<div dir="ltr">yeah  facing issues while logging to the user portal.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek <span dir="ltr">&lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    With UserRole you can only login to UserPortal, not webadmin. Do you
    have this issue when you try to login to UserPortal?<div><div class="h5"><br>
    <br>
    <div>On 09/23/2015 09:22 AM, Budur Nagaraju
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Provided the &quot;user role&quot; permissions  still same
        issue <br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Sep 23, 2015 at 12:48 PM, Ondra
          Machacek <span dir="ltr">&lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"> Hi,<br>
              <br>
              your user <a href="mailto:nbudoor@abc.net" target="_blank">nbudoor@abc.net</a>
              doesn&#39;t have appropriate permissions to login.<br>
              First you need to login as &#39;admin@internal&#39; and assign him
              some permissions, then you will be able to login.<span><font color="#888888"><br>
                  <br>
                  Ondra</font></span>
              <div>
                <div><br>
                  <br>
                  <div>On 09/23/2015 09:15 AM, Budur Nagaraju wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div>
                          <div>
                            <div>HI All,<br>
                              <br>
                            </div>
                            After rectifying this  able to search the
                            domain in the users in UI,<br>
                          </div>
                          but unable to login getting the below error ,<br>
                          <br>
                          <br>
                          2015-09-23 12:41:47,482 WARN 
                          [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
                          (ajp--127.0.0.1-8702-3) CanDoAction of action
                          LoginAdminUser failed for user <a href="mailto:nbudoor@abc.net" target="_blank"></a><a href="mailto:nbudoor@abc.net" target="_blank">nbudoor@abc.net</a>.
                          Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
                          <br>
                        </div>
                        Thanks,<br>
                      </div>
                      Nagaraju<br>
                      <br>
                      <div>
                        <div><br>
                          <div>
                            <div><br>
                              <br>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Wed, Sep 23, 2015 at
                        12:13 PM, Ondra Machacek <span dir="ltr">&lt;<a href="mailto:omachace@redhat.com" target="_blank"></a><a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000"> Hi,<br>
                            <br>
                            as Alon already said, you have trailing
                            space in your configuration<br>
                            <br>
                            &#39;<a href="http://my.abc.net" target="_blank">my.abc.net</a>
                            &#39; &lt;-- space at the end<br>
                            <br>
                            Please remove this space and try again.<br>
                            <br>
                            Ondra
                            <div>
                              <div><br>
                                <br>
                                <div>On 09/23/2015 05:35 AM, Budur
                                  Nagaraju wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">
                                    <div>
                                      <div>
                                        <div>
                                          <div>HI Alon,<br>
                                            <br>
                                          </div>
                                          Tried all the options but no
                                          luck ,<br>
                                          <br>
                                        </div>
                                        I have copied the logs in the
                                        pastebin  below is the link ,
                                        warning message is that unable
                                        to resolve the DNS ,let me know
                                        any help would I get .<br>
                                        <br>
                                        <a href="http://pastebin.com/7qN9QnHK" target="_blank">http://pastebin.com/7qN9QnHK</a><br>
                                        <br>
                                      </div>
                                      Thanks,<br>
                                    </div>
                                    Nagaraju<br>
                                    <br>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Tue, Sep
                                      22, 2015 at 8:44 PM, Daniel
                                      Helgenberger <span dir="ltr">&lt;<a href="mailto:daniel.helgenberger@m-box.de" target="_blank"></a><a href="mailto:daniel.helgenberger@m-box.de" target="_blank">daniel.helgenberger@m-box.de</a>&gt;</span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello
                                        Budur,<br>
                                        <br>
                                        I&#39;ve done this recently. Alon,
                                        no offense, but the docs are not
                                        quite strait forward...<br>
                                        <br>
                                        Requirements:<br>
                                         - LDAP server (obviously) -
                                        called here <a href="http://ldap.mydomain.com" rel="noreferrer" target="_blank">ldap.mydomain.com</a><br>
                                         - LDAP bind account - called
                                        here <a href="mailto:ldap@mydomain.com" target="_blank">ldap@mydomain.com</a>,
                                        password &#39;Passw@rd&#39;<br>
                                         - At least one existing account
                                        in ladp, called <a href="mailto:user@mydomain.com" target="_blank"></a><a href="mailto:user@mydomain.com" target="_blank">user@mydomain.com</a><br>
                                        <br>
                                        Please note, the most common
                                        issue will be DNS.<br>
                                        <br>
                                        I&#39;ll describe in short what
                                        steps need to be taken. All this
                                        needs to be done on your engine
                                        host. In the end this was quite
                                        easy :)<br>
                                        <br>
                                        1. Install the packages:
                                        ovirt-engine-extension-aaa-ldap
                                        and openldap-clients (these are
                                        only for testing your setup)<br>
                                        2. Test if ldap is working in
                                        general. (The extension uses the
                                        global catalog at least for AD,
                                        this was news to me):<br>
                                          # ldapsearch -E
                                        pr=1024/noprompt -o ldif-wrap=no
                                        -H <a>ldap://</a><a href="http://ldap.mydomain.com:3268/" rel="noreferrer" target="_blank">ldap.mydomain.com:3268/</a>
