[ovirt-users] Samba 4 Active Directory & ovirt 4

Maxence Sartiaux contact at makz.me
Wed Sep 21 10:03:21 UTC 2016


I try to connect ovirt 4.0.3 to my Samba 4.5 Active Directory to permit
the login of AD users to ovirt.

For now i installed ovirt-engine-extension-aaa-ldap-setup.noarch
and ovirt-engine-extension-aaa-misc.noarch

# ovirt-engine-extension-aaa-ldap-setup
- selected "Active Directory"
- Anonymous search user

I can run a search but when i try to login with the username alone
"testuser" -> error "CREDENTIALS_INCORRECT", if i login with the
user+domain "testuser at abc.lan" my auth succeed but -> "Cannot resolve
principal 'testuser at abc.lan'"

# ovirt-engine-extensions-tool aaa login-user --profile=abc.lan --user-

	2016-09-21 09:53:29 INFO    API: <
--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='abc.lan'
	2016-09-21 09:53:29 SEVERE  Authn.Result code is:

# ovirt-engine-extensions-tool aaa login-user --profile=abc.lan --user-
name=testuser at abc.lan

	2016-09-21 09:52:02 INFO    API: --
>Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='testuser at abc.la
	2016-09-21 09:52:02 SEVERE  Cannot resolve principal 'testuser@

After some search i configured the mapping plugin to automaticaly add
@abc.lan to the user like that i don't need to add the @abc.lan to
connect but still the same error, cannot resolve principal ...

# cat /etc/ovirt-engine/extensions.d/mapping-suffix.properties

	ovirt.engine.extension.name = mapping-suffix
	ovirt.engine.extension.bindings.method = jbossmodule
	ovirt.engine.extension.binding.jbossmodule.module =
	ovirt.engine.extension.binding.jbossmodule.class =
	ovirt.engine.extension.provides =
	config.mapUser.type = regex
	config.mapUser.regex.pattern = ^(?<user>[^@]*)$
	config.mapUser.regex.replacement = ${user}@abc.lan
	config.mapUser.regex.mustMatch = false

# cat /etc/ovirt-engine/extensions.d/mapping-suffix.properties

	ovirt.engine.aaa.authn.mapping.plugin = mapping-suffix

Any ideas ?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160921/6e3831b6/attachment-0001.html>

More information about the Users mailing list