HI Alon,
Tried all the options but no luck ,
I have copied the logs in the pastebin below is the
link , warning message is that unable to resolve the
DNS ,let me know any help would I get .
http://pastebin.com/7qN9QnHK
Thanks,
Nagaraju
On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger
<[email protected]
<mailto:[email protected]>> wrote:
Hello Budur,
I've done this recently. Alon, no offense, but the
docs are not quite strait forward...
Requirements:
- LDAP server (obviously) - called here
ldap.mydomain.com <http://ldap.mydomain.com>
- LDAP bind account - called here
[email protected] <mailto:[email protected]>,
password 'Passw@rd'
- At least one existing account in ladp, called
[email protected] <mailto:[email protected]>
Please note, the most common issue will be DNS.
I'll describe in short what steps need to be taken.
All this needs to be done on your engine host. In
the end this was quite easy :)
1. Install the packages:
ovirt-engine-extension-aaa-ldap and
openldap-clients (these are only for testing your
setup)
2. Test if ldap is working in general. (The
extension uses the global catalog at least for AD,
this was news to me):
# ldapsearch -E pr=1024/noprompt -o ldif-wrap=no
-H ldap://ldap.mydomain.com:3268/
<http://ldap.mydomain.com:3268/> -x \
-D '[email protected]
<mailto:[email protected]>' -w Passw@rd -b ''
'([email protected]
<mailto:[email protected]>)' cn userPrincipalName
If this command does not return details of the
user, do debug your ldap and continue once this
works. Example:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: ([email protected]
<mailto:[email protected]>)
# requesting: cn userPrincipalName
# with pagedResults control: size=1024
#
# Some Name, some-ou, mydomain.com
<http://mydomain.com>
dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
cn: Some Name
userPrincipalName: [email protected]
<mailto:[email protected]>
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
pagedresults: cookie=
# numResponses: 2
# numEntries: 1
3. Copy the examples as mentioned from the readme.
4. You only need to modify
/etc/ovirt-engine/aaa/int.m-box.de.properties;
leave the rest as is.
5. There, set:
vars.domain = ldap.mydomain.com
<http://ldap.mydomain.com>
vars.user = ldap@${global:vars.domain}
vars.password = Passw@rd
6. Restart ovirt engine service
7. Log in as admin@einternal and add user rights
and roles from the new provider
Hope this helps.
On 22.09.2015 16 <tel:22.09.2015%2016>:46, Budur
Nagaraju wrote:
>
> below are the three files which I have modified.
>
>
> [root@cstlb2 extensions.d]# cat
profile1-authn.properties
> ovirt.engine.extension.name
<http://ovirt.engine.extension.name>
<http://ovirt.engine.extension.name> = cloudspin-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name
<http://ovirt.engine.aaa.authn.profile.name>
<http://ovirt.engine.aaa.authn.profile.name>
> = cloudspin
> ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth
> config.profile.file.1 =
/etc/ovirt-engine/aaa/ldap1.properties
>
>
> [root@cstlb2 extensions.d]# ls
> profile1-authn.properties profile1-authz.properties
> [root@cstlb2 extensions.d]# cat
profile1-authz.properties
> ovirt.engine.extension.name
<http://ovirt.engine.extension.name>
<http://ovirt.engine.extension.name> = cloudspin-authz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 =
/etc/ovirt-engine/aaa/ldap1.properties
> [root@cstlb2 extensions.d]#
>
>
>
> [root@cstlb2 aaa]# pwd
> /etc/ovirt-engine/aaa
> [root@cstlb2 aaa]# ls
> ldap1.properties
> [root@cstlb2 aaa]# cat ldap1.properties
> #
> # Select one
> #
> include = <openldap.properties>
> #include = <389ds.properties>
> #include = <rhds.properties>
> #include = <ipa.properties>
> #include = <iplanet.properties>
> #include = <rfc2307.properties>
> #include = <rfc2307-openldap.properties>
>
> #
> # Server
> #
> vars.server = my.abc.net <http://my.abc.net>
<http://my.abc.net>
>
> #
> # Search user and its password.
> #
> vars.user =
>
uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net
> vars.password = company
>
> pool.default.serverset.single.server =
${global:vars.server}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password =
${global:vars.password}
>
> # Create keystore, import certificate chain and
uncomment
> # if using ssl/tls.