                                        -x \<br>
                                              -D &#39;<a href="mailto:ldap@mydomain.com" target="_blank"></a><a href="mailto:ldap@mydomain.com" target="_blank">ldap@mydomain.com</a>&#39;
                                        -w Passw@rd -b &#39;&#39; 
                                        &#39;(userPrincipalName=<a href="mailto:user@mydomian.com" target="_blank"></a><a href="mailto:user@mydomian.com" target="_blank">user@mydomian.com</a>)&#39;
                                        cn userPrincipalName<br>
                                        <br>
                                          If this command does not
                                        return details of the user, do
                                        debug your ldap and continue
                                        once this works. Example:<br>
                                        <br>
                                        # extended LDIF<br>
                                        #<br>
                                        # LDAPv3<br>
                                        # base &lt;&gt; with scope
                                        subtree<br>
                                        # filter: (userPrincipalName=<a href="mailto:user@mydomain.com" target="_blank"></a><a href="mailto:user@mydomain.com" target="_blank">user@mydomain.com</a>)<br>
                                        # requesting: cn
                                        userPrincipalName<br>
                                        # with pagedResults control:
                                        size=1024<br>
                                        #<br>
                                        <br>
                                        # Some Name, some-ou, <a href="http://mydomain.com" rel="noreferrer" target="_blank">mydomain.com</a><br>
                                        dn: CN=Some
                                        Name,OU=some-ou,DC=mydomain,DC=com<br>
                                        cn: Some Name<br>
                                        userPrincipalName: <a href="mailto:user@mydomain.com" target="_blank"></a><a href="mailto:user@mydomain.com" target="_blank">user@mydomain.com</a><br>
                                        <br>
                                        # search result<br>
                                        search: 2<br>
                                        result: 0 Success<br>
                                        control: 1.2.840.113556.1.4.319
                                        false MIQXGSGSGSgEABAA=<br>
                                        pagedresults: cookie=<br>
                                        <br>
                                        # numResponses: 2<br>
                                        # numEntries: 1<br>
                                        <br>
                                        <br>
                                        3. Copy the examples as
                                        mentioned from the readme.<br>
                                        4. You only need to modify
                                        /etc/ovirt-engine/aaa/int.m-box.de.properties;
                                        leave the rest as is.<br>
                                        5. There, set:<br>
                                        <br>
                                          vars.domain = <a href="http://ldap.mydomain.com" rel="noreferrer" target="_blank">ldap.mydomain.com</a><br>
                                          vars.user =
                                        ldap@${global:vars.domain}<br>
                                          vars.password = Passw@rd<br>
                                        <br>
                                        6. Restart ovirt engine service<br>
                                        7. Log in as admin@einternal and
                                        add user rights and roles from
                                        the new provider<br>
                                        <br>
                                        Hope this helps.<br>
                                        <span><br>
                                          On <a href="tel:22.09.2015%2016" value="+12209201516" target="_blank">22.09.2015
                                            16</a>:46, Budur Nagaraju
                                          wrote:<br>
                                          &gt;<br>
                                          &gt; below are the three files
                                          which I have modified.<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt; [root@cstlb2
                                          extensions.d]# cat
                                          profile1-authn.properties<br>
                                        </span>&gt; <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a>
                                        &lt;<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>&gt;


                                        = cloudspin-authn<br>
                                        <span>&gt;
                                          ovirt.engine.extension.bindings.method
                                          = jbossmodule<br>
                                          &gt;
                                          ovirt.engine.extension.binding.jbossmodule.module
                                          =<br>
                                          &gt;
                                          org.ovirt.engine-extensions.aaa.ldap<br>
                                          &gt;
                                          ovirt.engine.extension.binding.jbossmodule.class
                                          =<br>
                                          &gt;
                                          org.ovirt.engineextensions.aaa.ldap.AuthnExtension<br>
                                          &gt;
                                          ovirt.engine.extension.provides
                                          =
                                          org.ovirt.engine.api.extensions.aaa.Authn<br>
                                        </span>&gt; <a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a>
                                        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                                        <span>&gt; = cloudspin<br>
                                          &gt;
                                          ovirt.engine.aaa.authn.authz.plugin
                                          = cloudspin-auth<br>
                                          &gt; config.profile.file.1 =
                                          /etc/ovirt-engine/aaa/ldap1.properties<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt; [root@cstlb2
                                          extensions.d]# ls<br>
                                          &gt;
                                          profile1-authn.properties 
                                          profile1-authz.properties<br>
                                          &gt; [root@cstlb2
                                          extensions.d]# cat
                                          profile1-authz.properties<br>
                                        </span>&gt; <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a>
                                        &lt;<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>&gt;


                                        = cloudspin-authz<br>
                                        <div>
                                          <div>&gt;
                                            ovirt.engine.extension.bindings.method
                                            = jbossmodule<br>
                                            &gt;
                                            ovirt.engine.extension.binding.jbossmodule.module
