<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 04/15/2015 12:08 PM, Николаев
Алексей wrote:<br>
</div>
<blockquote cite="mid:2853701429092492@web25j.yandex.ru" type="cite">
<div>Hi community!</div>
<div> </div>
<div>The
Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says
how to add users from external directory.</div>
<div>But now i want to disable <a moz-do-not-send="true"
href="mailto:admin@internal">admin@internal</a> account for
security reasons and use it only for disaster recovery
situations (or then ldaps servers not available). Can i do it?</div>
<div> </div>
<div>What are best practises for use only external directory?</div>
<div>If i delete <a moz-do-not-send="true"
href="mailto:admin@internal">admin@internal</a> account can i
add it again?</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
</blockquote>
Should be possible last time I asked, see response below:<br>
<br>
<br>
<br>
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject: </th>
<td>Re: [ovirt-users] oVirt 3.5 and FreeIpa</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Thu, 22 Jan 2015 06:59:52 -0500 (EST)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Alon Bar-Lev <a class="moz-txt-link-rfc2396E" href="mailto:alonbl@redhat.com"><alonbl@redhat.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>Jorick Astrego <a class="moz-txt-link-rfc2396E" href="mailto:j.astrego@netbulae.eu"><j.astrego@netbulae.eu></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">CC: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a></td>
</tr>
</tbody>
</table>
<br>
<snip><br>
<br>
Also can we get rid of the internal admin or better just disable
internal
authenticationt without problems? As we have ipa we don't want local
login
enabled, but in emergency situations we might need to turn it on
quickly.<br>
<br>
<pre wrap="">Yes, you can disable the internal by creating /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
---
ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
---
Hmmm.... we have a bug in this case... will fix, so let's just disable the authz for now.
---
ENGINE_EXTENSION_ENABLED_internal = false</pre>
<br>
<br>
<BR />
<BR />
<b style="color:#604c78"></b><br><span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br><br></span>Jorick Astrego</font></span><b style="color:#604c78"><br><br>Netbulae Virtualization Experts </b><br><hr style="border:none;border-top:1px solid #ccc;"><table style="width: 522px"><tbody><tr><td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px">info@netbulae.eu</td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td></tr><tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px">www.netbulae.eu</td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td></tr></tbody></table><br><hr style="border:none;border-top:1px solid #ccc;"><BR />
</body>
</html>