I've got a LDAP server without kerberos and I am trying to intergrate its users to oVirt-3.5 with AAA. ========================== /etc/ovirt-engine/aaa/example.properties: include = <openldap.properties> vars.user = cn=directory manager vars.password = mypassword vars.server = example.com #pool.default.ssl.startTLS = false #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem #pool.default.ssl.truststore.password = admin pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} ========================== This is my basic ldap infomation: ou=Groups | +---- cn=UserGroup1 | +---- cn=UserGroup2 ou=UserGroup1 | +---- cn=user1 | +---- cn=user2 ou=UserGroup2 | +---- cn=user3 | +---- cn=user4 ========================== Now I can see example.com in web portal but I cannot list users in UG1 or UG2. I find that I could map DN, ID NAME, DISPLAY in the config file. What should I add in the config file then?