[ovirt-users] Can't perform search after setting up an Active Directory

Ondra Machacek omachace at redhat.com
Wed May 25 14:51:14 UTC 2016


On 05/25/2016 03:47 PM, Alexis HAUSER wrote:
>
>> Can you please send what's happening during initialization of engine?
>> (logs right after ovirt-engine is restarted).
>
>> Or run this command and send output of file 'login.log':
>
>>  $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log
>> aaa login-user --profile=ad --user-name=some_user
>> --password=pass:some_user_password
>
> Yes, these are the logs when using the command you gave me, using the search user :
> https://bpaste.net/show/bbb0bc319765

You use 389 with SSL? I guess you wrongly specified it.

But, if you want to use SSL and you have it on 636, then you should 
create new SRV dns
records for example: _ldaps._tcp.university.mydomain.com ... 636

and then change:

  pool.default.serverset.srvrecord.service=ldaps

But I guess you wanted to use startTLS with 389, which you can enable by 
adding:

  pool.default.ssl.startTLS=true

and remove line:

  pool.default.ssl.enable=true

Does it solve your issue?

>
>>> By the way, if I didn't rename my .profile and auth* files from my LDAP configuration, I had the LDAP namespace suggested by the web interface in my AD domain when trying to >>perform a search. Is that a bug ?
>
>> Not sure I understand. The name of the profile could be whatever, so it
>> doesn't matter what is the name.
>
> I meant I had to disable the LDAP (openLDAP) profile, renaming the file with .save so ovirt doesn't detect them. If both profiles are activated, ovirt-web interface propose me the DN of the LDAP into AD (in namespace field)... Is that a bug or normal behavior ?
>

Hmm, that's strange, because only files with *.properties suffix should 
be detected and used. So yes please open bz that also other suffixes are 
loaded.

Btw: you can add at the begging of each file (authz and authn) this line 
to disable it:

  ovirt.engine.extension.enabled = false



More information about the Users mailing list