----- Original Message -----
> From: jdel...@web.de
> To: "Alon Bar-Lev" <alo...@redhat.com>
> Cc: users@ovirt.org
> Sent: Monday, January 12, 2015 4:16:17 PM
> Subject: Re: [ovirt-users] Setting Base DN for LDAP authentication
>
> Hello,
>
> many thanks to Alon! We have a working setup with support for base dn. The
> special challenge in our setup is the constraint of specifying a base dn for
> every ldap search and referrals inside the branches that must be processed.
>
> If anyone has the same problem, our working configuration with a slightly
> newer version of ovirt-engine-extension-aaa-ldap is:
Note that this environment has more than only baseDN issue, it also requires to
dereference references at server side. Most environments should not require
this, nor have invalid baseDN in their rootDSE naming context.
In this specific environment a query for baseDN X result in baseDN Y.
Thank you Jannick for the problem determination process.
Supporting baseDN X->Y will be formally released in 1.0.2.
>
> $ cat /etc/ovirt-engine/aaa/company-ldap.properties
> include = <rfc2307-openldap.properties>
>
> vars.server = ldap.company.de
>
> vars.user = cn=system,dc=company,dc=de
> vars.password = password
>
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
>
> sequence-init.init.100-my-basedn-init-vars = my-basedn-init-vars
> sequence.my-basedn-init-vars.010.description = set baseDN
> sequence.my-basedn-init-vars.010.type = var-set
> sequence.my-basedn-init-vars.010.var-set.variable = simple_baseDN
> sequence.my-basedn-init-vars.010.var-set.value = dc=company,dc=de
>
> search.default.search-request.derefPolicy = ALWAYS
>
> Best regards
>
> Jannick
>
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
