- Issued:
- 2014-06-19
- Updated:
- 2015-02-11
RHEA-2015:0174 - Product Enhancement Advisory
Synopsis
new package: ovirt-engine-extension-aaa-ldap
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Adds ovirt-engine-extension-aaa-ldap packages, a new implementation for the
ovirt-engine ldap interaction.
Description
Changes to the ovirt-engine-extension-aaa-ldap component:
- The new LDAP provider ovirt-engine-extension-aaa-ldap fully supports SSL/TLS
and startTLS protocols. (BZ#963936)
- With the new LDAP implementation provided by the
ovirt-engine-extension-aaa-ldap package, you can now query an LDAP service using
the site's DNS service record. For example:
pool.default.serverset.srvrecord.service = ldap
pool.default.serverset.srvrecord.protocol = tcp
pool.default.serverset.srvrecord.domain =
MYSITE._sites.ad.dc._msdcs.my-activedirecotry.com
For more information, refer to ovirt-engine-exntesion-aaa-ldap package
documentation. (BZ#650593)
- The new generic LDAP provider will fetch group information and
'userPrincipalName' from the Global Catalog in order to work properly in
multiple domain installations. (BZ#584625)
- The new generic LDAP provider implementation ovirt-engine-extension-aaa-ldap
supports anonymous bind. You can now perform anonymous access to search for user
information and no longer need to set up a specific user to perform directory
search. (BZ#980965)
- The new generic LDAP provider ovirt-engine-extension-aaa-ldap fully supports
multiple Active Directory forests. (BZ#766601)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Virtualization 3.5 x86_64
Fixes
- BZ - 584625 - [RFE] [AAA] Query the Active Directory GC for user information
- BZ - 650593 - PRD35 - [RFE][AAA] Kerberos and LDAP should be performed against current AD site first (preferably, the global catalog in this site) using rhevm-manage-domains
- BZ - 766601 - PRD35 - [RFE][AAA] Support Active Directory multi-domain setup
- BZ - 963936 - PRD35 - [RFE][AAA] Support for "hardened" AD environments with RHEV
- BZ - 980965 - PRD35 - [RFE][AAA] Support anonymous bind for authn/authz
- BZ - 1062320 - [RFE][AAA] Active Directory Group Membership detection on login is too slow for users with large numbers of groups
- BZ - 1083736 - PRD35 - [RFE][AAA] engine should have a generic LDAP provider
- BZ - 1104074 - [AAA] RHEVM does not sync automatically IPA user password incase of password change
- BZ - 1110765 - PRD35 - [RFE] ovirt-engine-extension-aaa-ldap - new package
CVEs
(none)
References
(none)
Red Hat Virtualization 3.5
SRPM | |
---|---|
ovirt-engine-extension-aaa-ldap-1.0.2-1.el6ev.src.rpm | SHA-256: 7eff45c366ee75ad441ff31619e9d578f21d38521c85dbb78e4bc808febc1099 |
x86_64 | |
ovirt-engine-extension-aaa-ldap-1.0.2-1.el6ev.noarch.rpm | SHA-256: 5a182909ecb90dc0e0794ff5a0612deef8e2a07315bf5c871ff064f2c365ff14 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.