[Users] LDAP

Oved Ourfalli ovedo at redhat.com
Fri Feb 24 13:35:51 UTC 2012 


----- Original Message -----
> From: "Jeff Bailey" <bailey at cs.kent.edu>
> To: users at ovirt.org
> Sent: Friday, February 24, 2012 10:35:02 AM
> Subject: [Users] LDAP
> 
> Sorry for the new thread but I just joined the list.  The following
> excerpt from Nathan Stratton's 389DS log shows the same thing that
> I've
> been seeing when trying to use IPA.  It appears that the directory
> server type is being misidentified as active directory hence the
> search
> on samaccounttype and userprincipalname.
> 
> [23/Feb/2012:18:33:34 +0000] conn=50 op=3 SRCH
> base="dc=blinkmind,dc=net"
> scope=2
> filter="(&(samaccounttype=805306368)(userprincipalname=nathan at
> BLINKMIND.NET  <http://lists.ovirt.org/mailman/listinfo/users>))"
> attrs="nsUniqueId ipaUniqueID objectguid objectClass
> javaSerializedData
> javaClassName javaFactory javaCodebase javaReferenceAddress
> javaClassNames
> javaremotelocation"
> 
> 
The identification of the provider type is done using the following logic, according to the results from the root DSE query:
* if it contains a defaultNamingContext attribute --> AD
* else
* Check the vendorName attribute
* if it is "389 Project" then it is IPA
* if it is "Red Hat" then it is RHDS.

We added support for AD, IPA and RHDS. I guess that 389ds has a different vendor name.

What does your root DSE query show?
You can run it using ldapsearch, with the options" -LLL -Y GSSAPI -D <distinguished name of the username> -h <ldap server> -b "" -s base objectClass=*

the distinguished name will be something like:
uid=username,dc=example,dc=com

It will help us understand which vendor name is shown in your ldap server, and we might use it in order to improve the identification.

It surprises me that IPA is not identified correctly, as "389 Project" is the vendor name that was used there (unless it was changed).
As for 389ds, as I said before we added RHDS support, so there might be changes in the schema, and also probably the vendor name there is not "Red Hat".


> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list