On Mon, May 23, 2016 at 11:31 AM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
>
> > As I explained, my groups are not in the same dn path than my users. As
> it
> > is not possible to add multiple dn path, my only solution is to use
> users.
>
> > Well, that's the 1st time I've
> As I explained, my groups are not in the same dn path than my users. As it
> is not possible to add multiple dn path, my only solution is to use users.
> Well, that's the 1st time I've heard about LDAP setup where users and
> groups of one domain are not under same baseDN. Usually all LDAP
On Wed, May 18, 2016 at 9:48 AM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
> >> Is their a way to search for attributes into the ovirt web interface,
> for
> >> example "memberof" ?
> >>
> >> I can't imagine adding hundreds or thousand of users one by one...What
> >> would be the
>> Is their a way to search for attributes into the ovirt web interface, for
>> example "memberof" ?
>>
>> I can't imagine adding hundreds or thousand of users one by one...What
>> would be the solutions ?
>>
>You can assign specific permission to the group that relevant users are
>member of (we
On Tue, May 17, 2016 at 3:36 PM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
>
> > >
> > > Is it possible now to search for groups instead of users / manipulate
> > > groups in the web interface ?
> > Sure, if you type some search term into UI users/permissions dialog it
> > will
> >
> > Is it possible now to search for groups instead of users / manipulate
> > groups in the web interface ?
> Sure, if you type some search term into UI users/permissions dialog it
> will also search for groups.
Is their a way to search for attributes into the ovirt web interface, for
> >
> > Is it possible now to search for groups instead of users / manipulate
> > groups in the web interface ?
> Sure, if you type some search term into UI users/permissions dialog it
> will also search for groups.
Thank you for all your answers, we can say my problem is now solved
>Note in
On Tuesday, May 03, 2016 03:58:27 PM Ondra Machacek wrote:
> On 05/03/2016 03:13 PM, Alexis HAUSER wrote:
> >> Or do you use rfc2307? You can find out running this command:
> >> LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
> >>
> >> 'ou=people,o=unix,dc=somewhere,dc=any' -D
> >>
On 05/03/2016 03:13 PM, Alexis HAUSER wrote:
Or do you use rfc2307? You can find out running this command:
LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
'ou=people,o=unix,dc=somewhere,dc=any' -D
'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
>Or do you use rfc2307? You can find out running this command:
> LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
>'ou=people,o=unix,dc=somewhere,dc=any' -D
>'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
>'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
>If ^this
On 05/03/2016 11:58 AM, Alexis HAUSER wrote:
Thank you, now I see the correct namespace shown, but still no way to login
with any user...Any idea ?
Hard to say without logs, can you please share log output of
ovirt-engine-extensions-tool?
Please run it with:
ovirt-engine-extensions-tool
On 05/03/2016 11:03 AM, Alexis HAUSER wrote:
However, I can't login with any user...But with ldapsearch I can find those
users with uid=user
I used ovirt-engine-extensions-tool aaa login-user --profile=xxx
--user-name=xxx
and I realize now what is the problem : the available namespaces
>> However, I can't login with any user...But with ldapsearch I can find those
>> users with uid=user
>>
>> I used ovirt-engine-extensions-tool aaa login-user --profile=xxx
>> --user-name=xxx
>> and I realize now what is the problem : the available namespaces shows the
>> wrong dn. It should
On 05/03/2016 10:28 AM, Alexis HAUSER wrote:
Are you sure you've specified correct CA?
Can you try running this command:
LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
If it fail then most probably you have incorrect CA
>Are you sure you've specified correct CA?
>
>Can you try running this command:
> LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
>-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
>
>If it fail then most probably you have incorrect CA certificate.
>If it succeed, please open bug
On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
I am unsure I understand. What is missing in interactive setup to
properly setup TLS?
You just enter CA certificte path/url/system and Java keystore file is
created for you by the tool.
I'll try to generate a new file with the interactive setup
>>I am unsure I understand. What is missing in interactive setup to
>>properly setup TLS?
>>You just enter CA certificte path/url/system and Java keystore file is
>>created for you by the tool.
>I'll try to generate a new file with the interactive setup and tell you if the
>result is
>> Yes this is actually the tool I used first, then I modified manually as on
>> the documentation.
>>
>> The problem in this approach is the fact you need a .profile file to be able
>> to set up a TLS connection between the LDAP >and the engine. But this file
>> is generated after the
On 05/02/2016 09:35 AM, Alexis HAUSER wrote:
Should I report this on the bugzilla ?
You can, but I beleive this is not bug, but some misconfiguration, many
times I've tried completelly simillar setup and it worked.
Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you
can
>> Should I report this on the bugzilla ?
>>
>You can, but I beleive this is not bug, but some misconfiguration, many
>times I've tried completelly simillar setup and it worked.
>
>Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you
>can install it.
> $ yum install
On 04/29/2016 03:03 PM, Alexis HAUSER wrote:
pool.default.ssl.truststore.file = /tmp/.jks
Maybe trailing space here ^ ?
pool.default.ssl.truststore.password =
Sadly it doesn't help
So please ensure also that file '/tmp/.jks' is readable by ovirt
user. The configuration
>> pool.default.ssl.truststore.file = /tmp/.jks
>
> Maybe trailing space here ^ ?
>
>> pool.default.ssl.truststore.password =
>>
>
> Sadly it doesn't help
>
>So please ensure also that file '/tmp/.jks' is readable by ovirt
>user. The configuration looks fine.
> All permissions are
On 04/29/2016 02:27 PM, Alexis HAUSER wrote:
pool.default.ssl.truststore.file = /tmp/.jks
Maybe trailing space here ^ ?
pool.default.ssl.truststore.password =
Sadly it doesn't help
So please ensure also that file '/tmp/.jks' is readable by ovirt
user. The configuration
>> pool.default.ssl.truststore.file = /tmp/.jks
>
> Maybe trailing space here ^ ?
>
>> pool.default.ssl.truststore.password =
>>
>
> Sadly it doesn't help
>
>So please ensure also that file '/tmp/.jks' is readable by ovirt
>user. The configuration looks fine.
All permissions are
On 04/28/2016 06:02 PM, Alexis HAUSER wrote:
pool.default.ssl.truststore.file = /tmp/.jks
Maybe trailing space here ^ ?
pool.default.ssl.truststore.password =
Sadly it doesn't help
So please ensure also that file '/tmp/.jks' is readable by ovirt
user. The configuration
> pool.default.ssl.truststore.file = /tmp/.jks
Maybe trailing space here ^ ?
> pool.default.ssl.truststore.password =
>
Sadly it doesn't help
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
On 04/28/2016 02:59 PM, Alexis HAUSER wrote:
Hi,
I'm using 3.6.3.4-1.el7.centos and I'm having troubles joining an LDAP provider.
When I try to login into the new profile, I get a "general command validation
failure" error.
This is what I can get from ovirt-engine/engine.log :
tail -n 400
27 matches
Mail list logo
