Hi,I have configured oVirt authentication against our MicroFocus/Novell eDirectory (edir) ldap. It is working fine on per user base. Now I am tried to set permissions per group but it seems does not work.
My CRO.properties
---
include = <rfc2307-edir.properties>
vars.server = ldap.********
vars.port = 389
vars.user = cn=*******************
vars.password = *******************
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = ${global:vars.port}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.ssl.startTLS = true
pool.default.socketfactory.resolver.supportIPv6 = false
sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
sequence.my-edir-init-vars.010.description = set baseDN
sequence.my-edir-init-vars.010.type = var-set
sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
sequence.my-edir-init-vars.010.var-set.value = o=su
search.default.search-request.derefPolicy = ALWAYS
---
I am able search groups in manager but users with permissions per group
are unable to login with "The user *********** with profile [CRO] is not
authorized to perform login".
When I try debug it withovirt-engine-extensions-tool aaa login-user --profile=CRO --user-name=*******
I can see common attributes (name, email,...) in PrincipalRecord but not any record mentioned group membership.
Group which holds this user has posixGroup objectClass and member attributes which points to dn of users.
There were also similar post in this list in 2019 which unfortunately was not much specific with solution
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/PBQXDJGOZ2ET347YDZFSQPFJGMNSALHD/Could any suggest how to better debug this or how to modify group search filter in my profile to work with member attribute?
Thanks in advance, Jiri
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RPHPO4J42ZYX377KBSBC6QMKVJ26ZA66/
