aaa-LDAP schema selection
--Apple-Mail=_6D675AA7-CA97-4DA5-9B6D-4B4607EEF1F0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello all, I=E2=80=99d like to get the LDAP plugin working. We have a lovely LDAP = setup deployed (OpenLDAP), and nobody here has a clue how to map what we = have to the options the installer presents. Well, a clue, yes.=20 We include the core, cosine, nis, inetorgperson and misc schemas in the = config. The RHDS, 389, AD, IPA and Novell options are eliminated because we = aren=E2=80=99t running any of that. I eliminated =E2=80=98RFC-2307 = Schema (Generic)=E2=80=99 by finding attributes not included in the RFC, = but added by OpenLDAP.=20 Assuming what we are running maps to any of them, one of the = =E2=80=98OpenLDAP [RFC-2307|Standard] Schema' seem likely.=20 Does anyone know of a test (attribute that should be in one, or not in = another, or some such) to figure this out? Can it be inferred from my = schema includes (listed above)? I fear that determining this via process = of elimination is going to be brutal due to difficult-to-replicate = weirdness because of only minor differences, and the fact that there are = other moving parts at the moment with this setup. And to those who enjoy them, happy holidays. -j= --Apple-Mail=_6D675AA7-CA97-4DA5-9B6D-4B4607EEF1F0 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHejCCB3Yw ggVeoAMCAQICE1QAABNFH2NktVR+MW0AAAAAE0UwDQYJKoZIhvcNAQEFBQAwYDETMBEGCgmSJomT 8ixkARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3NxdWFyZXRyYWRlMRQwEgYKCZImiZPyLGQBGRYE Y29ycDEWMBQGA1UEAxMNY29ycC1TVUJDQS1DQTAeFw0xNTA5MjgxNjA1MDVaFw0xNjA4MTMyMjA3 NDJaMIGsMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLc3F1YXJldHJhZGUx FDASBgoJkiaJk/IsZAEZFgRjb3JwMRIwEAYDVQQLEwlFbXBsb3llZXMxCzAJBgNVBAsTAklUMRcw FQYDVQQDEw5KYW1pZSBMYXdyZW5jZTEoMCYGCSqGSIb3DQEJARYZamxhd3JlbmNlQHNxdWFyZXRy YWRlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKcbsIRNOtf5dPVSwBJPfmu SwaS3lsqO4k/GyptrL70oxJHcsFWu1er4Qne2LwL4pvWzG3ID8QCPzBNMaijhgmOqf5lCS66t5bt XqqKDUWw+JYW8qKNLxEFpXYJMnoRJ6GAwsD+R/TL9qB6tSZa/ElWm3u+Q+B6PsOPTJR0FcPy6jzD DeoLMcN/MgKBsUGYmJSBcqoBrd/7ugZancX5ZsIMtDpjGG9zYfT3r3deMRFFksfkUf2BakUoFYRP hVl2IUAsarZ8oWGOkkm6NoV8AQrCsFtJNlfrBWFjaJDgSU/7waVpaFwNbE3y5vKfsydkHCfuatdt gmTCIMXX8QU3mBkCAwEAAaOCAtowggLWMB0GA1UdDgQWBBSidwBvd8Keglu5uZyaGnDa0tfFBzAf BgNVHSMEGDAWgBSsU98vE8JHTC7TGa8VLHCSZCOFSTCB1QYDVR0fBIHNMIHKMIHHoIHEoIHBhoG+ bGRhcDovLy9DTj1jb3JwLVNVQkNBLUNBLENOPXN1YmNhLENOPUNEUCxDTj1QdWJsaWMlMjBLZXkl MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWNvcnAsREM9c3F1YXJl dHJhZGUsREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1j UkxEaXN0cmlidXRpb25Qb2ludDCBywYIKwYBBQUHAQEEgb4wgbswgbgGCCsGAQUFBzAChoGrbGRh cDovLy9DTj1jb3JwLVNVQkNBLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxD Tj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWNvcnAsREM9c3F1YXJldHJhZGUsREM9Y29t P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MBcG CSsGAQQBgjcUAgQKHggAVQBzAGUAcjAOBgNVHQ8BAf8EBAMCBaAwKQYDVR0lBCIwIAYKKwYBBAGC NwoDBAYIKwYBBQUHAwQGCCsGAQUFBwMCMFQGA1UdEQRNMEugLgYKKwYBBAGCNxQCA6AgDB5qbGF3 cmVuY2VAY29ycC5zcXVhcmV0cmFkZS5jb22BGWpsYXdyZW5jZUBzcXVhcmV0cmFkZS5jb20wRAYJ KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoG CCqGSIb3DQMHMA0GCSqGSIb3DQEBBQUAA4ICAQBwdFGJ18Dzg6eQoQU2oJ8PaoxTgOccXQNNcEZG wP0yk9ldV2BmqAw3yr0lUnhdk/ChkF9duSmWTHXrt8nAbyO8XVTwhIR6EcJEqS/MneudUsKbwClq