On 07/04/2016 04:13 PM, Fabrice Bacchella wrote:
I want to setup two LDAP base profile.
One is backed using an active directory (for real users)
One is backed using an openldap (for service account).
I have to problem with this setup.
One it's that in the log I see many "Creating LDAP pool 'authz'"
and "Creating LDAP pool 'authn'". If I have two LDAP backend, I'm
afraid they will be a conflict of ldap pool if they used the same name.
I am unsure I understand the problem, if you will use different profiles
you won't share the
pool. Can you send the log and explain on that what's going on, so we
can understand the
problem?
I tried to add in my openldap.properties:
search.simple-namespace.pool = authz-prod
search.simple-user-fetch.pool = authz-prod
search.simple-resolve-groups-member.pool = authz-prod
search.simple-resolve-groups-memberOf-item.pool = authz-prod
search.simple-resolve-groups-memberOf.pool = authz-prod
search.simple-query-principals.pool = authz-prod
search.simple-query-groups.pool = authz-prod
Is that enough ? And Why is it replicated many time ?
I have another problem, there is a stupid bug in my openldap configuration, but it will
be difficult to resolve that.
In it, there is two naming context
dc=sub,dc=example,dc=com
and
dc=example,dc=com
Ovirt only see the first one, and of course, with a little help from Murphy, I need the
seconde one. Is there anything I can do about that ?
Yes, you can. Please see[1] and check 'Is it possible to use specific
base DN instead of automatic resolution?'
[1]
http://www.ovirt.org/develop/release-management/features/infra/aaa_faq/
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users