                                            =<br>
                                            &gt;
                                            org.ovirt.engine-extensions.aaa.ldap<br>
                                            &gt;
                                            ovirt.engine.extension.binding.jbossmodule.class
                                            =<br>
                                            &gt;
                                            org.ovirt.engineextensions.aaa.ldap.AuthzExtension<br>
                                            &gt;
                                            ovirt.engine.extension.provides
                                            =
                                            org.ovirt.engine.api.extensions.aaa.Authz<br>
                                            &gt; config.profile.file.1 =
/etc/ovirt-engine/aaa/ldap1.properties<br>
                                            &gt; [root@cstlb2
                                            extensions.d]#<br>
                                            &gt;<br>
                                            &gt;<br>
                                            &gt;<br>
                                            &gt; [root@cstlb2 aaa]# pwd<br>
                                            &gt; /etc/ovirt-engine/aaa<br>
                                            &gt; [root@cstlb2 aaa]# ls<br>
                                            &gt; ldap1.properties<br>
                                            &gt; [root@cstlb2 aaa]# cat
                                            ldap1.properties<br>
                                            &gt; #<br>
                                            &gt; # Select one<br>
                                            &gt; #<br>
                                            &gt; include =
                                            &lt;openldap.properties&gt;<br>
                                            &gt; #include =
                                            &lt;389ds.properties&gt;<br>
                                            &gt; #include =
                                            &lt;rhds.properties&gt;<br>
                                            &gt; #include =
                                            &lt;ipa.properties&gt;<br>
                                            &gt; #include =
                                            &lt;iplanet.properties&gt;<br>
                                            &gt; #include =
                                            &lt;rfc2307.properties&gt;<br>
                                            &gt; #include =
                                            &lt;rfc2307-openldap.properties&gt;<br>
                                            &gt;<br>
                                            &gt; #<br>
                                            &gt; # Server<br>
                                            &gt; #<br>
                                          </div>
                                        </div>
                                        &gt; vars.server = <a href="http://my.abc.net" rel="noreferrer" target="_blank">my.abc.net</a>
                                        &lt;<a href="http://my.abc.net" target="_blank">http://my.abc.net</a>&gt;<br>
                                        <span>&gt;<br>
                                          &gt; #<br>
                                          &gt; # Search user and its
                                          password.<br>
                                          &gt; #<br>
                                          &gt; vars.user =<br>
                                          &gt;
uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net<br>
                                          &gt; vars.password = company<br>
                                          &gt;<br>
                                          &gt;
                                          pool.default.serverset.single.server
                                          = ${global:vars.server}<br>
                                          &gt;
                                          pool.default.auth.simple.bindDN
                                          = ${global:vars.user}<br>
                                          &gt;
                                          pool.default.auth.simple.password
                                          = ${global:vars.password}<br>
                                          &gt;<br>
                                          &gt; # Create keystore, import
                                          certificate chain and
                                          uncomment<br>
                                          &gt; # if using ssl/tls.<br>
                                          &gt;
                                          #pool.default.ssl.startTLS =
                                          true<br>
                                          &gt;
                                          #pool.default.ssl.truststore.file
                                          =
                                          ${local:_basedir}/${global:vars.server}.jks<br>
                                          &gt;
                                          #pool.default.ssl.truststore.password
                                          = changeit<br>
                                          &gt; [root@cstlb2 aaa]#<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt; On Tue, Sep 22, 2015 at
                                          8:07 PM, Alon Bar-Lev &lt;<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a><br>
                                        </span><span>&gt; &lt;mailto:<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>&gt;&gt;


                                          wrote:<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          &gt;     ----- Original
                                          Message -----<br>
                                        </span><span>&gt;     &gt; From:
                                          &quot;Budur Nagaraju&quot; &lt;<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>
                                          &lt;mailto:<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>&gt;&gt;<br>
                                          &gt;     &gt; To: &quot;Alon
                                          Bar-Lev&quot; &lt;<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>
                                          &lt;mailto:<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>&gt;&gt;<br>
                                          &gt;     &gt; <a href="mailto:Cc%3Ausers@ovirt.org" target="_blank"></a><a href="mailto:Cc:users@ovirt.org" target="_blank">Cc:users@ovirt.org</a>
                                          &lt;mailto:<a href="mailto:users@ovirt.org" target="_blank"></a><a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>&gt;<br>
                                          &gt;     &gt; Sent: Tuesday,
                                          September 22, 2015 5:35:16 PM<br>
                                          &gt;     &gt; Subject: Re:
                                          [ovirt-users] LDAP
                                          Authentication<br>
                                          &gt;     &gt;<br>
                                          &gt;     &gt; its too
                                          complicated ,you have any
                                          script or video ?<br>
                                          &gt;<br>
                                          &gt;     in 3.6 we have a
                                          setup script.<br>
                                          &gt;     for now:<br>
                                          &gt;<br>
                                          &gt;     cp -r
                                          /usr/share/ovirt-engine/examples/simple/.
