From fedele.stabile at fis.unical.it Mon Dec 15 15:55:08 2014
Content-Type: multipart/mixed; boundary="===============5525995312399995353=="
MIME-Version: 1.0
From: Fedele Stabile <fedele.stabile at fis.unical.it>
To: users at ovirt.org
Subject: [ovirt-users] Creating new users on oVirt 3.5
Date: Mon, 15 Dec 2014 18:05:28 +0000
Message-ID: <loom.20141215T170755-976@post.gmane.org>

--===============5525995312399995353==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Hello,
I have to create some users on my oVirt 3.5 infrastructure.
On FridayI  was following istructions on http://www.ovirt.org/LDAP_Quick_St=
art
LDAP Quick Start =

so I correctly created a OpenLDAP server and a Kerberos service, but =

this morning I read that the instructions are obsolete...
Now I'm trying to understand how to implement the new mechanism... but I'm
in troubles:
1) run yum install ovirt-engine-extension-aaa-ldap
2) copied files in /etc/ovirt-engine/extensions.d and modified the name in
fis.unical.it-auth(n/z).properties
3) copied files in /etc/ovirt-engine/aaa
but now I can't do anything

Can you help me with newbye instructions to install the aaa-extensions?
Thank you very much
Fedele Stabile



--===============5525995312399995353==--

From lfinstrle at netsuite.com Tue Dec 16 03:24:01 2014
Content-Type: multipart/mixed; boundary="===============7894550124366539064=="
MIME-Version: 1.0
From: Finstrle, Ludek <lfinstrle at netsuite.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 08:23:57 +0000
Message-ID: <1418718237.3029.7.camel@lfinstrle-lp.corp.netledger.com>
In-Reply-To: loom.20141215T170755-976@post.gmane.org

--===============7894550124366539064==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<html><bodyHi Fedele,

Fedele Stabile p=C3=AD=C5=A1e v Po 15. 12. 2014 v 18:05 +0000:
> Hello,
> I have to create some users on my oVirt 3.5 infrastructure.
> On FridayI  was following istructions on http://www.ovirt.org/LDAP_Quick_=
Start
> LDAP Quick Start =

> so I correctly created a OpenLDAP server and a Kerberos service, but =

> this morning I read that the instructions are obsolete...
> Now I'm trying to understand how to implement the new mechanism... but I'm
> in troubles:
> 1) run yum install ovirt-engine-extension-aaa-ldap
> 2) copied files in /etc/ovirt-engine/extensions.d and modified the name in
> fis.unical.it-auth(n/z).properties
> 3) copied files in /etc/ovirt-engine/aaa
> but now I can't do anything
> =

> Can you help me with newbye instructions to install the aaa-extensions?
> Thank you very much
> Fedele Stabile

  please send your config files (feel free to mask the password).

Update:
  /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in

Make sure handle level name is ALL for ENGINE:
---
      <file-handler name=3D"ENGINE" autoflush=3D"true">
        <level name=3D"ALL"/>
---

Add the following before the <root-logger> line:
---
      <logger category=3D"org.ovirt.engineextensions.aaa.ldap">
        <level name=3D"ALL"/>
      </logger>
---

Flush the engine log (e.g.: > /var/log/ovirt-engine/engine.log)
Restart the engine and send the engine.log, this way we can see what
happening during initialization.

Cheers,

Luf


NOTICE: This email and any attachments may contain confidential and proprie=
tary information of NetSuite Inc. and is for the sole use of the intended r=
ecipient for the stated purpose. Any improper use or distribution is prohib=
ited. If you are not the intended recipient, please notify the sender; do n=
ot review, copy or distribute; and promptly delete or destroy all transmitt=
ed information. Please note that all communications and information transmi=
tted through this email system may be monitored by NetSuite or its agents a=
nd that all incoming email is automatically scanned by a third party spam a=
nd filtering service

</body></html>

--===============7894550124366539064==
Content-Type: text/html
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.html"

