Re: [ovirt-users] oVirt, LDAP & SSO: authentication domain/profile consolidation
Hi, Martin, you wrote:
there is no reason to have different authz providers for both authn
providers, because authz part is the same for both kerberos and LDAP.
Just edit for example kerberos authn configuration file in
/etc/ovirt-engine/extension.d/ and change
'ovirt.engine.aaa.authn.authz.plugin' option to the name of your LDAP
authz provider.
When done please restart ovirt-engine to apply changes.
Thank you for the above succinct and clear explanation.
I changed the configuration accordingly and can confirm that
it resolved the issue. When I log in via a Kerberos Ticket
Granting Ticket and interactively via the LDAP-backed oVirt login
web form, I am mapped to a single authentication domain.
Best wishes,
Lloyd