrote:
Hello Budur,
I've done this recently. Alon, no offense, but the docs are not quite strait forward...
Requirements: - LDAP server (obviously) - called here ldap.mydomain.com <http://ldap.mydomain.com> - LDAP bind account - called here ldap@mydomain.com <mailto:ldap@mydomain.com>, password 'Passw@rd' - At least one existing account in ladp, called user@mydomain.com <mailto:user@mydomain.com>
Please note, the most common issue will be DNS.
I'll describe in short what steps need to be taken. All this needs to be done on your engine host. In the end this was quite easy :)
1. Install the packages: ovirt-engine-extension-aaa-ldap and openldap-clients (these are only for testing your setup) 2. Test if ldap is working in general. (The extension uses the global catalog at least for AD, this was news to me): # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://ldap.mydomain.com:3268/ <http://ldap.mydomain.com:3268/> -x \ -D 'ldap@mydomain.com <mailto:ldap@mydomain.com>' -w Passw@rd -b '' '(userPrincipalName=user@mydomian.com <mailto:user@mydomian.com>)' cn userPrincipalName
If this command does not return details of the user, do debug your ldap and continue once this works. Example:
# extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (userPrincipalName=user@mydomain.com <mailto:user@mydomain.com>) # requesting: cn userPrincipalName # with pagedResults control: size=1024 #
# Some Name, some-ou, mydomain.com <http://mydomain.com> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com cn: Some Name userPrincipalName: user@mydomain.com <mailto:user@mydomain.com>
# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA= pagedresults: cookie=
# numResponses: 2 # numEntries: 1
3. Copy the examples as mentioned from the readme. 4. You only need to modify /etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest as is. 5. There, set:
vars.domain = ldap.mydomain.com <http://ldap.mydomain.com> vars.user = ldap@${global:vars.domain} vars.password = Passw@rd
6. Restart ovirt engine service 7. Log in as admin@einternal and add user rights and roles from the new provider
Hope this helps.
On 22.09.2015 16 <tel:22.09.2015%2016>:46, Budur Nagaraju wrote: > > below are the three files which I have modified. > > > [root@cstlb2 extensions.d]# cat profile1-authn.properties > ovirt.engine.extension.name <http://ovirt.engine.extension.name> <http://ovirt.engine.extension.name> = cloudspin-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name <http://ovirt.engine.aaa.authn.profile.name> <http://ovirt.engine.aaa.authn.profile.name> > = cloudspin > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties > > > [root@cstlb2 extensions.d]# ls > profile1-authn.properties profile1-authz.properties > [root@cstlb2 extensions.d]# cat profile1-authz.properties > ovirt.engine.extension.name <http://ovirt.engine.extension.name> <http://ovirt.engine.extension.name> = cloudspin-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties > [root@cstlb2 extensions.d]# > > > > [root@cstlb2 aaa]# pwd > /etc/ovirt-engine/aaa > [root@cstlb2 aaa]# ls > ldap1.properties > [root@cstlb2 aaa]# cat ldap1.properties > # > # Select one > # > include = <openldap.properties> > #include = <389ds.properties> > #include = <rhds.properties> > #include = <ipa.properties> > #include = <iplanet.properties> > #include = <rfc2307.properties> > #include = <rfc2307-openldap.properties> > > # > # Server > # > vars.server = my.abc.net <http://my.abc.net> <http://my.abc.net> > > # > # Search user and its password. > # > vars.user = > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net > vars.password = company > > pool.default.serverset.single.server = ${global:vars.server} > pool.default.auth.simple.bindDN = ${global:vars.user} > pool.default.auth.simple.password = ${global:vars.password} > > # Create keystore, import certificate chain and uncomment > # if using ssl/tls. > #pool.default.ssl.startTLS = true > #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks > #pool.default.ssl.truststore.password = changeit > [root@cstlb2 aaa]# > > > > > > > On Tue, Sep 22, 2015 at 8:07 PM, Alon Bar-Lev <alonbl@redhat.com <mailto:alonbl@redhat.com> > <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>> wrote: > > > > ----- Original Message ----- > > From: "Budur Nagaraju" <nbudoor@gmail.com <mailto:nbudoor@gmail.com> <mailto:nbudoor@gmail.com <mailto:nbudoor@gmail.com>>> > > To: "Alon Bar-Lev" <alonbl@redhat.com <mailto:alonbl@redhat.com> <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>> > > Cc:users@ovirt.org <mailto:Cc%3Ausers@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> > > Sent: Tuesday, September 22, 2015 5:35:16 PM > > Subject: Re: [ovirt-users] LDAP Authentication > > > > its too complicated ,you have any script or video ? > > in 3.6 we have a setup script. > for now: > > cp -r /usr/share/ovirt-engine/examples/simple/. /etc/ovirt-engine/ > > this is written in the README. > > then customize files at /etc/ovirt-engine/extnesions.d/* > /etc/ovirt-engine/aaa/* to match your setup > > > > > > > On Tue, Sep 22, 2015 at 8:00 PM, Alon Bar-Lev <alonbl@redhat.com <mailto:alonbl@redhat.com> <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>> wrote: > > > > > > > > > > > ----- Original Message ----- > > > > From: "Budur Nagaraju" <nbudoor@gmail.com <mailto:nbudoor@gmail.com> <mailto:nbudoor@gmail.com <mailto:nbudoor@gmail.com>>> > > > > To: "Alon Bar-Lev" <alonbl@redhat.com <mailto:alonbl@redhat.com> <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>> > > > > Cc:users@ovirt.org <mailto:Cc%3Ausers@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> > > > > Sent: Tuesday, September 22, 2015 5:24:36 PM > > > > Subject: Re: [ovirt-users] LDAP Authentication > > > > > > > > HI Alon, > > > > > > > > Below is the configuration which I have done ,but unable to search the > > > > users in UI > > > > can you pls help me ? > > > > > > you need three files, see the > > > /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple > > > > > > > > > > > > > > > [root@cstlb2 aaa]# cat ldap1.properties > > > > # > > > > # Select one > > > > # > > > > include = <openldap.properties> > > > > #include = <389ds.properties> > > > > #include = <rhds.properties> > > > > #include = <ipa.properties> > > > > #include = <iplanet.properties> > > > > #include = <rfc2307.properties> > > > > #include = <rfc2307-openldap.properties> > > > > > > > > # > > > > # Server > > > > # > > > > vars.server =my.abc.net <http://my.abc.net> <http://my.abc.net> > > > > > > > > # > > > > # Search user and its password. > > > > # > > > > vars.user = > > > > > > > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net > > > > vars.password = company1 > > > > > > > > pool.default.serverset.single.server = ${global:vars.server} > > > > pool.default.auth.simple.bindDN = ${global:vars.user} > > > > pool.default.auth.simple.password = ${global:vars.password} > > > > > > > > # Create keystore, import certificate chain and uncomment > > > > # if using ssl/tls. > > > > #pool.default.ssl.startTLS = true > > > > #pool.default.ssl.truststore.file = > > > > ${local:_basedir}/${global:vars.server}.jks > > > > #pool.default.ssl.truststore.password = changeit > > > > [root@cstlb2 aaa]# > > > > > > > > > > > > > > > > On Tue, Sep 22, 2015 at 7:25 PM, Alon Bar-Lev <alonbl@redhat.com <mailto:alonbl@redhat.com> <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>> wrote: > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Budur Nagaraju" <nbudoor@gmail.com <mailto:nbudoor@gmail.com> <mailto:nbudoor@gmail.com <mailto:nbudoor@gmail.com>>> > > > > > > To:users@ovirt.org <mailto:To:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> > > > > > > Sent: Tuesday, September 22, 2015 4:34:46 PM > > > > > > Subject: [ovirt-users] LDAP Authentication > > > > > > > > > > > > HI All, > > > > > > > > > > > > Can someone help me in configuring LDAP authentication for Ovirt ? > > > > > > > > > > Please review: > > > > >http://www.ovirt.org/Features/AAA > > > > > > > > > > > > >https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob... > > > > > > > > > > > > > > > >
