[ovirt-users] Setting Base DN for LDAP authentication

Alon Bar-Lev alonbl at redhat.com
Mon Jan 12 14:53:54 UTC 2015



----- Original Message -----
> From: jdeloro at web.de
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Monday, January 12, 2015 4:16:17 PM
> Subject: Re: [ovirt-users] Setting Base DN for LDAP authentication
> 
> Hello,
> 
> many thanks to Alon! We have a working setup with support for base dn. The
> special challenge in our setup is the constraint of specifying a base dn for
> every ldap search and referrals inside the branches that must be processed.
> 
> If anyone has the same problem, our working configuration with a slightly
> newer version of ovirt-engine-extension-aaa-ldap is:

Note that this environment has more than only baseDN issue, it also requires to dereference references at server side. Most environments should not require this, nor have invalid baseDN in their rootDSE naming context.

In this specific environment a query for baseDN X result in baseDN Y.

Thank you Jannick for the problem determination process.

Supporting baseDN X->Y will be formally released in 1.0.2.

> 
> $ cat /etc/ovirt-engine/aaa/company-ldap.properties
> include = <rfc2307-openldap.properties>
> 
> vars.server = ldap.company.de
> 
> vars.user = cn=system,dc=company,dc=de
> vars.password = password
> 
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
> 
> sequence-init.init.100-my-basedn-init-vars = my-basedn-init-vars
> sequence.my-basedn-init-vars.010.description = set baseDN
> sequence.my-basedn-init-vars.010.type = var-set
> sequence.my-basedn-init-vars.010.var-set.variable = simple_baseDN
> sequence.my-basedn-init-vars.010.var-set.value = dc=company,dc=de
> 
> search.default.search-request.derefPolicy = ALWAYS
> 
> Best regards
> 
> Jannick
> 



More information about the Users mailing list