PEhUTUw+PGJvZHk+CiAgICA8YnIgLz4KICAgIEhpIEZlZGVsZSw8QlI+CjxCUj4KRmVkZWxlIFN0
YWJpbGUgcCZpYWN1dGU7xaFlIHYgUG8gMTUuIDEyLiAyMDE0IHYgMTg6MDUgKzAwMDA6PEJSPgom
Z3Q7IEhlbGxvLDxCUj4KJmd0OyBJIGhhdmUgdG8gY3JlYXRlIHNvbWUgdXNlcnMgb24gbXkgb1Zp
cnQgMy41IGluZnJhc3RydWN0dXJlLjxCUj4KJmd0OyBPbiBGcmlkYXlJICB3YXMgZm9sbG93aW5n
IGlzdHJ1Y3Rpb25zIG9uIDxhIGhyZWY9Imh0dHA6Ly93d3cub3ZpcnQub3JnL0xEQVBfUXVpY2tf
U3RhcnQiIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vd3d3Lm92aXJ0Lm9yZy9MREFQX1F1aWNrX1N0
YXJ0PC9hPjxCUj4KJmd0OyBMREFQIFF1aWNrIFN0YXJ0IDxCUj4KJmd0OyBzbyBJIGNvcnJlY3Rs
eSBjcmVhdGVkIGEgT3BlbkxEQVAgc2VydmVyIGFuZCBhIEtlcmJlcm9zIHNlcnZpY2UsIGJ1dCA8
QlI+CiZndDsgdGhpcyBtb3JuaW5nIEkgcmVhZCB0aGF0IHRoZSBpbnN0cnVjdGlvbnMgYXJlIG9i
c29sZXRlLi4uPEJSPgomZ3Q7IE5vdyBJJ20gdHJ5aW5nIHRvIHVuZGVyc3RhbmQgaG93IHRvIGlt
cGxlbWVudCB0aGUgbmV3IG1lY2hhbmlzbS4uLiBidXQgSSdtPEJSPgomZ3Q7IGluIHRyb3VibGVz
OjxCUj4KJmd0OyAxKSBydW4geXVtIGluc3RhbGwgb3ZpcnQtZW5naW5lLWV4dGVuc2lvbi1hYWEt
bGRhcDxCUj4KJmd0OyAyKSBjb3BpZWQgZmlsZXMgaW4gL2V0Yy9vdmlydC1lbmdpbmUvZXh0ZW5z
aW9ucy5kIGFuZCBtb2RpZmllZCB0aGUgbmFtZSBpbjxCUj4KJmd0OyBmaXMudW5pY2FsLml0LWF1
dGgobi96KS5wcm9wZXJ0aWVzPEJSPgomZ3Q7IDMpIGNvcGllZCBmaWxlcyBpbiAvZXRjL292aXJ0
LWVuZ2luZS9hYWE8QlI+CiZndDsgYnV0IG5vdyBJIGNhbid0IGRvIGFueXRoaW5nPEJSPgomZ3Q7
IDxCUj4KJmd0OyBDYW4geW91IGhlbHAgbWUgd2l0aCBuZXdieWUgaW5zdHJ1Y3Rpb25zIHRvIGlu
c3RhbGwgdGhlIGFhYS1leHRlbnNpb25zPzxCUj4KJmd0OyBUaGFuayB5b3UgdmVyeSBtdWNoPEJS
PgomZ3Q7IEZlZGVsZSBTdGFiaWxlPEJSPgo8QlI+CiAgcGxlYXNlIHNlbmQgeW91ciBjb25maWcg
ZmlsZXMgKGZlZWwgZnJlZSB0byBtYXNrIHRoZSBwYXNzd29yZCkuPEJSPgo8QlI+ClVwZGF0ZTo8
QlI+CiAgL3Vzci9zaGFyZS9vdmlydC1lbmdpbmUvc2VydmljZXMvb3ZpcnQtZW5naW5lL292aXJ0
LWVuZ2luZS54bWwuaW48QlI+CjxCUj4KTWFrZSBzdXJlIGhhbmRsZSBsZXZlbCBuYW1lIGlzIEFM
TCBmb3IgRU5HSU5FOjxCUj4KLS0tPEJSPgogICAgICAmbHQ7ZmlsZS1oYW5kbGVyIG5hbWU9JnF1
b3Q7RU5HSU5FJnF1b3Q7IGF1dG9mbHVzaD0mcXVvdDt0cnVlJnF1b3Q7Jmd0OzxCUj4KICAgICAg
ICAmbHQ7bGV2ZWwgbmFtZT0mcXVvdDtBTEwmcXVvdDsvJmd0OzxCUj4KLS0tPEJSPgo8QlI+CkFk
ZCB0aGUgZm9sbG93aW5nIGJlZm9yZSB0aGUgJmx0O3Jvb3QtbG9nZ2VyJmd0OyBsaW5lOjxCUj4K
LS0tPEJSPgogICAgICAmbHQ7bG9nZ2VyIGNhdGVnb3J5PSZxdW90O29yZy5vdmlydC5lbmdpbmVl
eHRlbnNpb25zLmFhYS5sZGFwJnF1b3Q7Jmd0OzxCUj4KICAgICAgICAmbHQ7bGV2ZWwgbmFtZT0m
cXVvdDtBTEwmcXVvdDsvJmd0OzxCUj4KICAgICAgJmx0Oy9sb2dnZXImZ3Q7PEJSPgotLS08QlI+
CjxCUj4KRmx1c2ggdGhlIGVuZ2luZSBsb2cgKGUuZy46ICZndDsgL3Zhci9sb2cvb3ZpcnQtZW5n
aW5lL2VuZ2luZS5sb2cpPEJSPgpSZXN0YXJ0IHRoZSBlbmdpbmUgYW5kIHNlbmQgdGhlIGVuZ2lu
ZS5sb2csIHRoaXMgd2F5IHdlIGNhbiBzZWUgd2hhdDxCUj4KaGFwcGVuaW5nIGR1cmluZyBpbml0
aWFsaXphdGlvbi48QlI+CjxCUj4KQ2hlZXJzLDxCUj4KPEJSPgpMdWY8QlI+CgogICAgPGJyIC8+
CjxiciAvPgo8Zm9udCBzaXplPSIxIj4KTk9USUNFOiBUaGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNo
bWVudHMgbWF5IGNvbnRhaW4gY29uZmlkZW50aWFsIGFuZCBwcm9wcmlldGFyeSBpbmZvcm1hdGlv
biBvZiBOZXRTdWl0ZSBJbmMuIGFuZCBpcyBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRl
ZCByZWNpcGllbnQgZm9yIHRoZSBzdGF0ZWQgcHVycG9zZS4gQW55IGltcHJvcGVyIHVzZSBvciBk
aXN0cmlidXRpb24gaXMgcHJvaGliaXRlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJl
Y2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyOyBkbyBub3QgcmV2aWV3LCBjb3B5IG9y
IGRpc3RyaWJ1dGU7IGFuZCBwcm9tcHRseSBkZWxldGUgb3IgZGVzdHJveSBhbGwgdHJhbnNtaXR0
ZWQgaW5mb3JtYXRpb24uIFBsZWFzZSBub3RlIHRoYXQgYWxsIGNvbW11bmljYXRpb25zIGFuZCBp
bmZvcm1hdGlvbiB0cmFuc21pdHRlZCB0aHJvdWdoIHRoaXMgZW1haWwgc3lzdGVtIG1heSBiZSBt
b25pdG9yZWQgYW5kIHJldGFpbmVkIGJ5IE5ldFN1aXRlIG9yIGl0cyBhZ2VudHMgYW5kIHRoYXQg
YWxsIGluY29taW5nIGVtYWlsIGlzIGF1dG9tYXRpY2FsbHkgc2Nhbm5lZCBieSBhIHRoaXJkIHBh
cnR5IHNwYW0gYW5kIGZpbHRlcmluZyBzZXJ2aWNlIHdoaWNoIG1heSByZXN1bHQgaW4gZGVsZXRp
b24gb2YgYSBsZWdpdGltYXRlIGUtbWFpbCBiZWZvcmUgaXQgaXMgcmVhZCBieSB0aGUgaW50ZW5k
ZWQgcmVjaXBpZW50LjwvZm9udD4KPC9ib2R5PjwvSFRNTD4KCgoK

