Hi Ondra,

Not really. aaa-ldap by default uses just simple bind, no gssapi.
If you have any problems with certificate I would suggest you to check if you are using the correct one, correctly. More info for it can be
found here:

https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863fcb0f72bc3a;hb=HEAD#l397

I've run the following tests in that README you posted above, and all worked fine:

ovirt-engine-extensions-tool aaa login-user --profile=mydomain.com --user-name=myuser
ovirt-engine-extensions-tool aaa search --extension-name=mydomain.com-authz --entity=principal --entity-name=myuser
LDAPTLS_REQCERT=never ldapsearch -ZZ -H ldap://ad.mydomain.com -x -D "CN=myuser,CN=Users,DC=mydomain,DC=com" -W -b "dc=mydomain,dc=com"

I thought I wouldn't need to import any certificate from AD - is that a requirement?

Do I need to set up Apache separately to use LDAP auth? The service principals exist in the krb5.keytab, but I don't if that is only if you are using SSO.

Thanks,

Cam

_______________________________________________

Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users