[ovirt-users] How to mapping LDAP users in AAA

Alon Bar-Lev alonbl at redhat.com
Tue Oct 14 07:18:23 UTC 2014



----- Original Message -----
> From: "lofyer" <lofyer at gmail.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Tuesday, October 14, 2014 9:29:57 AM
> Subject: Re: [ovirt-users] How to mapping LDAP users in AAA
> 
> Sun Java Access System Manager

this is not openldap... why do you use openldap profile?

please attach full export of this ldap server, output of:

rootdse:
$ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w mypassword -s BASE

entities:
$ ldapsearch -o ldif-wrap=no -E pr=100/noprompt -H ldap://example.com -x -D 'cn=directory manager' -w mypassword -b <NAMING_CONTEXT>

> 
> 
> 在 14-10-14 下午1:52, Yair Zaslavsky 写道:
> >
> > ----- Original Message -----
> >> From: "lofyer" <lofyer at gmail.com>
> >> To: "users" <users at ovirt.org>
> >> Sent: Tuesday, October 14, 2014 5:10:56 AM
> >> Subject: [ovirt-users] How to mapping LDAP users in AAA
> >>
> >> I've got a LDAP server without kerberos and I am trying to intergrate
> >> its users to oVirt-3.5 with AAA.
> >> ==========================
> > Which ldap server is that, what vendor?
> >
> >> /etc/ovirt-engine/aaa/example.properties:
> >>
> >> include = <openldap.properties>
> >>
> >> vars.user = cn=directory manager
> >> vars.password = mypassword
> >> vars.server = example.com
> >>
> >> #pool.default.ssl.startTLS = false
> >> #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
> >> #pool.default.ssl.truststore.password = admin
> >>
> >> pool.default.serverset.single.server = ${global:vars.server}
> >> pool.default.auth.simple.bindDN = ${global:vars.user}
> >> pool.default.auth.simple.password = ${global:vars.password}
> >> ==========================
> >>
> >> This is my basic ldap infomation:
> >>
> >> ou=Groups
> >> |
> >> +---- cn=UserGroup1
> >> |
> >> +---- cn=UserGroup2
> >>
> >> ou=UserGroup1
> >> |
> >> +---- cn=user1
> >> |
> >> +---- cn=user2
> >>
> >>
> >> ou=UserGroup2
> >> |
> >> +---- cn=user3
> >> |
> >> +---- cn=user4
> >>
> >> ==========================
> >>
> >> Now I can see example.com in web portal but I cannot list users in UG1
> >> or UG2.
> >>
> >> I find that I could map DN, ID NAME, DISPLAY in the config file. What
> >> should I add in the config file then?
> >> _______________________________________________
> >> Users mailing list
> >> Users at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list