Why openldap server? We do not support openldap at the moment. ----- Original Message -----
> From: "Jure Kranjc" <jure.kra...@arnes.si> > To: users@ovirt.org > Sent: Tuesday, March 19, 2013 3:50:49 PM > Subject: Re: [Users] ldap simple > Hi. > Further testing... > - Setup: one ldap server with added user to match ovirt searches > (while adding user in webadmin), > - Fedora 18, engine 3.2.1, openldap-server, simple authentication, no > firewalls, > - with packet inspection we can see ldap responding with requested > attributes > - still, there are errors in logs, see below, and no users are listed > in webadmin, engine fails to parse given attributes > - engine-manage-domains -action=validate returns "Invalid > credentials" even though binding is ok and ldap is replying with > data. > Can anyone point us to some documentation on this topic? > Is really AD the only good solution for user management? > engine.log > 2013-03-19 15:16:53,042 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-3) Error in running LDAP query. BaseDN is , > filter is (&(&(objectClass=person)) > (|(givenname=test)(sn=test)(uid=test)(uid=test))). Exception message > is: null > 2013-03-19 15:16:53,043 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-3) Failed ldap search server > ldap://ldaphost.domain.si:389 due to null. We should try the next > server > server.log > 2013-03-19 15:17:24,113 ERROR > [org.springframework.ldap.control.AbstractRequestControlDirContextProcessor] > (ajp--127.0.0.1-8702-6) No matching response control found for paged > results - looking for 'class > javax.naming.ldap.PagedResultsResponseControl > On 03/18/2013 09:09 AM, Yair Zaslavsky wrote: > > Hi, > > > We're issuing a RootDSE query (once per LDAP domain configured). > > > We try to obtain from it the "defaultNamingContext" attribute. > > > If does not exist - we try to obtain ""NamingContexts" > > > We store the result at a "domainDn" (we have a data structure which > > maps domains to information objects, one of the fields at the > > information object is the DN of the domain) field, and we use it to > > compose the full ldap URL we send the queries to. > > > ----- Original Message ----- > > > > From: "Andrej Bagon" <andrej.ba...@arnes.si> > > > > > > To: "Itamar Heim" <ih...@redhat.com> > > > > > > Cc: users@ovirt.org , "Yair Zaslavsky" <yzasl...@redhat.com> , > > > "Oved > > > Ourfalli" <oourf...@redhat.com> > > > > > > Sent: Monday, March 18, 2013 9:07:06 AM > > > > > > Subject: Re: [Users] ldap simple > > > > > > Hi, > > > > > > the system is trying to bind to ldap as: > > > > > > bind request: > > > uid=cn=ovirt,cn=Users,cn=Accounts,dc=ourdomain,dc=si > > > > > > I dont know how it knows dc=ourdomain,dc=si > > > > > > It should be > > > > > > bind request: cn=ovirt,ou=system,dc=ourdomain,dc=si" -b > > > "dc=arnes,dc=si > > > > > > The same with the search: we have users in form as: > > > > > > edupersonprincipalname=usern...@users.ourdomain.si > > > ,dc=users,dc=ourdomain,dc=si > > > > > > values in database: > > > > > > select * from vdc_options where option_name in > > > ('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTypes','AdUserName','AdUserPassword') > > > order by option_id; > > > > > > option_id | option_name | option_value | version > > > > > > -----------+----------------------------+--------------------------------+--------- > > > > > > 10 | AdUserName | users.ourdomain.si:ovirt | general > > > > > > 11 | AdUserPassword |users.ourdomain.si:adminpassword | general > > > > > > 69 | DomainName | users.ourdomain.si | general > > > > > > 130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE | > > > general > > > > > > 132 | LdapServers | users.ourdomain.si:server.ourdomain.si | > > > general > > > > > > 133 | LDAPProviderTypes | users.ourdomain.si:rhds | general > > > > > > (6 rows) > > > > > > Best Regards, > > > > > > Andrej Bagon > > > > > > On 03/15/2013 12:09 PM, Itamar Heim wrote: > > > > > > > On 03/14/2013 01:58 PM, Andrej Bagon wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > is it possible to change the bind request that is sent to the > > > > > ldap > > > > > > > > > > > > > > > server? The default > > > > > uid=user,cn=Users,cn=Accounts,cn=our,cn=domain > > > > > is > > > > > > > > > > > > > > > not suitable. > > > > > > > > > > > > > > can you please explain why / what you would like to change it > > > > to? > > > > > > > > > > (not sure possible now, but there is work to make it more > > > > configurable/pluggable) > > > > > > > > _______________________________________________ > > > Users mailing list Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users