On 02/24/2012 08:59 PM, Nathan Stratton wrote: > On Fri, 24 Feb 2012, Yair Zaslavsky wrote: > >> Hi Nathan, >> >> I think you're using the wrong query with IPA. > > Yep, but so far I have not found how to fix ovirt to use the correct one. > >> the part of samaccounttype=805306368 should be replaced with >> objectClass=krbPrincipalAux >> the part of userprincipalname should be replaced with - >> >> krbPrincipalName=nat...@bblinkmind.net >> >> So I guess the filter should look like - >> (&(objectClass=krbPrincipalAux)(krbPrincipalName=nat...@bblinkmind.net)) > > Yes, I understand the query is wrong, what I don't understand is how to > make ovirt use the correct query. I started working trying to get LDAP > to work with my OpenLDAP system and was told that ovirt does not yet > support it. I asked what was supported and was told to try 389, but ran > into issues with that so then I was asked to try IPA and now have this > issue. > >> I did not develop the IPA support, however, I checked the file - >> LdapQueryMetadataFactoryImpl.java and found definitions of the queries >> for the different providers - what you will see there is that each LDAP >> provider has its own map of keys to queries - the relevant key is >> LdapQueryType.getUserByPrincipalName - so you can see how it is defined >> in adHashMap and how it is defined in ipaHashMap, and other maps (dsMap >> , for instance). > > I don't have that .java file, I do have the .class. I am new to Java, > how do I go about modifying ovirt to use the correct query?
Nathan, first of all, please try to run the query I suggested for you - change the filter to (&(objectClass=krbPrincipalAux)(krbPrincipalName=nat...@bblinkmind.net)) (I understand you try to query IPA with an external tool - please first try to use this filter and see if it works. In my humble opinion, I don't think that you need to change the code, we need to understand why IPA provider is not "detected". Yair > >> <> > Nathan Stratton CTO, BlinkMind, Inc. > nathan at robotics.net nathan at blinkmind.com > http://www.robotics.net http://www.blinkmind.com _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
