I have recently upgraded openldap to fedora 20 and I had
openldap connected into ovirt 3.5. Everything went
smooth but openldap didn't work with ovirt. The first issue,
is common for all almost all ldap providers since it was cyrus-sasl-lib
bug. There was an easy workaround with setting sasl_qop into auth.
But there was another issue which I don't why happend, but ovirt
send kerberos request:
ldap/localhost@REALM
instead of
ldap/fqdn@REALM,
So to easily workaround this problem just add:
$ kadmin.local:
add_principal -randkey ldap/localhost@REALM
ktadd -keytab your_keytab_path ldap/localhost@REALM
Then restart openldap, and everything goes fine now. :)
Žádné komentáře:
Okomentovat