> #pool.default.ssl.startTLS = true
> #pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
> #pool.default.ssl.truststore.password = changeit
> [root@cstlb2 aaa]#
>
>
>
>
>
>
> On Tue, Sep 22, 2015 at 8:07 PM, Alon Bar-Lev
<[email protected] <mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>> wrote:
>
>
>
> ----- Original Message -----
> > From: "Budur Nagaraju" <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
> > To: "Alon Bar-Lev" <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
> > Cc:[email protected]
<mailto:Cc:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
> > Sent: Tuesday, September 22, 2015 5:35:16 PM
> > Subject: Re: [ovirt-users] LDAP Authentication
> >
> > its too complicated ,you have any script or
video ?
>
> in 3.6 we have a setup script.
> for now:
>
> cp -r
/usr/share/ovirt-engine/examples/simple/.
/etc/ovirt-engine/
>
> this is written in the README.
>
> then customize files at
/etc/ovirt-engine/extnesions.d/*
> /etc/ovirt-engine/aaa/* to match your setup
>
> >
> >
> > On Tue, Sep 22, 2015 at 8:00 PM, Alon Bar-Lev
<[email protected] <mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>> wrote:
> >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Budur Nagaraju" <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
> > > > To: "Alon Bar-Lev" <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
> > > > Cc:[email protected]
<mailto:Cc:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
> > > > Sent: Tuesday, September 22, 2015
5:24:36 PM
> > > > Subject: Re: [ovirt-users] LDAP
Authentication
> > > >
> > > > HI Alon,
> > > >
> > > > Below is the configuration which I have
done ,but unable to search the
> > > > users in UI
> > > > can you pls help me ?
> > >
> > > you need three files, see the
> > >
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple
> > >
> > > >
> > > >
> > > > [root@cstlb2 aaa]# cat ldap1.properties
> > > > #
> > > > # Select one
> > > > #
> > > > include = <openldap.properties>
> > > > #include = <389ds.properties>
> > > > #include = <rhds.properties>
> > > > #include = <ipa.properties>
> > > > #include = <iplanet.properties>
> > > > #include = <rfc2307.properties>
> > > > #include = <rfc2307-openldap.properties>
> > > >
> > > > #
> > > > # Server
> > > > #
> > > > vars.server =my.abc.net
<http://my.abc.net> <http://my.abc.net>
> > > >
> > > > #
> > > > # Search user and its password.
> > > > #
> > > > vars.user =
> > > >
> > >
uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net
> > > > vars.password = company1
> > > >
> > > > pool.default.serverset.single.server =
${global:vars.server}
> > > > pool.default.auth.simple.bindDN =
${global:vars.user}
> > > > pool.default.auth.simple.password =
${global:vars.password}
> > > >
> > > > # Create keystore, import certificate
chain and uncomment
> > > > # if using ssl/tls.
> > > > #pool.default.ssl.startTLS = true
> > > > #pool.default.ssl.truststore.file =
> > > > ${local:_basedir}/${global:vars.server}.jks
> > > > #pool.default.ssl.truststore.password =
changeit
> > > > [root@cstlb2 aaa]#
> > > >
> > > >
> > > >
> > > > On Tue, Sep 22, 2015 at 7:25 PM, Alon
Bar-Lev <[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>> wrote:
> > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Budur Nagaraju"
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
> > > > > > To:[email protected]
<mailto:To:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
> > > > > > Sent: Tuesday, September 22, 2015
4:34:46 PM
> > > > > > Subject: [ovirt-users] LDAP
Authentication
> > > > > >
> > > > > > HI All,
> > > > > >
> > > > > > Can someone help me in configuring
LDAP authentication for Ovirt ?
> > > > >
> > > > > Please review:
> > > > >http://www.ovirt.org/Features/AAA
> > > > >
> > > > >
> >
>https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0
> > > > >
> > > >
> > >
> >
>
>
--
Daniel Helgenberger
m box bewegtbild GmbH
P: +49/30/2408781-22
F: +49/30/2408781-10
ACKERSTR. 19
D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv
<http://www.monkeymen.tv>
Geschäftsführer: Martin Retschitzegger / Michaela
Göllner
Handeslregister: Amtsgericht Charlottenburg / HRB
112767
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.ovirt.org/mailman/listinfo/users