--===============7894550124366539064==--

From alonbl at redhat.com Tue Dec 16 03:49:18 2014
Content-Type: multipart/mixed; boundary="===============3430979917040742126=="
MIME-Version: 1.0
From: Alon Bar-Lev <alonbl at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 03:49:14 -0500
Message-ID: <2122296518.9480169.1418719754194.JavaMail.zimbra@redhat.com>
In-Reply-To: loom.20141215T170755-976@post.gmane.org

--===============3430979917040742126==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable



----- Original Message -----
> From: "Fedele Stabile" <fedele.stabile(a)fis.unical.it>
> To: users(a)ovirt.org
> Sent: Monday, December 15, 2014 8:05:28 PM
> Subject: [ovirt-users] Creating new users on oVirt 3.5
> =

> Hello,
> I have to create some users on my oVirt 3.5 infrastructure.
> On FridayI  was following istructions on
> http://www.ovirt.org/LDAP_Quick_Start
> LDAP Quick Start
> so I correctly created a OpenLDAP server and a Kerberos service, but
> this morning I read that the instructions are obsolete...
> Now I'm trying to understand how to implement the new mechanism... but I'm
> in troubles:
> 1) run yum install ovirt-engine-extension-aaa-ldap
> 2) copied files in /etc/ovirt-engine/extensions.d and modified the name in
> fis.unical.it-auth(n/z).properties
> 3) copied files in /etc/ovirt-engine/aaa
> but now I can't do anything
> =