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv <http://www.monkeymen.tv>
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--------------020703070204080601010105 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi,<br> <br> your user <a class="moz-txt-link-abbreviated" href="mailto:nbudoor@abc.net">nbudoor@abc.net</a> doesn't have appropriate permissions to login.<br> First you need to login as 'admin@internal' and assign him some permissions, then you will be able to login.<br> <br> Ondra<br> <br> <div class="moz-cite-prefix">On 09/23/2015 09:15 AM, Budur Nagaraju wrote:<br> </div> <blockquote cite="mid:CAHNF9Q_Rs_O5rhN5g49714RrfMMW7UuY-J6UmN6r3Jh3OXew4g@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div> <div>HI All,<br> <br> </div> After rectifying this able to search the domain in the users in UI,<br> </div> but unable to login getting the below error ,<br> <br> <br> 2015-09-23 12:41:47,482 WARN [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for user <a moz-do-not-send="true" href="mailto:nbudoor@abc.net">nbudoor@abc.net</a>. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br> <br> </div> Thanks,<br> </div> Nagaraju<br> <br> <div> <div><br> <div> <div><br> <br> </div> </div> </div> </div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek <span dir="ltr"><<a moz-do-not-send="true" href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> Hi,<br> <br> as Alon already said, you have trailing space in your configuration<br> <br> '<a moz-do-not-send="true" href="http://my.abc.net" target="_blank">my.abc.net</a> ' <-- space at the end<br> <br> Please remove this space and try again.<br> <br> Ondra <div> <div class="h5"><br> <br> <div>On 09/23/2015 05:35 AM, Budur Nagaraju wrote:<br> </div> </div> </div> <blockquote type="cite"> <div> <div class="h5"> <div dir="ltr"> <div> <div> <div> <div>HI Alon,<br> <br> </div> Tried all the options but no luck ,<br> <br> </div> I have copied the logs in the pastebin below is the link , warning message is that unable to resolve the DNS ,let me know any help would I get .<br> <br> <a moz-do-not-send="true" href="http://pastebin.com/7qN9QnHK" target="_blank">http://pastebin.com/7qN9QnHK</a><br> <br> </div> Thanks,<br> </div> Nagaraju<br> <br> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <span dir="ltr"><<a moz-do-not-send="true" href="mailto:daniel.helgenberger@m-box.de" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box.de</a></a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Budur,<br> <br> I've done this recently. Alon, no offense, but the docs are not quite strait forward...<br> <br> Requirements:<br> - LDAP server (obviously) - called here <a moz-do-not-send="true" href="http://ldap.mydomain.com" rel="noreferrer" target="_blank">ldap.mydomain.com</a><br> - LDAP bind account - called here <a moz-do-not-send="true" href="mailto:ldap@mydomain.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ldap@mydomain.com">ldap@mydomain.com</a></a>, password 'Passw@rd'<br> - At least one existing account in ladp, called <a moz-do-not-send="true" href="mailto:user@mydomain.com" target="_blank">user@mydomain.com</a><br> <br> Please note, the most common issue will be DNS.<br> <br> I'll describe in short what steps need to be taken. All this needs to be done on your engine host. In the end this was quite easy :)<br> <br> 1. Install the packages: ovirt-engine-extension-aaa-ldap and openldap-clients (these are only for testing your setup)<br> 2. Test if ldap is working in general. (The extension uses the global catalog at least for AD, this was news to me):<br> # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H <a moz-do-not-send="true">ldap://</a><a moz-do-not-send="true" href="http://ldap.mydomain.com:3268/" rel="noreferrer" target="_blank">ldap.mydomain.com:3268/</a> -x \<br> -D '<a moz-do-not-send="true" href="mailto:ldap@mydomain.com" target="_blank">ldap@mydomain.com</a>' -w Passw@rd -b '' '(userPrincipalName=<a moz-do-not-send="true" href="mailto:user@mydomian.