[ovirt-users] Creating new users on oVirt 3.5

[Donny Davis]

For the ca.pem, I had to import it from my ldap server, and this was my method of getting it to the engine. 
I use nano to create the file. there is probably a better way, but this was for my enviroment. 

-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl at redhat.com] 
Sent: Tuesday, December 16, 2014 10:13 AM
To: Donny Davis
Cc: Fedele Stabile; users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5



----- Original Message -----
> From: "Donny Davis" <donny at cloudspin.me>
> To: "Alon Bar-Lev" <alonbl at redhat.com>, "Fedele Stabile" <fedele.stabile at fis.unical.it>
> Cc: users at ovirt.org
> Sent: Tuesday, December 16, 2014 4:57:16 PM
> Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
> 
> Check out my write-up on AAA,
> I tried my best to break it down, and make it simple
> 
> https://cloudspin.me/ovirt-simple-ldap-aaa/

Thanks for helpful documentation!

> Once again, don’t get hung up on the file names, they really only mean something to you. Maybe someone that knows more than me can shed some light on this??

Indeed the file names are not important as long as the extension is .properties the files will be read.

> Important to note, that if you use an IP Address here you may have TLS problems, and once again I am no pro, but I had problems trying to get TLS and IP addresses to play nice

Indeed, the certificate should contain ip address in subject or subject alternate name in order to ip to be usable in tls, this is not specific to this implementation.

> nano ca.pem – This is done on your engine, and you paste the above output into this file

not sure why you cannot just use ca.pem as-is when using keytool.

Regards,
Alon Bar-Lev.