[ovirt-users] Errors while trying to join an external LDPA provider

Alexis HAUSER alexis.hauser at telecom-bretagne.eu
Tue May 3 13:13:53 UTC 2016


>Or do you use  rfc2307? You can find out running this command:
>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 
>'ou=people,o=unix,dc=somewhere,dc=any' -D 
>'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W 
>'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'

>If ^this command will find your user then just change in 
>/etc/ovirt-engine/aaa/your_profile.properties:

>include = <openldap.properties>
>   to
>include = <rfc2307-openldap.properties>

Actually you pointed exactly on the problem : this LDAP was using rfc2307 but I ignored it !
Thanks a lot, now I can login with users, that's almost perfect !

Is it possible now to search for groups instead of users / manipulate groups in the web interface ?
In that case, the dn would be different, is it possible to specify multiple dn namespaces ?


One quick question unrelated to this topic (as I can see an @redhat in your mail) : I'm trying to set up in parallel a RHEV server with only the free 60 days evaluation, do you have any idea where I should ask for help (as support only applies if you pay, if I understand), a similar mailing list or something ?


>Thanks,
>for some reason it can't find the user 'myuser'.

Yes, I changed all informations about users, domain name etc for confidentiality.

>The search command that is executed is:
>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 
>'ou=people,o=unix,dc=somewhere,dc=any' -D 
>'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W 
>'(&(objectClass=uidObject)(uid=*)(uid=myuser))'

>Is that searchbase(-b param) ok?

Yes

>Does 'cn=mysearchuser' user have appropriate permissions to see users?

Yes



More information about the Users mailing list