On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky <yzaslavs@redhat.com>wrote:
+ LdapEncryptionType clear is not understandable. What did you mean by that?
------------------------------
*From: *"Vinzenz Feenstra" <vfeenstr@redhat.com> *To: *users@ovirt.org *Sent: *Monday, November 19, 2012 11:29:42 AM *Subject: *Re: [Users] I don't know how to add AD users
On 11/19/2012 10:01 AM, Cristian Falcas wrote:
Hi,
I'm trying to add some users to ovirt using an AD.
This is the configuration I used for a mediawiki site, which is working correctly: $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPUseLocal = true; $wgLDAPDomainNames = array( "a_domain"); $wgLDAPServerNames = array( "a_domain"=>"site.example.com"); $wgLDAPEncryptionType = array( "a_domain"=>"clear"); $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME"); $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");
Those are the commands I tried using: engine-manage-domains -action=add -domain=site.example.com-provider=ActiveDirectory -user= user.name -interactive
engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user=user.name@company.com -interactive
engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user=user.name@site.example.com -interactive
You don't add an user this way. You add the domain. You have to pass the domain admin user and the domain admin password. Then you can use the domain within the engine. e.g. search users, add access rights for vms etc. Even login to the engine and assigning rights within the engine you can handle from the engine itself.
Regards,
And the output on all tries: Enter password:
Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: domain_used_in_command Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.
Can someone help me with the correct parameters?
Best regards, Cristian Falcas
_______________________________________________ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
-- Regards,
Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R & D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo
Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
That was the configuration needed for the wiki extension used for ldap authentication. So the admin users is needed in order to retrieve the list of users only? Can someone recommend the simplest ldap server installation I could use for this? I was thinking first at freeipa, but it's not compatible with mod_ssl, which is required by ovirt. Best regards, Cristian Falcas