On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky <[email protected]>wrote:
> + LdapEncryptionType clear is not understandable. > What did you mean by that? > > > ------------------------------ > > *From: *"Vinzenz Feenstra" <[email protected]> > *To: *[email protected] > *Sent: *Monday, November 19, 2012 11:29:42 AM > *Subject: *Re: [Users] I don't know how to add AD users > > > On 11/19/2012 10:01 AM, Cristian Falcas wrote: > > Hi, > > I'm trying to add some users to ovirt using an AD. > > This is the configuration I used for a mediawiki site, which is working > correctly: > $wgAuth = new LdapAuthenticationPlugin(); > $wgLDAPUseLocal = true; > $wgLDAPDomainNames = array( "a_domain"); > $wgLDAPServerNames = array( "a_domain"=>"site.example.com"); > $wgLDAPEncryptionType = array( "a_domain"=>"clear"); > $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME"); > $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com"); > > Those are the commands I tried using: > engine-manage-domains -action=add > -domain=site.example.com-provider=ActiveDirectory -user= > user.name -interactive > > engine-manage-domains -action=add -domain=a_domain > -provider=ActiveDirectory [email protected] -interactive > > engine-manage-domains -action=add -domain=a_domain > -provider=ActiveDirectory [email protected] -interactive > > > You don't add an user this way. You add the domain. You have to pass the > domain admin user and the domain admin password. > Then you can use the domain within the engine. e.g. search users, add > access rights for vms etc. > Even login to the engine and assigning rights within the engine you can > handle from the engine itself. > > Regards, > > And the output on all tries: > Enter password: > > Error: Authentication Failed. Please verify the fully qualified domain > name that is used for authentication is correct.. Problematic domain is: > domain_used_in_command > Failure while applying Kerberos configuration. Details: Authentication > Failed. Please verify the fully qualified domain name that is used for > authentication is correct. > > Can someone help me with the correct parameters? > > > Best regards, > Cristian Falcas > > > _______________________________________________ > Users mailing [email protected]http://lists.ovirt.org/mailman/listinfo/users > > > > -- > Regards, > > Vinzenz Feenstra | Senior Software Engineer > RedHat Engineering Virtualization R & D > Phone: +420 532 294 625 > IRC: vfeenstr or evilissimo > > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > > That was the configuration needed for the wiki extension used for ldap authentication. So the admin users is needed in order to retrieve the list of users only? Can someone recommend the simplest ldap server installation I could use for this? I was thinking first at freeipa, but it's not compatible with mod_ssl, which is required by ovirt. Best regards, Cristian Falcas
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
