[ovirt-users] Errors while trying to join an external LDPA provider

Ondra Machacek omachace at redhat.com
Tue May 3 11:41:08 UTC 2016


On 05/03/2016 11:58 AM, Alexis HAUSER wrote:
>
>>> Thank you, now I see the correct namespace shown, but still no way to login with any user...Any idea ?
>>>
>
>> Hard to say without logs, can you please share log output of
>> ovirt-engine-extensions-tool?
>> Please run it with:
>>  ovirt-engine-extensions-tool --log-level=FINEST --log-file=output.log
>> aaa login-user  --profile=xxx --user-name=xxx
>
>
> I attached the log file
>

Thanks,
for some reason it can't find the user 'myuser'.
The search command that is executed is:
  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 
'ou=people,o=unix,dc=somewhere,dc=any' -D 
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W 
'(&(objectClass=uidObject)(uid=*)(uid=myuser))'

Is that searchbase(-b param) ok?
Does 'cn=mysearchuser' user have appropriate permissions to see users?

Or do you use  rfc2307? You can find out running this command:
  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 
'ou=people,o=unix,dc=somewhere,dc=any' -D 
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W 
'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'

If ^this command will find your user then just change in 
/etc/ovirt-engine/aaa/your_profile.properties:

include = <openldap.properties>
   to
include = <rfc2307-openldap.properties>



More information about the Users mailing list