Re: [ovirt-users] Setting Base DN for LDAP authentication
----- Original Message -----
From: jdeloro(a)web.de
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, January 12, 2015 4:16:17 PM
Subject: Re: [ovirt-users] Setting Base DN for LDAP authentication
Hello,
many thanks to Alon! We have a working setup with support for base dn. The
special challenge in our setup is the constraint of specifying a base dn for
every ldap search and referrals inside the branches that must be processed.
If anyone has the same problem, our working configuration with a slightly
newer version of ovirt-engine-extension-aaa-ldap is:
Note that this environment has more than only baseDN issue, it also requires to
dereference references at server side. Most environments should not require this, nor have
invalid baseDN in their rootDSE naming context.
In this specific environment a query for baseDN X result in baseDN Y.
Thank you Jannick for the problem determination process.
Supporting baseDN X->Y will be formally released in 1.0.2.
$ cat /etc/ovirt-engine/aaa/company-ldap.properties
include = <rfc2307-openldap.properties>
vars.server = ldap.company.de
vars.user = cn=system,dc=company,dc=de
vars.password = password
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
sequence-init.init.100-my-basedn-init-vars = my-basedn-init-vars
sequence.my-basedn-init-vars.010.description = set baseDN
sequence.my-basedn-init-vars.010.type = var-set
sequence.my-basedn-init-vars.010.var-set.variable = simple_baseDN
sequence.my-basedn-init-vars.010.var-set.value = dc=company,dc=de
search.default.search-request.derefPolicy = ALWAYS
Best regards
Jannick