Re: [ovirt-users] oVirt AD integration problems
Hi Ondra,
Not really. aaa-ldap by default uses just simple bind, no gssapi.
If you have any problems with certificate I would suggest you to check if
you are using the correct one, correctly. More info for it can be
found here:
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa
-ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863f
cb0f72bc3a;hb=HEAD#l397
I've run the following tests in that README you posted above, and all
worked fine:
ovirt-engine-extensions-tool aaa login-user --profile=mydomain.com
--user-name=myuser
ovirt-engine-extensions-tool aaa search --extension-name=mydomain.com-authz
--entity=principal --entity-name=myuser
LDAPTLS_REQCERT=never ldapsearch -ZZ -H ldap://ad.mydomain.com -x -D
"CN=myuser,CN=Users,DC=mydomain,DC=com" -W -b "dc=mydomain,dc=com"
I thought I wouldn't need to import any certificate from AD - is that a
requirement?
Do I need to set up Apache separately to use LDAP auth? The service
principals exist in the krb5.keytab, but I don't if that is only if you are
using SSO.
Thanks,
Cam
_______________________________________________
Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
Attachments:
- attachment.html (text/html — 2.8 KB)