Hi, Can you please enable snapshots repository and checkout the new ldap provider[1][2]?
This should be the new support for ldap, and much more efficient than what we had so far. Thanks, Alon [1] ovirt-engine-extension-aaa-ldap [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD ----- Original Message ----- > From: "Marcelo Donato" <[email protected]> > To: [email protected] > Sent: Wednesday, October 29, 2014 7:49:31 PM > Subject: [ovirt-users] oVirt 3.5 and FreeIpa > > > > Below are the details of my installation, both without firewall and selinux > disabled. > > ####################################### IPA SERVER > Hostname: ipa1.din.intranet > IP Addr: 10.30.0.25 > Release: CentOS release 6.6 (Final) x86_64 > ###################################### oVirt Engine Version: 3.5.0.1-1.el6 > Hostname: sequoia.din.intranet > IP Addr: 10.30.0.27 > Release: CentOS release 6.6 (Final) x86_64 > > ###################################### > [root@sequoia ~]# host -t SRV _ldap._tcp.din.intranet > _ldap._tcp.din.intranet has SRV record 0 100 389 ipa1.din.intranet. > [root@sequoia ~]# host -t SRV _kerberos._tcp.din.intranet > _kerberos._tcp.din.intranet has SRV record 0 100 88 ipa1.din.intranet. > [root@sequoia ~]# host -t SRV _kerberos._udp.din.intranet > _kerberos._udp.din.intranet has SRV record 0 100 88 ipa1.din.intranet. > [root@sequoia ~]# host -t SRV _kpasswd._udp.din.intranet > _kpasswd._udp.din.intranet has SRV record 0 100 464 ipa1.din.intranet. > [root@sequoia ~]# host -t A ipa1.din.intranet > ipa1.din.intranet has address 10.30.0.25 > [root@sequoia ~]# ldapsearch -x -b "dc=din, dc=intranet" uid=admin > extended LDIF > LDAPv3 > base <dc=din, dc=intranet> with scope subtree > filter: uid=admin > requesting: ALL > admin, users, compat, din.intranet > dn: uid=admin,cn=users,cn=compat,dc=din,dc=intranet > admin, users, accounts, din.intranet > dn: uid=admin,cn=users,cn=accounts,dc=din,dc=intranet > uid: admin > krbPrincipalName: [email protected] > cn: Administrator > sn: Administrator > uidNumber: 1250800000 > gidNumber: 1250800000 > homeDirectory: /home/admin > loginShell: /bin/bash > gecos: Administrator > search result > search: 2 > result: 0 Success > numResponses: 3 > numEntries: 2 > [root@sequoia ~]# getent passwd admin > admin:*:1250800000:1250800000:Administrator:/home/admin:/bin/bash > [root@sequoia ~]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [email protected] > Valid starting Expires Service principal > 10/29/14 15:37:46 10/30/14 15:37:45 krbtgt/[email protected] > [root@sequoia ~]# engine-manage-domains add --domain=din.intranet > --provider=ipa --user=admin > Enter password: > Error: exception message: ipa1.din.intranet. > Failure while testing domain din.intranet. Details: Kerberos error. Please > check log for further details. > ###################################### > [root@ipa1 ~]# tail -f /var/log/krb5kdc.log > > Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): AS_REQ (4 etypes {18 > 17 16 23}) 10.30.0.27 : NEEDED_PREAUTH: host/[email protected] > for krbtgt/[email protected], Additional pre-authentication required > Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2006](info): AS_REQ (4 etypes {18 > 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18 > ses=18}, host/[email protected] for > krbtgt/[email protected] > Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): TGS_REQ (4 etypes {18 > 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18 > ses=18}, host/[email protected] for > ldap/[email protected] > ###################################### > Why engine-manage-domains does not work? > > > > -- > Ao encaminhar esta mensagem, por favor: > 1. Apague o meu e-mail e o meu nome. > 2. Apague também os endereços dos amigos antes de reenviar > 3. Use Cco ou Bcc para enviar mensagens! > Dificulte a disseminação de vírus e spam. > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
