I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft###### pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.rootDN = ${global:vars.urootdn} pool.default.auth.simple.password = ${global:vars.password} # enable SSL pool.default.ssl.enable = true #pool.default.ssl.insecure = false # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks pool.default.ssl.truststore.password = changeit example config from testlink $tlCfg->authentication['method'] = 'LDAP'; /** LDAP authentication credentials */ $tlCfg->authentication['ldap_server'] = 'ldaps://directory.ft.com'; $tlCfg->authentication['ldap_port'] = '636'; $tlCfg->authentication['ldap_version'] = '3'; $tlCfg->authentication['ldap_root_dn'] = 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg->authentication['ldap_bind_dn'] = 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg->authentication['ldap_bind_passwd'] = 'Ft######'; $tlCfg->authentication['ldap_tls'] = false; // true -> use tls $tlCfg->authentication['ldap_organization'] = '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' $tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory