[ovirt-users] Errors while trying to join an external LDPA provider

Ondra Machacek omachace at redhat.com
Tue May 3 13:58:27 UTC 2016 

On 05/03/2016 03:13 PM, Alexis HAUSER wrote:
>
>> Or do you use  rfc2307? You can find out running this command:
>>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
>> 'ou=people,o=unix,dc=somewhere,dc=any' -D
>> 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
>> '(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
>
>> If ^this command will find your user then just change in
>> /etc/ovirt-engine/aaa/your_profile.properties:
>
>> include = <openldap.properties>
>>   to
>> include = <rfc2307-openldap.properties>
>
> Actually you pointed exactly on the problem : this LDAP was using rfc2307 but I ignored it !
> Thanks a lot, now I can login with users, that's almost perfect !
>
> Is it possible now to search for groups instead of users / manipulate groups in the web interface ?

Sure, if you type some search term into UI users/permissions dialog it 
will also search for groups.

> In that case, the dn would be different, is it possible to specify multiple dn namespaces ?

Unfortunatelly, it's not currently possible, but feel free to open an 
RFE in bugzilla for this feature, we can implement it in future version 
if needed.

>
>
> One quick question unrelated to this topic (as I can see an @redhat in your mail) : I'm trying to set up in parallel a RHEV server with only the free 60 days evaluation, do you have any idea where I should ask for help (as support only applies if you pay, if I understand), a similar mailing list or something ?
>

I am sorry, but I am really not sure about this, maybe there is some 
limited support even with
the trial, but best to ask the support directly.

>
>> Thanks,
>> for some reason it can't find the user 'myuser'.
>
> Yes, I changed all informations about users, domain name etc for confidentiality.
>
>> The search command that is executed is:
>>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
>> 'ou=people,o=unix,dc=somewhere,dc=any' -D
>> 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
>> '(&(objectClass=uidObject)(uid=*)(uid=myuser))'
>
>> Is that searchbase(-b param) ok?
>
> Yes
>
>> Does 'cn=mysearchuser' user have appropriate permissions to see users?
>
> Yes
>

More information about the Users mailing list