[Users] I don't know how to add AD users

Itamar Heim iheim at redhat.com
Mon Nov 19 20:53:56 UTC 2012 

On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>> Hi,
>>
>> I'm trying to add some users to ovirt using an AD.
>>
>> This is the configuration I used for a mediawiki site, which is
>> working correctly:
>> $wgAuth = new LdapAuthenticationPlugin();
>> $wgLDAPUseLocal = true;
>> $wgLDAPDomainNames = array( "a_domain");
>> $wgLDAPServerNames = array( "a_domain"=>"site.example.com
>> <http://site.example.com>");
>> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
>> $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
>> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");
>>
>> Those are the commands I tried using:
>> engine-manage-domains -action=add -domain=site.example.com
>> <http://site.example.com> -provider=ActiveDirectory -user=user.name
>> <http://user.name> -interactive
>>
>> engine-manage-domains -action=add -domain=a_domain
>> -provider=ActiveDirectory -user=user.name at company.com
>> <mailto:user.name at company.com> -interactive
>>
>> engine-manage-domains -action=add -domain=a_domain
>> -provider=ActiveDirectory -user=user.name at site.example.com
>> <mailto:user.name at site.example.com> -interactive
>>
>>
> You don't add an user this way. You add the domain. You have to pass the
> domain admin user and the domain admin password.

any domain user will do, doesn't have to be an admin.
what does the log say?

> Then you can use the domain within the engine. e.g. search users, add
> access rights for vms etc.
> Even login to the engine and assigning rights within the engine you can
> handle from the engine itself.
>
> Regards,
>> And the output on all tries:
>> Enter password:
>>
>> Error: Authentication Failed. Please verify the fully qualified domain
>> name that is used for authentication is correct.. Problematic domain
>> is: domain_used_in_command
>> Failure while applying Kerberos configuration. Details: Authentication
>> Failed. Please verify the fully qualified domain name that is used for
>> authentication is correct.
>>
>> Can someone help me with the correct parameters?
>>
>>
>> Best regards,
>> Cristian Falcas
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
>
> --
> Regards,
>
> Vinzenz Feenstra | Senior Software Engineer
> RedHat Engineering Virtualization R & D
> Phone: +420 532 294 625
> IRC: vfeenstr or evilissimo
>
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list