Hi Ondra,
> > Not really. aaa-ldap by default uses just simple bind, no gssapi. > If you have any problems with certificate I would suggest you to check if > you are using the correct one, correctly. More info for it can be > found here: > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa > -ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863f > cb0f72bc3a;hb=HEAD#l397 > > I've run the following tests in that README you posted above, and all worked fine: ovirt-engine-extensions-tool aaa login-user --profile=mydomain.com --user-name=myuser ovirt-engine-extensions-tool aaa search --extension-name=mydomain.com-authz --entity=principal --entity-name=myuser LDAPTLS_REQCERT=never ldapsearch -ZZ -H ldap://ad.mydomain.com -x -D "CN=myuser,CN=Users,DC=mydomain,DC=com" -W -b "dc=mydomain,dc=com" I thought I wouldn't need to import any certificate from AD - is that a requirement? Do I need to set up Apache separately to use LDAP auth? The service principals exist in the krb5.keytab, but I don't if that is only if you are using SSO. Thanks, Cam _______________________________________________ > Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >>
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
