Bug 584625

Summary: [RFE] [AAA] Query the Active Directory GC for user information
Product: Red Hat Enterprise Virtualization Manager Reporter: Issue Tracker <tao>
Component: ovirt-engine-extension-aaa-ldapAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED ERRATA QA Contact: Ondra Machacek <omachace>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.3.0CC: acathrow, alonbl, bazulay, bsettle, emesika, iheim, juwu, lpeer, luvilla, oourfali, pstehlik, Rhev-m-bugs, sherold, tao, yeylon, ylavi, yzaslavs
Target Milestone: ---Keywords: FutureFeature, Improvement, Reopened
Target Release: 3.5.0   
Hardware: All   
OS: Linux   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
The new generic LDAP provider will fetch group information and 'userPrincipalName' from the Global Catalog in order to work properly in multiple domain installations.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-11 18:11:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1063095    

Comment 18 Alon Bar-Lev 2014-09-23 21:38:24 UTC 
Eventually, since active directory truncate long user names within sam account name, we must use user principal name and consult gc (lower performance).
Comment 19 Yaniv Lavi 2015-01-19 14:32:30 UTC 
Posting original request:
RHEV-M should be able to query the GC for user information.

Functional Requirements That Are Not Presently Possible:
Consider the case where one has two AD domains A and B. Between these
domains, there is a trust relationship such that B trusts A. It is
currently not possible to authenticate users present in A without directly
connecting to A.
Currently it _is_ possible to configure RHEV-M to use several AD:s but
that requires that RHEV-M should be able to connect directly to all of
them. If a firewall is preventing this, users from A can not be used
although there is a trust between them.
Comment 24 errata-xmlrpc 2015-02-11 18:11:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0174.html