<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 24, 2018 at 1:35 PM, C Williams <span dir="ltr"><<a href="mailto:cwilliams3320@gmail.com" target="_blank">cwilliams3320@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>Thanks for getting back with me !</div><div><br></div><div>Here is some info</div><div><br></div><div>
<div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">1. Does it use RFC2307 as the schema or something else?<br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">I have tried various flavors of the RFC2307 pre-set configs . I think I,ve tried most of these ..</div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="font-size:12.8px;font-family:arial,helvetica,sans-serif"><div style="font-size:12.8px"> 1 - 389ds</div><div style="font-size:12.8px"> 2 - 389ds RFC-2307 Schema</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"> 4 - IBM Security Directory Server</div><div style="font-size:12.8px"> 5 - IBM Security Directory Server RFC-2307 Schema</div><div style="font-size:12.8px"> </div><div style="font-size:12.8px"> 7 - Novell eDirectory RFC-2307 Schema</div><div style="font-size:12.8px"> 8 - OpenLDAP RFC-2307 Schema</div><div style="font-size:12.8px"> 9 - OpenLDAP Standard Schema</div><div style="font-size:12.8px"> 10 - Oracle Unified Directory RFC-2307 Schema</div><div style="font-size:12.8px"> 11 - RFC-2307 Schema (Generic)</div><div style="font-size:12.8px"> 12 - RHDS</div><div style="font-size:12.8px"> 13 - RHDS RFC-2307 Schema</div><div style="font-size:12.8px"> 14 - iPlanet</div></div></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">Those profiles were created for servers we have tested, but it's highly probable that you will need a completely new profile for Apache DS. Due to this you cannot use setup tool, but you need to perform manual configuration as described in /usr/share/doc/ovirt-engine-extension-aaa-ldap-1.3.6/README.<br></div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div style="font-size:12.8px;font-family:arial,helvetica,sans-serif"><div><br></div></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"> </div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">2. What is the attribute name specifying available base DNs?<br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"> dc=<domain>,dc=com </div></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">No, this is the DN, but we need to know the name of attribute within LDAP which contains the list of existing base DNs. For example for 389ds server using RFC2307 this information is stored in defaultNamingContext attribute (for details you can take a look at /usr/share/ovirt-engine-extension-aaa-ldap/profiles/rfc2307-389ds.properties).<br></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">3. What is the attribute name specifying unique ID of a record?<br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"> dn: uid=<user>,ou=users,dc=<<wbr>domain>,dc=com</div></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">No, this is the DN, but each record in LDAP is usually uniquely identified by special attribute (so for example you can move record to different DN). For example for 389ds server using RFC2307 this unique identified is stored in nsUniqueId attribute (for details you can take a look at /usr/share/ovirt-engine-extension-aaa-ldap/profiles/rfc2307-389ds.properties).<br></div> <br><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">Above information should be available somewhere in Apache DS documention.</div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">More on this ...</div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif">I changed the following in
<span style="color:rgb(34,34,34);font-family:arial,helvetica,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">/usr/share/ovirt-engine-<wbr>extension-aaa-ldap/setup/<wbr>plugins/ovirt-engine-<wbr>extension-aaa-ldap/ldap/<wbr>common.py</span>
to meet their need for port 10389 ...</div><div style="color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;font-family:arial,helvetica,sans-serif"><br></div><div style="text-align:start;text-indent:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> 636 if self.environment[<br></div></div><div><div> constants.LDAPEnv.PROTOCOL</div><div> ] == 'ldaps'</div><div> #else (389 if port is None else port)</div><div> else (10389 if port is None else port)</div><div><br></div></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Please don't <div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">do that, files in /usr/share are readonly for users and all changes will be overwritten by next update<br></div></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div></div><div>I also injected the following into the /var/tmp/*profile.properties" prior to testing user authentication using the setup tool</div></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Yes, that's the right way, if you need to change something, but you need to perform those changes in /etc/ovirt-engine/aaa directory, /var/tmp is used only as temporary directory for setup tool.<br><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><br></div><div><div>vars.port = 10389</div><div>pool.default.serverset.single.<wbr>port = ${global:vars.port}</div></div><div><br></div><div><br></div><div>Thank You for Helping !!</div><div><br></div><div>Charles Williams</div><div> <br></div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 24, 2018 at 3:50 AM, Martin Perina <span dir="ltr"><<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif">Hi,<br><br></div><div style="font-family:arial,helvetica,sans-serif">officially we don't support Apache DS, but aaa-ldap is quite extensible so it should be possible attach it to oVirt.<br></div><div style="font-family:arial,helvetica,sans-serif">As we don't have Apache DS installed, could you please provide us following information?<br></div><div style="font-family:arial,helvetica,sans-serif"><br>1. Does it use RFC2307 as the schema or something else?<br></div><div style="font-family:arial,helvetica,sans-serif">2. What is the attribute name specifying available base DNs?<br></div><div style="font-family:arial,helvetica,sans-serif">3. What is the attribute name specifying unique ID of a record?<br><br></div><div style="font-family:arial,helvetica,sans-serif">Ondro, any other information required?<br><br></div><div style="font-family:arial,helvetica,sans-serif">Thanks<br><br></div><div style="font-family:arial,helvetica,sans-serif">Martin<br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 24, 2018 at 3:34 AM, C Williams <span dir="ltr"><<a href="mailto:cwilliams3320@gmail.com" target="_blank">cwilliams3320@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>Has anyone successfully connected the ovirt-engine to Apache Directory Server 2.0 ?</div><div><br></div><div>I have tried the pre-set connections offered by oVirt and have been able to connect to the server on port 10389 after adding the port to a serverset.port. I can query the directory and see users but I cannot log onto the console as a user in the directory.</div><div><br></div><div>If any one has any experience/guidance on this, please let me know.</div><div><br></div><div>Thank You</div><div><br></div><div>Charles Williams</div><div><br></div></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><span class="gmail-m_2622481214747369616HOEnZb"><font color="#888888"><br><br clear="all"><span class="gmail-HOEnZb"><font color="#888888"><br>-- <br><div class="gmail-m_2622481214747369616m_-6099627672258272630gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</font></span></font></span></div>
</blockquote></div><br></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</div></div>