LDAP - not able to find members of groups
Hi oVirt List, I manage to connect oVirt to my LDAP and I'm able to search for users and groups. I'm using openLDAP within a ClearOS installation and it looks like this is a bit different to the standard openLDAP. Inside the LDAP groups there is an attribute with is calls "member". Example: member cn=Timmi,ou=Users,ou=Accounts,dc=domain,dc=com Is someone able to help me how to make sure that oVirt is able to join the users to the groups? Best regards Timmi
By default the openldap configuration on oVirt does connect it via member attribute of the group, so you shouldn't have any issue logging in as user from some group. We support also memberOf plugin, but it's not default for openldap. On 08/05/2019 13:10, Timmi wrote:
Hi oVirt List,
I manage to connect oVirt to my LDAP and I'm able to search for users and groups.
I'm using openLDAP within a ClearOS installation and it looks like this is a bit different to the standard openLDAP.
Inside the LDAP groups there is an attribute with is calls "member".
Example: member cn=Timmi,ou=Users,ou=Accounts,dc=domain,dc=com
Is someone able to help me how to make sure that oVirt is able to join the users to the groups?
Best regards Timmi _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PBQXDJGOZ2ET34...
Hi Ondra, thank you for the reply. The openldap.properties did not work with my openLDAP config. It looks like I'm using a kind of RFC2307bis configuration but I managed to solve problem while overwriting the following search filter: search.rfc2307-resolve-groups-memberUid.search-request.filter The test tool is providing me all assigned groups for my user now. ovirt-engine-extensions-tool aaa login-user --profile=domain.com --user-name=timmi Best regards Timmi Am 09.05.19 um 09:18 schrieb Ondra Machacek:
By default the openldap configuration on oVirt does connect it via member attribute of the group, so you shouldn't have any issue logging in as user from some group. We support also memberOf plugin, but it's not default for openldap.
On 08/05/2019 13:10, Timmi wrote:
Hi oVirt List,
I manage to connect oVirt to my LDAP and I'm able to search for users and groups.
I'm using openLDAP within a ClearOS installation and it looks like this is a bit different to the standard openLDAP.
Inside the LDAP groups there is an attribute with is calls "member".
Example: member cn=Timmi,ou=Users,ou=Accounts,dc=domain,dc=com
Is someone able to help me how to make sure that oVirt is able to join the users to the groups?
Best regards Timmi _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PBQXDJGOZ2ET34...
participants (2)
-
Ondra Machacek -
Timmi