- Issued:
- 2017-04-18
- Updated:
- 2017-07-17
RHEA-2017:1017 - Product Enhancement Advisory
Synopsis
ovirt-engine-extension-aaa-ldap bug fix and enhancement update for RHV 4.1
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated ovirt-engine-extension-aaa-ldap packages that fix several bugs and add various enhancements are now available.
Description
The ovirt-engine-extension-aaa-ldap extension allows users to customize their external directory setup easily. The ovirt-engine-extension-aaa-ldap extension supports many different LDAP server types, and an interactive setup script is provided to assist you with the setup for most LDAP types.
Changes to the ovirt-engine-extension-aaa-ldap component:
- With this update, IBM Security (Tivoli) Directory Server has been added to supported LDAP servers in ovirt-engine-extension-aaa-ldap. This allows customers to attach Red Hat Virtualization 4.1 to their IBM Security (Tivoli) Directory Server setup and to use users and groups from this setup in Red Hat Virtualization. (BZ#1379000)
- With this update, the debug logging for ovirt-engine-extension-aaa-ldap has been updated. When ovirt-engine-extension-aaa-ldap is enabled the following messages will show in the logs. The LDAP server that authenticated a user is shown as "User 'myuser1' is performing bind request to: ldap.example.com" and the LDAP server that performed a search request is shown as "Performing SearchRequest '...' request on server ldap.example.com." (BZ#1353750)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
Affected Products
- Red Hat Virtualization 4.1 x86_64
Fixes
- BZ - 1353750 - [RFE] Add logging to show which LDAP server was used to execute query on
- BZ - 1379000 - [RFE] - [AAA] Add support for IBM Security (Tivoli) Directory server
- BZ - 1383947 - Rebase ovirt-engine-extension-aaa-ldap for RHV 4.1
- BZ - 1403316 - [RFE] Ability for AD users to login to RHV via AAA using their usernames instead of UPN format
- BZ - 1413144 - typo error in interactive ovirt-engine-extension-aaa-ldap-setup
- BZ - 1420281 - Ignore groups which can't be resolved from non-working domain inside Active Directory multi-domain forrest
CVEs
(none)
References
(none)
Red Hat Virtualization 4.1
| SRPM | |
|---|---|
| ovirt-engine-extension-aaa-ldap-1.3.1-1.el7ev.src.rpm | SHA-256: 59d902932e96e7a8157e82fb94c40bbc25c13358021d076ec5881a06be55b40e |
| x86_64 | |
| ovirt-engine-extension-aaa-ldap-1.3.1-1.el7ev.noarch.rpm | SHA-256: ebd49fa1c96a5150d81038e97383e0b30d0132bcac0fdf1c7bcfcd1381850b8a |
| ovirt-engine-extension-aaa-ldap-setup-1.3.1-1.el7ev.noarch.rpm | SHA-256: 890a1426da5f54966d745e919d465203626887b378514178490ef212a48fc2b2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
