On 07/04/2016 04:13 PM, Fabrice Bacchella wrote:
I want to setup two LDAP base profile.
One is backed using an active directory (for real users) One is backed using an openldap (for service account).
I have to problem with this setup.
One it's that in the log I see many "Creating LDAP pool 'authz'" and "Creating LDAP pool 'authn'". If I have two LDAP backend, I'm afraid they will be a conflict of ldap pool if they used the same name.
I am unsure I understand the problem, if you will use different profiles you won't share the pool. Can you send the log and explain on that what's going on, so we can understand the problem?
I tried to add in my openldap.properties:
search.simple-namespace.pool = authz-prod search.simple-user-fetch.pool = authz-prod search.simple-resolve-groups-member.pool = authz-prod search.simple-resolve-groups-memberOf-item.pool = authz-prod search.simple-resolve-groups-memberOf.pool = authz-prod search.simple-query-principals.pool = authz-prod search.simple-query-groups.pool = authz-prod
Is that enough ? And Why is it replicated many time ?
I have another problem, there is a stupid bug in my openldap configuration, but it will be difficult to resolve that.
In it, there is two naming context dc=sub,dc=example,dc=com and dc=example,dc=com
Ovirt only see the first one, and of course, with a little help from Murphy, I need the seconde one. Is there anything I can do about that ?
Yes, you can. Please see[1] and check 'Is it possible to use specific base DN instead of automatic resolution?' [1] http://www.ovirt.org/develop/release-management/features/infra/aaa_faq/
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users