yweMqsr/J9jz8Xl/IsbS0mWG9rb3o4stowNycrk2+t68DNMANQa4HGqh7Rz3XcrDtZOIRe33CPSc 552FgT1yJHBcNCkJHJQdZ6pXb0voP59eGIbrqOwhxfdorbb6lqYjSmOlUoQk5x0Gn25Z+B5q8a6o UTf1G5vMNups9133xuc1DeyFmjJVt6Xbs+BIIkAeL543iPWrr03vLclFRF+rwHBGkwklRY2eP/Qv oNOLBeuY85SiVdPKFlOSQc/U1kcpDani9UuQmQ1IZz3gea8WHDUyY2jSyAMZYFPNMQq+26eEo+HP +Gz7+F5IWRO1OL01EGsjCv/cdugqOsH/aIEc9XP4b/BUyWnxJxgI0d0j8BDfGiKcV+sCvkW4sO0p Oggj0b0SYnTB87hvjciZ4E8PHxaYlTyU95fdTQYLT6XjNMSQC3cIO4klbsObGRaIq5V4YbGiq91Z CkPCQjmBezFM7aLI9qb28gAT1NL2HZ0y5i8CDQWasE5RGyjqAhI6z+pl5RCUtUXimuo2KoA09eC6 RZllX/dT1f6+xGQu8DHMx+TSkYtuc2gzPFeFtjGCAxMwggMPAgEBMHcwYDETMBEGCgmSJomT8ixk ARkWA2NvbTEbMBkGCgmSJomT8ixkARkWC3NxdWFyZXRyYWRlMRQwEgYKCZImiZPyLGQBGRYEY29y cDEWMBQGA1UEAxMNY29ycC1TVUJDQS1DQQITVAAAE0UfY2S1VH4xbQAAAAATRTAJBgUrDgMCGgUA oIIBcTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTEyMjQwMTA2 NTZaMCMGCSqGSIb3DQEJBDEWBBQodZhL6dhRa4keT1Tc7lcceZyY/TCBhgYJKwYBBAGCNxAEMXkw dzBgMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLc3F1YXJldHJhZGUxFDAS BgoJkiaJk/IsZAEZFgRjb3JwMRYwFAYDVQQDEw1jb3JwLVNVQkNBLUNBAhNUAAATRR9jZLVUfjFt AAAAABNFMIGIBgsqhkiG9w0BCRACCzF5oHcwYDETMBEGCgmSJomT8ixkARkWA2NvbTEbMBkGCgmS JomT8ixkARkWC3NxdWFyZXRyYWRlMRQwEgYKCZImiZPyLGQBGRYEY29ycDEWMBQGA1UEAxMNY29y cC1TVUJDQS1DQQITVAAAE0UfY2S1VH4xbQAAAAATRTANBgkqhkiG9w0BAQEFAASCAQAMXanM3/mX 60yJ1vHsVl2R906uUHku+scVU2NYQX8vTqudmhIM/ESLFAQXXtxVrNMRVoC6ZpekEoiUWj505fek c73Q7CClPV1BMl2LU+LDN1bRVQZRwg58ISCt30A0kaYZTxXIcEeM4G42B0qpqigXl184T7QXNBh2 KVbBhZMo2LsRcx5LHKODibaEeeqcoKSBq6SMcRbQhTLNXLlJJQQyYoTeFiNNM0vP4jLmCvsJVnmp IEn6wp4F/Ufpcc8ckh7D0jveIOIbiC+EcyxRcJj/sMSLDy808YyhSpZrQYzgtrEhjI/+ym3JKze7 +zvnC8jKlRAYOv+xmxZee21zu0DTAAAAAAAA --Apple-Mail=_6D675AA7-CA97-4DA5-9B6D-4B4607EEF1F0--
Hi, Of course only OpenLDAP schamas are to be considered. In most cases it is sufficient to check if user is of uidObject object class which means that you use openldap scehma or posixAccount which means that you are using rfc2307. Regards, Alon ----- Original Message -----
From: "Jamie Lawrence" <jlawrence@squaretrade.com> To: "users" <users@ovirt.org> Sent: Thursday, December 24, 2015 3:06:56 AM Subject: [ovirt-users] aaa-LDAP schema selection
Hello all,
I’d like to get the LDAP plugin working. We have a lovely LDAP setup deployed (OpenLDAP), and nobody here has a clue how to map what we have to the options the installer presents.
Well, a clue, yes.
We include the core, cosine, nis, inetorgperson and misc schemas in the config.
The RHDS, 389, AD, IPA and Novell options are eliminated because we aren’t running any of that. I eliminated ‘RFC-2307 Schema (Generic)’ by finding attributes not included in the RFC, but added by OpenLDAP.
Assuming what we are running maps to any of them, one of the ‘OpenLDAP [RFC-2307|Standard] Schema' seem likely.
Does anyone know of a test (attribute that should be in one, or not in another, or some such) to figure this out? Can it be inferred from my schema includes (listed above)? I fear that determining this via process of elimination is going to be brutal due to difficult-to-replicate weirdness because of only minor differences, and the fact that there are other moving parts at the moment with this setup.
And to those who enjoy them, happy holidays.
-j _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Alon Bar-Lev -
Jamie Lawrence