I finally got this to work so I'm posting what I did in case it may help someone else in the future. Hopefully the format of this site won't make it hard to read.
- Thanks to Edward Berger who got me to the right direction and providing this link: https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/profiles/openldap.properties - Also Thanks to Ondra Machacek for advising to use the ovirt-engine-extensions-tool All changes are made on /etc/ovirt-engine/aaa/MYDOMAIN.com.properties - Once I added this line: sequence.openldap-init-vars.040.var-set.value = (objectClass=Person)(${seq:simple_attrsUserName}=*) - I was getting this error: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='null' 2019-09-06 10:50:18,837-04 SEVERE Cannot locate principal 'null' - So then I changed the Principal map from "uid" to "cn" by adding this line: attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn - After that, it pulled the user principal name, but then when trying to add a user in the web interface, it would fail with this error: ERROR: null value in column "external_id" violates not-null constraint - So I mapped the PrincipalRecord_ID to the user mail attribute figuring that would be fine since emails are mostly unique anyway,by adding the following line: attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail My configuration: /etc/ovirt-engine/aaa/MYDOMAIN.com.properties include = <openldap.properties> vars.server = SERVERNAME.MYDOMAIN.com vars.user = ldapu...@mydomain.com vars.password = USER PASSWORD pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = single pool.default.serverset.single.server = ${global:vars.server} attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail sequence.openldap-init-vars.010.description = set base dn sequence.openldap-init-vars.010.type = var-set sequence.openldap-init-vars.010.var-set.variable = simple_attrsBaseDN sequence.openldap-init-vars.010.var-set.value = DC=MYDOMAIN,DC=com sequence.openldap-init-vars.020.var-set.value = cn sequence.openldap-init-vars.040.var-set.value = (objectClass=Person)(${seq:simple_attrsUserName}=*) _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/H3SB6QRWEZETO6YJEDO7SMAVEMH4PPHZ/