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomian.com">user@mydomian.com</a></a>)' cn userPrincipalName<br> <br> If this command does not return details of the user, do debug your ldap and continue once this works. Example:<br> <br> # extended LDIF<br> #<br> # LDAPv3<br> # base <> with scope subtree<br> # filter: (userPrincipalName=<a moz-do-not-send="true" href="mailto:user@mydomain.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:user@mydomain.com">user@mydomain.com</a></a>)<br> # requesting: cn userPrincipalName<br> # with pagedResults control: size=1024<br> #<br> <br> # Some Name, some-ou, <a moz-do-not-send="true" href="http://mydomain.com" rel="noreferrer" target="_blank">mydomain.com</a><br> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com<br> cn: Some Name<br> userPrincipalName: <a moz-do-not-send="true" href="mailto:user@mydomain.com" target="_blank">user@mydomain.com</a><br> <br> # search result<br> search: 2<br> result: 0 Success<br> control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=<br> pagedresults: cookie=<br> <br> # numResponses: 2<br> # numEntries: 1<br> <br> <br> 3. Copy the examples as mentioned from the readme.<br> 4. You only need to modify /etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest as is.<br> 5. There, set:<br> <br> vars.domain = <a moz-do-not-send="true" href="http://ldap.mydomain.com" rel="noreferrer" target="_blank">ldap.mydomain.com</a><br> vars.user = ldap@${global:vars.domain}<br> vars.password = Passw@rd<br> <br> 6. Restart ovirt engine service<br> 7. Log in as admin@einternal and add user rights and roles from the new provider<br> <br> Hope this helps.<br> <span><br> On <a moz-do-not-send="true" href="tel:22.09.2015%2016" value="+12209201516" target="_blank">22.09.2015 16</a>:46, Budur Nagaraju wrote:<br> ><br> > below are the three files which I have modified.<br> ><br> ><br> > [root@cstlb2 extensions.d]# cat profile1-authn.properties<br> </span>> <a moz-do-not-send="true" href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a> <<a moz-do-not-send="true" href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>>; = cloudspin-authn<br> <span>> ovirt.engine.extension.bindings.method = jbossmodule<br> > ovirt.engine.extension.binding.jbossmodule.module =<br> > org.ovirt.engine-extensions.aaa.ldap<br> > ovirt.engine.extension.binding.jbossmodule.class =<br> > org.ovirt.engineextensions.aaa.ldap.AuthnExtension<br> > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<br> </span>> <a moz-do-not-send="true" href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a> <<a moz-do-not-send="true" href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br> <span>> = cloudspin<br> > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth<br> > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties<br> ><br> ><br> > [root@cstlb2 extensions.d]# ls<br> > profile1-authn.properties profile1-authz.properties<br> > [root@cstlb2 extensions.d]# cat profile1-authz.properties<br> </span>> <a moz-do-not-send="true" href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a> <<a moz-do-not-send="true" href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>>; = cloudspin-authz<br> <div> <div>> ovirt.engine.extension.bindings.method = jbossmodule<br> > ovirt.engine.extension.binding.jbossmodule.module =<br> > org.ovirt.engine-extensions.aaa.ldap<br> > ovirt.engine.extension.binding.jbossmodule.class =<br> > org.ovirt.engineextensions.aaa.ldap.AuthzExtension<br> > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz<br> > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties<br> > [root@cstlb2 extensions.d]#<br> ><br> ><br> ><br> > [root@cstlb2 aaa]# pwd<br> > /etc/ovirt-engine/aaa<br> > [root@cstlb2 aaa]# ls<br> > ldap1.properties<br> > [root@cstlb2 aaa]# cat