Seguindo a
sugestão do Amador, fui para a versão 3.5 do oVirt já que na
3.4 não tive sucesso.
Na nova
versão, oVirt e FreeIpa trabalhando perfeitamente em conjunto.
Abaixo a
solução para a questão.
Mais uma vez
agradeço ao Amador, tanto pela sugestão quanto pela atenção, e
ao Alon Bar que resolveu o problema.
#####################################################
1.
install ovirt-engine-extension-aaa-ldap, it is available in
ovirt-3.5-snapshots repository.
2. create
/etc/ovirt-engine/extensions.d/din.intranet-authz.properties
ovirt.engine.extension.name = din-intranet-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 =
/etc/ovirt-engine/aaa/din.intranet.properties
3. create
/etc/ovirt-engine/extensions.d/din.intranet-authn.properties
ovirt.engine.extension.name = din-intranet-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = din.intranet
ovirt.engine.aaa.authn.authz.plugin = din-intranet-authz
config.profile.file.1 =
/etc/ovirt-engine/aaa/din.intranet.properties
4. create
/etc/ovirt-engine/aaa/din.intranet.properties
include =
<ipa.properties>
vars.user =
uid=admin,cn=users,cn=accounts,dc=din,dc=intranet
vars.password = 123456
vars.server =
ipa1.din.intranet
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password =
${global:vars.password}
5. restart engine.