                                          /etc/ovirt-engine/<br>
                                          &gt;<br>
                                          &gt;     this is written in
                                          the README.<br>
                                          &gt;<br>
                                          &gt;     then customize files
                                          at
                                          /etc/ovirt-engine/extnesions.d/*<br>
                                          &gt;   
                                           /etc/ovirt-engine/aaa/* to
                                          match your setup<br>
                                          &gt;<br>
                                          &gt;     &gt;<br>
                                          &gt;     &gt;<br>
                                        </span><span>&gt;     &gt; On
                                          Tue, Sep 22, 2015 at 8:00 PM,
                                          Alon Bar-Lev &lt;<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>
                                          &lt;mailto:<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>&gt;&gt;


                                          wrote:<br>
                                          &gt;     &gt;<br>
                                          &gt;     &gt; &gt;<br>
                                          &gt;     &gt; &gt;<br>
                                          &gt;     &gt; &gt; -----
                                          Original Message -----<br>
                                        </span>
                                        <div>
                                          <div>&gt;     &gt; &gt; &gt;
                                            From: &quot;Budur Nagaraju&quot; &lt;<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>
                                            &lt;mailto:<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>&gt;&gt;<br>
                                            &gt;     &gt; &gt; &gt; To:
                                            &quot;Alon Bar-Lev&quot; &lt;<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>
                                            &lt;mailto:<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>&gt;&gt;<br>
                                            &gt;     &gt; &gt; &gt; <a href="mailto:Cc:users@ovirt.org" target="_blank"></a><a href="mailto:Cc:users@ovirt.org" target="_blank">Cc:users@ovirt.org</a>
                                            &lt;mailto:<a href="mailto:users@ovirt.org" target="_blank"></a><a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            Sent: Tuesday, September 22,
                                            2015 5:24:36 PM<br>
                                            &gt;     &gt; &gt; &gt;
                                            Subject: Re: [ovirt-users]
                                            LDAP Authentication<br>
                                            &gt;     &gt; &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt; HI
                                            Alon,<br>
                                            &gt;     &gt; &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            Below is the configuration
                                            which I have done ,but
                                            unable to search the<br>
                                            &gt;     &gt; &gt; &gt;
                                            users in UI<br>
                                            &gt;     &gt; &gt; &gt; can
                                            you pls help me ?<br>
                                            &gt;     &gt; &gt;<br>
                                            &gt;     &gt; &gt; you need
                                            three files, see the<br>
                                            &gt;     &gt; &gt;
                                            /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple<br>
                                            &gt;     &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            [root@cstlb2 aaa]# cat
                                            ldap1.properties<br>
                                            &gt;     &gt; &gt; &gt; #<br>
                                            &gt;     &gt; &gt; &gt; #
                                            Select one<br>
                                            &gt;     &gt; &gt; &gt; #<br>
                                            &gt;     &gt; &gt; &gt;
                                            include =
                                            &lt;openldap.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;389ds.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;rhds.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;ipa.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;iplanet.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;rfc2307.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;
                                            #include =
                                            &lt;rfc2307-openldap.properties&gt;<br>
                                            &gt;     &gt; &gt; &gt;<br>
                                            &gt;     &gt; &gt; &gt; #<br>
                                            &gt;     &gt; &gt; &gt; #
                                            Server<br>
                                            &gt;     &gt; &gt; &gt; #<br>
                                          </div>
                                        </div>
                                        &gt;     &gt; &gt; &gt;
                                        vars.server =<a href="http://my.abc.net" rel="noreferrer" target="_blank">my.abc.net</a>
                                        &lt;<a href="http://my.abc.net" target="_blank">http://my.abc.net</a>&gt;<br>
                                        <span>&gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; #<br>
                                          &gt;     &gt; &gt; &gt; #
                                          Search user and its password.<br>
                                          &gt;     &gt; &gt; &gt; #<br>
                                          &gt;     &gt; &gt; &gt;
                                          vars.user =<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt;
uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net<br>