ldap1.properties<br> > #<br> > # Select one<br> > #<br> > include = <openldap.properties><br> > #include = <389ds.properties><br> > #include = <rhds.properties><br> > #include = <ipa.properties><br> > #include = <iplanet.properties><br> > #include = <rfc2307.properties><br> > #include = <rfc2307-openldap.properties><br> ><br> > #<br> > # Server<br> > #<br> </div> </div> > vars.server = <a moz-do-not-send="true" href="http://my.abc.net" rel="noreferrer" target="_blank">my.abc.net</a> <<a moz-do-not-send="true" href="http://my.abc.net" rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="http://my.abc.net">http://my.abc.net</a></a>><br> <span>><br> > #<br> > # Search user and its password.<br> > #<br> > vars.user =<br> > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net<br> > vars.password = company<br> ><br> > pool.default.serverset.single.server = ${global:vars.server}<br> > pool.default.auth.simple.bindDN = ${global:vars.user}<br> > pool.default.auth.simple.password = ${global:vars.password}<br> ><br> > # Create keystore, import certificate chain and uncomment<br> > # if using ssl/tls.<br> > #pool.default.ssl.startTLS = true<br> > #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks<br> > #pool.default.ssl.truststore.password = changeit<br> > [root@cstlb2 aaa]#<br> ><br> ><br> ><br> ><br> ><br> ><br> > On Tue, Sep 22, 2015 at 8:07 PM, Alon Bar-Lev <<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a><br> </span><span>> <mailto:<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a>>> wrote:<br> ><br> ><br> ><br> > ----- Original Message -----<br> </span><span>> > From: "Budur Nagaraju" <<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a> <mailto:<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>>><br> > > To: "Alon Bar-Lev" <<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a> <mailto:<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>>><br> > > <a moz-do-not-send="true" href="mailto:Cc%3Ausers@ovirt.org" target="_blank">Cc:users@ovirt.org</a> <mailto:<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> > > Sent: Tuesday, September 22, 2015 5:35:16 PM<br> > > Subject: Re: [ovirt-users] LDAP Authentication<br> > ><br> > > its too complicated ,you have any script or video ?<br> ><br> > in 3.6 we have a setup script.<br> > for now:<br> ><br> > cp -r /usr/share/ovirt-engine/examples/simple/. /etc/ovirt-engine/<br> ><br> > this is written in the README.<br> ><br> > then customize files at /etc/ovirt-engine/extnesions.d/*<br> > /etc/ovirt-engine/aaa/* to match your setup<br> ><br> > ><br> > ><br> </span><span>> > On Tue, Sep 22, 2015 at 8:00 PM, Alon Bar-Lev <<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a> <mailto:<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>>> wrote:<br> > ><br> > > ><br> > > ><br> > > > ----- Original Message -----<br> </span> <div> <div>> > > > From: "Budur Nagaraju" <<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a> <mailto:<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>>><br> > > > > To: "Alon Bar-Lev" <<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a> <mailto:<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>>><br> > > > > <a moz-do-not-send="true" href="mailto:Cc%3Ausers@ovirt.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:Cc:users@ovirt.org">Cc:users@ovirt.org</a></a> <mailto:<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> > > > > Sent: Tuesday, September 22, 2015 5:24:36 PM<br> > > > > Subject: Re: [ovirt-users] LDAP Authentication<br> > > > ><br> > > > > HI Alon,<br> > > > ><br> > > > > Below is the configuration which I have done ,but unable to search the<br> > > > > users in UI<br> > > > > can you pls help me ?