[ovirt-users] Errors while trying to join an external LDPA provider
Ondra Machacek
omachace at redhat.com
Tue May 3 11:41:08 UTC 2016
On 05/03/2016 11:58 AM, Alexis HAUSER wrote:
>
>>> Thank you, now I see the correct namespace shown, but still no way to login with any user...Any idea ?
>>>
>
>> Hard to say without logs, can you please share log output of
>> ovirt-engine-extensions-tool?
>> Please run it with:
>> ovirt-engine-extensions-tool --log-level=FINEST --log-file=output.log
>> aaa login-user --profile=xxx --user-name=xxx
>
>
> I attached the log file
>
Thanks,
for some reason it can't find the user 'myuser'.
The search command that is executed is:
LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
'ou=people,o=unix,dc=somewhere,dc=any' -D
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
'(&(objectClass=uidObject)(uid=*)(uid=myuser))'
Is that searchbase(-b param) ok?
Does 'cn=mysearchuser' user have appropriate permissions to see users?
Or do you use rfc2307? You can find out running this command:
LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
'ou=people,o=unix,dc=somewhere,dc=any' -D
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
If ^this command will find your user then just change in
/etc/ovirt-engine/aaa/your_profile.properties:
include = <openldap.properties>
to
include = <rfc2307-openldap.properties>
More information about the Users
mailing list