----- Original Message ----- > From: "lofyer" <lof...@gmail.com> > To: "Yair Zaslavsky" <yzasl...@redhat.com> > Cc: "users" <users@ovirt.org> > Sent: Tuesday, October 14, 2014 9:29:57 AM > Subject: Re: [ovirt-users] How to mapping LDAP users in AAA > > Sun Java Access System Manager
this is not openldap... why do you use openldap profile? please attach full export of this ldap server, output of: rootdse: $ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w mypassword -s BASE entities: $ ldapsearch -o ldif-wrap=no -E pr=100/noprompt -H ldap://example.com -x -D 'cn=directory manager' -w mypassword -b <NAMING_CONTEXT> > > > 在 14-10-14 下午1:52, Yair Zaslavsky 写道: > > > > ----- Original Message ----- > >> From: "lofyer" <lof...@gmail.com> > >> To: "users" <users@ovirt.org> > >> Sent: Tuesday, October 14, 2014 5:10:56 AM > >> Subject: [ovirt-users] How to mapping LDAP users in AAA > >> > >> I've got a LDAP server without kerberos and I am trying to intergrate > >> its users to oVirt-3.5 with AAA. > >> ========================== > > Which ldap server is that, what vendor? > > > >> /etc/ovirt-engine/aaa/example.properties: > >> > >> include = <openldap.properties> > >> > >> vars.user = cn=directory manager > >> vars.password = mypassword > >> vars.server = example.com > >> > >> #pool.default.ssl.startTLS = false > >> #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem > >> #pool.default.ssl.truststore.password = admin > >> > >> pool.default.serverset.single.server = ${global:vars.server} > >> pool.default.auth.simple.bindDN = ${global:vars.user} > >> pool.default.auth.simple.password = ${global:vars.password} > >> ========================== > >> > >> This is my basic ldap infomation: > >> > >> ou=Groups > >> | > >> +---- cn=UserGroup1 > >> | > >> +---- cn=UserGroup2 > >> > >> ou=UserGroup1 > >> | > >> +---- cn=user1 > >> | > >> +---- cn=user2 > >> > >> > >> ou=UserGroup2 > >> | > >> +---- cn=user3 > >> | > >> +---- cn=user4 > >> > >> ========================== > >> > >> Now I can see example.com in web portal but I cannot list users in UG1 > >> or UG2. > >> > >> I find that I could map DN, ID NAME, DISPLAY in the config file. What > >> should I add in the config file then? > >> _______________________________________________ > >> Users mailing list > >> Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users > >> > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users