On Wed, Jan 24, 2018 at 1:35 PM, C Williams <cwilliams3320@gmail.com> wrote:
Hello,

Thanks for getting back with me !

Here is some info

1. Does it use RFC2307 as the schema or something else?

I have tried various flavors of the RFC2307 pre-set configs .  I think I,ve tried most of these ..

           1 - 389ds
           2 - 389ds RFC-2307 Schema

           4 - IBM Security Directory Server
           5 - IBM Security Directory Server RFC-2307 Schema
 
           7 - Novell eDirectory RFC-2307 Schema
           8 - OpenLDAP RFC-2307 Schema
           9 - OpenLDAP Standard Schema
          10 - Oracle Unified Directory RFC-2307 Schema
          11 - RFC-2307 Schema (Generic)
          12 - RHDS
          13 - RHDS RFC-2307 Schema
          14 - iPlanet

​Those profiles were created for servers we have tested, but it's highly probable that you will need a completely new profile for Apache DS. Due to this you cannot use setup tool, but you need to perform manual configuration as described in /usr/share/doc/ovirt-engine-extension-aaa-ldap-1.3.6/README.


     
2. What is the attribute name specifying available base DNs?

    dc=<domain>,dc=com    

​No, this is the DN, but we need to know the name of attribute within LDAP which contains the list of existing base DNs. For example for 389ds server using RFC2307 this information is stored in defaultNamingContext attribute (for details you can take a look at /usr/share/ovirt-engine-extension-aaa-ldap/profiles/rfc2307-389ds.properties).
 


3. What is the attribute name specifying unique ID of a record?

 dn: uid=<user>,ou=users,dc=<domain>,dc=com

​No, this is the DN, but each record in LDAP is usually uniquely identified by special attribute (so for example you can move record to different DN). For example for 389ds server using RFC2307 this unique identified is stored in nsUniqueId attribute (for details you can take a look at /usr/share/ovirt-engine-extension-aaa-ldap/profiles/rfc2307-389ds.properties).
 
Above information should be available somewhere in Apache DS documention.​


More on this ...

I changed the following in  /usr/share/ovirt-engine-extension-aaa-ldap/setup/plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py  to meet their need for port 10389 ...

                    636 if self.environment[
                        constants.LDAPEnv.PROTOCOL
                    ] == 'ldaps'
                    #else (389 if port is None else port)
                    else (10389 if port is None else port)


​Please don't​ 
​do that, files in /usr/share are readonly for users and all changes will be overwritten by next update
 
I  also injected the following into the /var/tmp/*profile.properties" prior to testing user authentication using the setup tool

​Yes, that's the right way, if you need to change something, but you need to perform those changes in /etc/ovirt-engine/aaa directory, /var/tmp is used only as temporary directory for setup tool.


vars.port = 10389
pool.default.serverset.single.port = ${global:vars.port}


Thank You for Helping !!

Charles Williams
    


On Wed, Jan 24, 2018 at 3:50 AM, Martin Perina <mperina@redhat.com> wrote:
Hi,

officially we don't support Apache DS, but aaa-ldap is quite extensible so it should be possible attach it to oVirt.
As we don't have Apache DS installed, could you please provide us following information?

1. Does it use RFC2307 as the schema or something else?
2. What is the attribute name specifying available base DNs?
3. What is the attribute name specifying unique ID of a record?

Ondro, any other information required?

Thanks

Martin


On Wed, Jan 24, 2018 at 3:34 AM, C Williams <cwilliams3320@gmail.com> wrote:
Hello,

Has anyone successfully connected the ovirt-engine to Apache Directory Server 2.0 ?

I have tried the pre-set connections offered by oVirt and have been able to connect to the server on port 10389 after adding the port to a serverset.port. I can query the directory and see users but I cannot log onto the console as a user in the directory.

If any one has any experience/guidance on this, please let me know.

Thank You

Charles Williams


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.




--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.