On Tue, May 31, 2016 at 4:24 PM, Alexis HAUSER < alexis.hauser@telecom-bretagne.eu> wrote:
Thank you, this actually works. Yes, I'll remove it as soon as possible. Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds most of the groups a user belongs to. RHEV + LDAP is only able to find one group a user belongs to >>(which is not the same group found when I search the same user with ldapsearch...Still not able to solve that mystery....)
That's very strange, we test it and it works for us. But you said you use more namingContexts than one, right? It could be the problem as we support only one.
Which attribute is used by RHEV/ovirt to guess which user a group belong (or the controry), in the case of LDAP and in the case of AD ? I can see that not all attributes are filled in the AD/LDAP database here.
It depends on what profile do you include in /etc/ovirt-engine/aaa/<PROFILE_NAME>.properties: 1) Included ad.properties are defined in /usr/share/ovirt-engine-extension-aaa-ldap/profiles/ad.properties and here are attribute mappings: attrmap.map-principal-record.attr.PrincipalRecord_DN.map = _dn attrmap.map-principal-record.attr.PrincipalRecord_ID.map = objectGUID attrmap.map-principal-record.attr.PrincipalRecord_ID.conversion = BASE64 attrmap.map-principal-record.attr.PrincipalRecord_NAME.map = name attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = userPrincipalName attrmap.map-principal-record.attr.PrincipalRecord_DISPLAY_NAME.map = displayName attrmap.map-principal-record.attr.PrincipalRecord_DEPARTMENT.map = department attrmap.map-principal-record.attr.PrincipalRecord_FIRST_NAME.map = givenName attrmap.map-principal-record.attr.PrincipalRecord_LAST_NAME.map = sn attrmap.map-principal-record.attr.PrincipalRecord_TITLE.map = title attrmap.map-principal-record.attr.PrincipalRecord_EMAIL.map = mail attrmap.map-group-record.attr.GroupRecord_DN.map = _dn attrmap.map-group-record.attr.GroupRecord_ID.map = objectGUID attrmap.map-group-record.attr.GroupRecord_ID.conversion = BASE64 attrmap.map-group-record.attr.GroupRecord_NAME.map = name attrmap.map-group-record.attr.GroupRecord_DISPLAY_NAME.map = description 2) In case of LDAP, please take a look at include=<XYZ.properties> to find out what profile are you using
Run this command: $ keytool -storepasswd -keystore /path/to/jks/x.jks It will ask you for old and new password.
Thank you, I'll ask rhev-docs to add this to the documentation, as they make you generate a new certificate even when using the automatic setup, which makes the automatically generated certificate useless.
By the way, is there a list of all the possible options/values of .properties file ?
No tool for that, you need to investigate properties files. Please start reading README.profile in aaa-ldap package, which contains doc about the structure of each file.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users