[Users] I don't know how to add AD users

Mon Nov 19 10:52:23 UTC 2012

On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky <yzaslavs at redhat.com>wrote:

> + LdapEncryptionType clear is not understandable.
> What did you mean by that?
>
>
> ------------------------------
>
> *From: *"Vinzenz Feenstra" <vfeenstr at redhat.com>
> *To: *users at ovirt.org
> *Sent: *Monday, November 19, 2012 11:29:42 AM
> *Subject: *Re: [Users] I don't know how to add AD users
>
>
> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>
> Hi,
>
> I'm trying to add some users to ovirt using an AD.
>
> This is the configuration I used for a mediawiki site, which is working
> correctly:
> $wgAuth = new LdapAuthenticationPlugin();
> $wgLDAPUseLocal = true;
> $wgLDAPDomainNames = array( "a_domain");
> $wgLDAPServerNames = array( "a_domain"=>"site.example.com");
> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
> $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");
>
> Those are the commands I tried using:
> engine-manage-domains -action=add -domain=site.example.com-provider=ActiveDirectory -user=
> user.name -interactive
>
> engine-manage-domains -action=add -domain=a_domain
> -provider=ActiveDirectory -user=user.name at company.com -interactive
>
> engine-manage-domains -action=add -domain=a_domain
> -provider=ActiveDirectory -user=user.name at site.example.com -interactive
>
>
>  You don't add an user this way. You add the domain. You have to pass the
> domain admin user and the domain admin password.
> Then you can use the domain within the engine. e.g. search users, add
> access rights for vms etc.
> Even login to the engine and assigning rights within the engine you can
> handle from the engine itself.
>
> Regards,
>
> And the output on all tries:
> Enter password:
>
> Error: Authentication Failed. Please verify the fully qualified domain
> name that is used for authentication is correct.. Problematic domain is:
> domain_used_in_command
> Failure while applying Kerberos configuration. Details: Authentication
> Failed. Please verify the fully qualified domain name that is used for
> authentication is correct.
>
> Can someone help me with the correct parameters?
>
>
> Best regards,
> Cristian Falcas
>
>
> _______________________________________________
> Users mailing listUsers at ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
>
>
>
> --
> Regards,
>
> Vinzenz Feenstra | Senior Software Engineer
> RedHat Engineering Virtualization R & D
> Phone: +420 532 294 625
> IRC: vfeenstr or evilissimo
>
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>

That was the configuration needed for the wiki extension used for ldap
authentication.

So the admin users is needed in order to retrieve the list of users only?

Can someone recommend the simplest ldap server installation I could use for
this? I was thinking first at freeipa, but it's not compatible with
mod_ssl, which is required by ovirt.

Best regards,
Cristian Falcas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121119/16c3b5e7/attachment-0001.html>