                                          &gt;     &gt; &gt; &gt;
                                          vars.password = company1<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt;
                                          pool.default.serverset.single.server
                                          = ${global:vars.server}<br>
                                          &gt;     &gt; &gt; &gt;
                                          pool.default.auth.simple.bindDN
                                          = ${global:vars.user}<br>
                                          &gt;     &gt; &gt; &gt;
                                          pool.default.auth.simple.password
                                          = ${global:vars.password}<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; #
                                          Create keystore, import
                                          certificate chain and
                                          uncomment<br>
                                          &gt;     &gt; &gt; &gt; # if
                                          using ssl/tls.<br>
                                          &gt;     &gt; &gt; &gt;
                                          #pool.default.ssl.startTLS =
                                          true<br>
                                          &gt;     &gt; &gt; &gt;
                                          #pool.default.ssl.truststore.file
                                          =<br>
                                          &gt;     &gt; &gt; &gt;
                                          ${local:_basedir}/${global:vars.server}.jks<br>
                                          &gt;     &gt; &gt; &gt;
                                          #pool.default.ssl.truststore.password
                                          = changeit<br>
                                          &gt;     &gt; &gt; &gt;
                                          [root@cstlb2 aaa]#<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                        </span><span>&gt;     &gt; &gt;
                                          &gt; On Tue, Sep 22, 2015 at
                                          7:25 PM, Alon Bar-Lev &lt;<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>
                                          &lt;mailto:<a href="mailto:alonbl@redhat.com" target="_blank"></a><a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>&gt;&gt;


                                          wrote:<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          ----- Original Message -----<br>
                                        </span><span>&gt;     &gt; &gt;
                                          &gt; &gt; &gt; From: &quot;Budur
                                          Nagaraju&quot; &lt;<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>
                                          &lt;mailto:<a href="mailto:nbudoor@gmail.com" target="_blank"></a><a href="mailto:nbudoor@gmail.com" target="_blank">nbudoor@gmail.com</a>&gt;&gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt; <a href="mailto:To:users@ovirt.org" target="_blank"></a><a href="mailto:To:users@ovirt.org" target="_blank">To:users@ovirt.org</a>
                                          &lt;mailto:<a href="mailto:users@ovirt.org" target="_blank"></a><a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>&gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt; Sent: Tuesday, September
                                          22, 2015 4:34:46 PM<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt; Subject: [ovirt-users]
                                          LDAP Authentication<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt; HI All,<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          &gt; Can someone help me in
                                          configuring LDAP
                                          authentication for Ovirt ?<br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;
                                          Please review:<br>
                                          &gt;     &gt; &gt; &gt; &gt;<a href="http://www.ovirt.org/Features/AAA" target="_blank"></a><a href="http://www.ovirt.org/Features/AAA" target="_blank">http://www.ovirt.org/Features/AAA</a><br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt;<a href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0" rel="noreferrer" target="_blank"></a><a href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0" target="_blank">https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0</a><br>
                                          &gt;     &gt; &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt; &gt;<br>
                                          &gt;     &gt; &gt;<br>
                                          &gt;     &gt;<br>
                                          &gt;<br>
                                          &gt;<br>
                                          <br>
                                        </span>--<br>
                                        Daniel Helgenberger<br>
                                        m box bewegtbild GmbH<br>
                                        <br>
                                        P: +49/30/2408781-22<br>
                                        F: +49/30/2408781-10<br>
                                        <br>
                                        ACKERSTR. 19<br>
                                        D-10115 BERLIN<br>
                                        <br>
                                        <br>
                                        <a href="http://www.m-box.de" rel="noreferrer" target="_blank">www.m-box.de</a> 
                                        <a href="http://www.monkeymen.tv" target="_blank">www.monkeymen.tv</a><br>
                                        <br>
                                        Geschäftsführer: Martin
                                        Retschitzegger / Michaela
                                        Göllner<br>
                                        Handeslregister: Amtsgericht
                                        Charlottenburg / HRB 112767<br>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                </div>
                              </div>
                              <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
                            </blockquote>
                            <br>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>