[ovirt-users] Errors while trying to join an external LDPA provider

Ondra Machacek omachace at redhat.com
Tue May 3 08:49:28 UTC 2016

On 05/03/2016 10:28 AM, Alexis HAUSER wrote:
>> Are you sure you've specified correct CA?
>> Can you try running this command:
>>  LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
>> -D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
>> If it fail then most probably you have incorrect CA certificate.
>> If it succeed, please open bug in bugzilla with logs of setup tool if
>> possible.
> Oh I'm sorry, that was actually a certificate problem...
> With the right certificate, I can now join the LDAP provider.
> However, I can't login with any user...But with ldapsearch I can find those users with uid=user
> I used ovirt-engine-extensions-tool aaa login-user  --profile=xxx --user-name=xxx
> and I realize now what is the problem : the available namespaces shows the wrong dn. It should be instead one level above (or it will not possible to find the users)
> Any idea how I can change that in the configuration ?

You can specify custom base DN, which overrides the one which is 
automatically resolved if
you add following lines into /etc/ovirt-engine/aaa/your_profile.properties:

  sequence-init.init.100-my-basedn-init-vars = my-basedn-init
  sequence.my-basedn-init.010.description = set custom baseDN
  sequence.my-basedn-init.010.type = var-set
  sequence.my-basedn-init.010.var-set.variable = simple_baseDN
  sequence.my-basedn-init.010.var-set.value = dc=your,dc=different,dc=dn

More information about the Users mailing list