[ovirt-users] oVirt AD integration problems

cmc iucounu at gmail.com
Tue Oct 11 15:32:59 UTC 2016


Hi Ondra,



>
> Not really. aaa-ldap by default uses just simple bind, no gssapi.
> If you have any problems with certificate I would suggest you to check if
> you are using the correct one, correctly. More info for it can be
> found here:
>
>
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa
> -ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863f
> cb0f72bc3a;hb=HEAD#l397
>
>

I've run the following tests in that README you posted above, and all
worked fine:

ovirt-engine-extensions-tool aaa login-user --profile=mydomain.com
--user-name=myuser
ovirt-engine-extensions-tool aaa search --extension-name=mydomain.com-authz
--entity=principal --entity-name=myuser
LDAPTLS_REQCERT=never ldapsearch -ZZ -H ldap://ad.mydomain.com -x -D
"CN=myuser,CN=Users,DC=mydomain,DC=com" -W -b "dc=mydomain,dc=com"

I thought I wouldn't need to import any certificate from AD - is that a
requirement?

Do I need to set up Apache separately to use LDAP auth? The service
principals exist in the krb5.keytab, but I don't if that is only if you are
using SSO.

Thanks,

Cam

_______________________________________________

> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161011/0f6c75e2/attachment-0001.html>


More information about the Users mailing list