I use Freeipa without issue on AAA Ldap.... Here is a simple write up that may help you understand how aaa ldap works. This is out dated, so don't just copy and paste.... however it will help you get the gist https://ipv6cloud.wordpress.com/2014/12/16/ovirt-simple-ldap-aaa/ On Fri, Jan 22, 2016 at 2:08 PM, Justin Bushey <jbushey@inforelay.com> wrote:
Ondra,
Thanks again. You've definitely saved me from spending too much time going down a bunny hole.
-- Justin
On Fri, Jan 22, 2016 at 4:35 AM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
the best thing you can do is to migrate to new AAA ldap[1], as anyway you will have to do so in 4.0, as manage-domains will be removed, so I think better invest time to migration, then to searching for root cause. We will be happy to help you with migration. You can also try migration tool[2].
Ondra
[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob... [2] https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases
On 01/22/2016 09:37 AM, Justin Bushey wrote:
Hello,
I just wanted to see if anyone else has seen issues with using FreeIPA as an authentication domain with oVirt 3.6.1. Specifically, I'm seeing extremely slow performance when authenticating as an IPA user, between 5-10 minutes to get logged into the UI. On the KDC side I'm seeing ticket requests from the oVirt host, which succeed and are repeated. Eventually authentication succeeds to the Web UI.
The IPA domain was added using `engine-manage-domains` with the IPA provider option. I could configure direct LDAP authentication if absolutely need be, but this is really bugging me.
Google hasn't turned up any similar issues so I wanted to check if anyone else has seen anything like this. I can post logs tomorrow if anyone wants to assist me in troubleshooting ;)
Thanks,
Justin Bushey InfoRelay Online Systems, Inc.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Donny Davis