<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky <span dir="ltr"><<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-size:12pt;font-family:times new roman,new york,times,serif">+ LdapEncryptionType clear is not understandable.<br>
What did you mean by that?<br><br><br><hr><blockquote style="padding-left:5px;font-size:12pt;font-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)">
<b>From: </b>"Vinzenz Feenstra" <<a href="mailto:vfeenstr@redhat.com" target="_blank">vfeenstr@redhat.com</a>><br><b>To: </b><a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br><b>Sent: </b>Monday, November 19, 2012 11:29:42 AM<br>
<b>Subject: </b>Re: [Users] I don't know how to add AD users<div><div class="h5"><br><br>
<div>On 11/19/2012 10:01 AM, Cristian Falcas
wrote:<br>
</div>
<blockquote>Hi,<br>
<br>
I'm trying to add some users to ovirt using an AD.<br>
<br>
This is the configuration I used for a mediawiki site, which is
working correctly:<br>
$wgAuth = new LdapAuthenticationPlugin();<br>
$wgLDAPUseLocal = true;<br>
$wgLDAPDomainNames = array( "a_domain");<br>
$wgLDAPServerNames = array( "a_domain"=>"<a href="http://site.example.com" target="_blank">site.example.com</a>");<br>
$wgLDAPEncryptionType = array( "a_domain"=>"clear");<br>
$wgLDAPSearchStrings = array(
"a_domain"=>"rom_domain\\USER-NAME");<br>
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");<br>
<br>
Those are the commands I tried using:<br>
engine-manage-domains -action=add -domain=<a href="http://site.example.com" target="_blank">site.example.com</a>
-provider=ActiveDirectory -user=<a href="http://user.name" target="_blank">user.name</a> -interactive<br>
<br>
engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>
-interactive<br>
<br>
engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=<a href="mailto:user.name@site.example.com" target="_blank">user.name@site.example.com</a>
-interactive<br>
<br>
<br>
</blockquote>
You don't add an user this way. You add the domain. You have to pass
the domain admin user and the domain admin password.<br>
Then you can use the domain within the engine. e.g. search users,
add access rights for vms etc.<br>
Even login to the engine and assigning rights within the engine you
can handle from the engine itself.<br>
<br>
Regards,<br>
<blockquote>And the output on all tries:<br>
Enter password:<br>
<br>
Error: Authentication Failed. Please verify the fully qualified
domain name that is used for authentication is correct..
Problematic domain is: domain_used_in_command<br>
Failure while applying Kerberos configuration. Details:
Authentication Failed. Please verify the fully qualified domain
name that is used for authentication is correct.<br>
<br>
Can someone help me with the correct parameters?<br>
<br>
<br>
Best regards,<br>
Cristian Falcas<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
<br>
<pre>--
Regards,
Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: <a href="tel:%2B420%20532%20294%20625" value="+420532294625" target="_blank">+420 532 294 625</a>
IRC: vfeenstr or evilissimo
Better technology. Faster innovation. Powered by community collaboration.
See how it works at <a href="http://redhat.com" target="_blank">redhat.com</a></pre>
<br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br><a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</div></div></blockquote><br></div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br></blockquote></div><br><br>That was the configuration needed for the wiki extension used for ldap authentication.<br><br>So the admin users is needed in order to retrieve the list of users only?<br><br>Can someone recommend the simplest ldap server installation I could use for this? I was thinking first at freeipa, but it's not compatible with mod_ssl, which is required by ovirt.<br>
<br>Best regards,<br>Cristian Falcas<br></div>