[ovirt-users] Errors while trying to join an external LDPA provider

Alexander Wels awels at redhat.com
Tue May 3 14:01:52 UTC 2016


On Tuesday, May 03, 2016 03:58:27 PM Ondra Machacek wrote:
> On 05/03/2016 03:13 PM, Alexis HAUSER wrote:
> >> Or do you use  rfc2307? You can find out running this command:
> >>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
> >> 
> >> 'ou=people,o=unix,dc=somewhere,dc=any' -D
> >> 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
> >> '(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
> >> 
> >> If ^this command will find your user then just change in
> >> /etc/ovirt-engine/aaa/your_profile.properties:
> >> 
> >> include = <openldap.properties>
> >> 
> >>   to
> >> 
> >> include = <rfc2307-openldap.properties>
> > 
> > Actually you pointed exactly on the problem : this LDAP was using rfc2307
> > but I ignored it ! Thanks a lot, now I can login with users, that's
> > almost perfect !
> > 
> > Is it possible now to search for groups instead of users / manipulate
> > groups in the web interface ?
> Sure, if you type some search term into UI users/permissions dialog it
> will also search for groups.
> 

Note in 4.0 we have split groups and users, and you have to select which type 
you want to search for. This is to reduce the number of queries to the LDAP 
server.

> > In that case, the dn would be different, is it possible to specify
> > multiple dn namespaces ?
> Unfortunatelly, it's not currently possible, but feel free to open an
> RFE in bugzilla for this feature, we can implement it in future version
> if needed.
> 
> > One quick question unrelated to this topic (as I can see an @redhat in
> > your mail) : I'm trying to set up in parallel a RHEV server with only the
> > free 60 days evaluation, do you have any idea where I should ask for help
> > (as support only applies if you pay, if I understand), a similar mailing
> > list or something ?
> I am sorry, but I am really not sure about this, maybe there is some
> limited support even with
> the trial, but best to ask the support directly.
> 
> >> Thanks,
> >> for some reason it can't find the user 'myuser'.
> > 
> > Yes, I changed all informations about users, domain name etc for
> > confidentiality.> 
> >> The search command that is executed is:
> >>  LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
> >> 
> >> 'ou=people,o=unix,dc=somewhere,dc=any' -D
> >> 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
> >> '(&(objectClass=uidObject)(uid=*)(uid=myuser))'
> >> 
> >> Is that searchbase(-b param) ok?
> > 
> > Yes
> > 
> >> Does 'cn=mysearchuser' user have appropriate permissions to see users?
> > 
> > Yes
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list