Hi!
Starting new thread instead of jacking someone else´s. Managed to migrate from old 'engine-manage-domains' auth to aaa-ldap using: # ovirt-engine-kerbldap-migration-tool --domain baz.foo.bar --cacert /tmp/ca.crt --apply All OK, no errors, but cannot log in: # ovirt-engine-extensions-tool aaa login-user --profile=baz.foo.bar-new --user-name=user: API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS result=SUCCESS but: API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='u...@baz.foo.bar' SEVERE Cannot resolve principal 'u...@baz.foo.bar' So it fails. # ldapsearch -x -H ldap://baz.foo.bar -D u...@foo.bar -W -b DC=baz,DC=foo,DC=bar -s sub "(samAccountName=user)" userPrincipalName | grep 'userPrincipalName:' userPrincipalName: u...@foo.bar How do you configure AAA with base 'DC=baz,DC=foo,DC=bar' when userPrincipalName ends only on '@foo.bar'? /K
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
