Hi,
On 01/09/2015 07:31 AM, jdeloro(a)web.de wrote:
Hello,
I'm trying to configure LDAP authentication with oVirt 3.5 and
ovirt-engine-extension-aaa-ldap. I chose the simple bind transport example. But the given
examples are missing the explicit specification of a base dn. Could you please advise me
how this can be done?
My curent configuration:
[jd@om01 ovirt-engine]$ cat aaa/company-ldap.properties
include = <openldap.properties>
vars.server = ldap.company.de
vars.user = cn=system,dc=company,dc=de
vars.password = password
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
[jd@om01 ovirt-engine]$ cat company-ldap-authn.properties
ovirt.engine.extension.name = company-ldap-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = company-ldap
ovirt.engine.aaa.authn.authz.plugin = company-ldap-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/company-ldap.properties
[jd@om01 ovirt-engine]$ cat company-ldap-authz.properties
ovirt.engine.extension.name = company-ldap-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/company-ldap.properties
[jd@om01 ovirt-engine]$ ldapsearch -H ldap://ldap.company.de -D
cn=system,dc=company,dc=de -W -b dc=company,dc=de cn=jdeloro
# extended LDIF
#
# LDAPv3
# base <dc=company,dc=de> with scope subtree
# filter: cn=jdeloro
# requesting: ALL
#
# jdeloro, users, admins, company.de
dn: cn=jdeloro,ou=users,ou=admins,dc=company,dc=de
[... and many more lines ...]
I could not use namingContexts from RootDSE cause this results in base dn dc=de instead
of dc=company,dc=de.
Can you try user 'cn=Manager', I think it's incorrectly configured ACL.
Kind regards
Jannick
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users