584625 – [RFE] [AAA] Query the Active Directory GC for user information

Bug 584625 - [RFE] [AAA] Query the Active Directory GC for user information

Summary: [RFE] [AAA] Query the Active Directory GC for user information

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-extension-aaa-ldap
Sub Component:
Version:	2.3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Alon Bar-Lev
QA Contact:	Ondra Machacek
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:	oVirt-AAA-LDAP
TreeView+	depends on / blocked

Reported:	2010-04-22 05:02 UTC by Issue Tracker
Modified:	2019-03-22 07:04 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	The new generic LDAP provider will fetch group information and 'userPrincipalName' from the Global Catalog in order to work properly in multiple domain installations.
Clone Of:
Environment:
Last Closed:	2015-02-11 18:11:47 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	118763	0	None	None	None	Never
Red Hat Product Errata	RHEA-2015:0174	0	normal	SHIPPED_LIVE	new package: ovirt-engine-extension-aaa-ldap	2015-02-11 22:40:02 UTC

Internal Links: 650593

Comment 18 Alon Bar-Lev 2014-09-23 21:38:24 UTC

Eventually, since active directory truncate long user names within sam account name, we must use user principal name and consult gc (lower performance).

Comment 19 Yaniv Lavi 2015-01-19 14:32:30 UTC

Posting original request:
RHEV-M should be able to query the GC for user information.

Functional Requirements That Are Not Presently Possible:
Consider the case where one has two AD domains A and B. Between these
domains, there is a trust relationship such that B trusts A. It is
currently not possible to authenticate users present in A without directly
connecting to A.
Currently it _is_ possible to configure RHEV-M to use several AD:s but
that requires that RHEV-M should be able to connect directly to all of
them. If a firewall is preventing this, users from A can not be used
although there is a trust between them.

Comment 24 errata-xmlrpc 2015-02-11 18:11:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0174.html

Note You need to log in before you can comment on or make changes to this bug.