<br> > > ><br> > > > you need three files, see the<br> > > > /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple<br> > > ><br> > > > ><br> > > > ><br> > > > > [root@cstlb2 aaa]# cat ldap1.properties<br> > > > > #<br> > > > > # Select one<br> > > > > #<br> > > > > include = <openldap.properties><br> > > > > #include = <389ds.properties><br> > > > > #include = <rhds.properties><br> > > > > #include = <ipa.properties><br> > > > > #include = <iplanet.properties><br> > > > > #include = <rfc2307.properties><br> > > > > #include = <rfc2307-openldap.properties><br> > > > ><br> > > > > #<br> > > > > # Server<br> > > > > #<br> </div> </div> > > > > vars.server =<a moz-do-not-send="true" href="http://my.abc.net" rel="noreferrer" target="_blank">my.abc.net</a> <<a moz-do-not-send="true" href="http://my.abc.net" target="_blank"><a class="moz-txt-link-freetext" href="http://my.abc.net">http://my.abc.net</a></a>><br> <span>> > > ><br> > > > > #<br> > > > > # Search user and its password.<br> > > > > #<br> > > > > vars.user =<br> > > > ><br> > > > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net<br> > > > > vars.password = company1<br> > > > ><br> > > > > pool.default.serverset.single.server = ${global:vars.server}<br> > > > > pool.default.auth.simple.bindDN = ${global:vars.user}<br> > > > > pool.default.auth.simple.password = ${global:vars.password}<br> > > > ><br> > > > > # Create keystore, import certificate chain and uncomment<br> > > > > # if using ssl/tls.<br> > > > > #pool.default.ssl.startTLS = true<br> > > > > #pool.default.ssl.truststore.file =<br> > > > > ${local:_basedir}/${global:vars.server}.jks<br> > > > > #pool.default.ssl.truststore.password = changeit<br> > > > > [root@cstlb2 aaa]#<br> > > > ><br> > > > ><br> > > > ><br> </span><span>> > > > On Tue, Sep 22, 2015 at 7:25 PM, Alon Bar-Lev <<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:alonbl@redhat.com">alonbl@redhat.com</a></a> <mailto:<a moz-do-not-send="true" href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>>> wrote:<br> > > > ><br> > > > > ><br> > > > > ><br> > > > > > ----- Original Message -----<br> </span><span>> > > > > > From: "Budur Nagaraju" <<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nbudoor@gmail.com">nbudoor@gmail.com</a></a> <mailto:<a moz-do-not-send="true" href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>>><br> > > > > > > <a moz-do-not-send="true" href="mailto:To:users@ovirt.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:To:users@ovirt.org">To:users@ovirt.org</a></a> <mailto:<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> > > > > > > Sent: Tuesday, September 22, 2015 4:34:46 PM<br> > > > > > > Subject: [ovirt-users] LDAP Authentication<br> > > > > > ><br> > > > > > > HI All,<br> > > > > > ><br> > > > > > > Can someone help me in configuring LDAP authentication for Ovirt ?<br> > > > > ><br> > > > > > Please review:<br> > > > > ><a moz-do-not-send="true" href="http://www.ovirt.org/Features/AAA" rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="http://www.ovirt.org/Features/AAA">http://www.ovirt.org/Features/AAA</a></a><br> > > > > ><br> > > > > ><br> > > ><a moz-do-not-send="true" href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob..." rel="noreferrer" target="_blank">https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0</a><br> > > > > ><br> > > > ><br> > > ><br> > ><br> ><br> ><br> <br> </span>--<br> Daniel Helgenberger<br> m box bewegtbild GmbH<br> <br> P: +49/30/2408781-22<br> F: +49/30/2408781-10<br> <br> ACKERSTR. 19<br> D-10115 BERLIN<br> <br> <br> <a moz-do-not-send="true" href="http://www.m-box.de" rel="noreferrer" target="_blank">www.m-box.de</a> <a moz-do-not-send="true" href="http://www.monkeymen.tv" target="_blank"><a class="moz-txt-link-abbreviated" href="http://www.monkeymen.tv">www.monkeymen.tv</a></a><br> <br> Geschäftsführer: Martin Retschitzegger / Michaela Göllner<br> Handeslregister: Amtsgericht Charlottenburg / HRB 112767<br> </blockquote> </div> <br> </div> <br> <fieldset></fieldset> <br> </div> </div> <pre>_______________________________________________ Users mailing list <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </div> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------020703070204080601010105--