On 10/31/2014 02:47 PM, Marcelo Donato wrote: > > Below the solution. Resolved By "Alon Bar-Lev" <alo...@redhat.com > <mailto:alo...@redhat.com>> > > > 1. install ovirt-engine-extension-aaa-ldap, it is available in > ovirt-3.5-snapshots repository. > > 2. create /etc/ovirt-engine/extensions.d/din.intranet-authz.properties > > ovirt.engine.extension.name <http://ovirt.engine.extension.name/> = > din-intranet-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties > > 3. create /etc/ovirt-engine/extensions.d/din.intranet-authn.properties > > ovirt.engine.extension.name <http://ovirt.engine.extension.name/> = > din-intranet-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name > <http://ovirt.engine.aaa.authn.profile.name/> = din.intranet > ovirt.engine.aaa.authn.authz.plugin = din-intranet-authz > config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties > > 4. create /etc/ovirt-engine/aaa/din.intranet.properties > > include = <ipa.properties> > > vars.user = uid=admin,cn=users,cn=accounts,dc=din,dc=intranet > vars.password = 123456 > vars.server = ipa1.din.intranet > > pool.default.serverset.single.server = ${global:vars.server} > pool.default.auth.simple.bindDN = ${global:vars.user} > pool.default.auth.simple.password = ${global:vars.password} > > 5. restart engine. > > > Thanks a lot Alon.
Thanks for this, saved me some time! Just a couple of addtions, please hash the password with SSHA (I really hate plain text admin passwords...) I tried putting an {SSHA} encoded password in "vars.password =", but it fails to authenticate while plain text works fine. For people with multiple ipa replica's I you guess you need to use: Round robin configuration: vars.server1 = ipa1.din.intranet vars.server2 = ipa2.din.intranet pool.default.serverset.type = round-robin pool.default.serverset.round-robin.1.server = ${global:vars.server1} pool.default.serverset.round-robin.2.server = ${global:vars.server2} instead of vars.server = ipa1.din.intranet pool.default.serverset.single.server = ${global:vars.server} But I still have to test that as our second replica is down at the moment. Also can we get rid of the internal admin or better just disable internal authenticationt without problems? As we have ipa we don't want local login enabled, but in emergency situations we might need to turn it on quickly. Kind regards, Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts ---------------- Tel: 053 20 30 270 i...@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ----------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users