> Can you help me with newbye instructions to install the aaa-extensions?
> Thank you very much
> Fedele Stabile

Hello,

Have you read[1]?
We of course need help in improving documentation :)
Can you please send engine.log when starting up engine so I can see if ther=
e are any issues?
Please make sure that at /etc/ovirt-engine/extensions.d you set the config.=
profile.file.1 to absolute file, /etc/ovirt-enigne/aaa/ as we wait for 3.5.=
1 to support relative names.

The simplest sequence is:

1. copy recursive /usr/share/ovirt-engine-extension-aaa-ldap/examples/simpl=
e to /etc/ovirt-engine
2. edit /etc/ovirt-engine/extension.d/* replace ../aaa to /etc/ovirt-engine=
/aaa this is pending 3.5.1.
3. edit /etc/ovirt-engine/aaa/ldap1.properties and set vars.server, vars.us=
er, vars.password to meet your setup.
4. restart engine.
5. send me engine.log

Regards,
Alon

[1] http://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.git;=
a=3Dblob;f=3DREADME;hb=3DHEAD

--===============3430979917040742126==--

From donny at cloudspin.me Tue Dec 16 09:57:25 2014
Content-Type: multipart/mixed; boundary="===============4642408587175430931=="
MIME-Version: 1.0
From: Donny Davis <donny at cloudspin.me>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 07:57:16 -0700
Message-ID: <008801d01940$9682f2f0$c388d8d0$@cloudspin.me>
In-Reply-To: 2122296518.9480169.1418719754194.JavaMail.zimbra@redhat.com

--===============4642408587175430931==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Check out my write-up on AAA, =

I tried my best to break it down, and make it simple

https://cloudspin.me/ovirt-simple-ldap-aaa/

-----Original Message-----
From: users-bounces(a)ovirt.org [mailto:users-bounces(a)ovirt.org] On Behal=
f Of
Alon Bar-Lev
Sent: Tuesday, December 16, 2014 1:49 AM
To: Fedele Stabile
Cc: users(a)ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5



----- Original Message -----
> From: "Fedele Stabile" <fedele.stabile(a)fis.unical.it>
> To: users(a)ovirt.org
> Sent: Monday, December 15, 2014 8:05:28 PM
> Subject: [ovirt-users] Creating new users on oVirt 3.5
> =

> Hello,
> I have to create some users on my oVirt 3.5 infrastructure.
> On FridayI  was following istructions on =

> http://www.ovirt.org/LDAP_Quick_Start
> LDAP Quick Start
> so I correctly created a OpenLDAP server and a Kerberos service, but =

> this morning I read that the instructions are obsolete...
> Now I'm trying to understand how to implement the new mechanism... but =

> I'm in troubles:
> 1) run yum install ovirt-engine-extension-aaa-ldap
> 2) copied files in /etc/ovirt-engine/extensions.d and modified the =

> name in fis.unical.it-auth(n/z).properties
> 3) copied files in /etc/ovirt-engine/aaa but now I can't do anything
> =

> Can you help me with newbye instructions to install the aaa-extensions?
> Thank you very much
> Fedele Stabile

Hello,

Have you read[1]?
We of course need help in improving documentation :) Can you please send
engine.log when starting up engine so I can see if there are any issues?
Please make sure that at /etc/ovirt-engine/extensions.d you set the
config.profile.file.1 to absolute file, /etc/ovirt-enigne/aaa/ as we wait
for 3.5.1 to support relative names.

The simplest sequence is:

1. copy recursive /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple
to /etc/ovirt-engine 2. edit /etc/ovirt-engine/extension.d/* replace ../aaa
to /etc/ovirt-engine/aaa this is pending 3.5.1.
3. edit /etc/ovirt-engine/aaa/ldap1.properties and set vars.server,
vars.user, vars.password to meet your setup.
4. restart engine.
5. send me engine.log

Regards,
Alon

[1]
http://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.git;a=3D=
blob;
f=3DREADME;hb=3DHEAD
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--===============4642408587175430931==--

From alonbl at redhat.com Tue Dec 16 12:12:42 2014
Content-Type: multipart/mixed; boundary="===============3052444505356979897=="
MIME-Version: 1.0
From: Alon Bar-Lev <alonbl at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 12:12:32 -0500
Message-ID: <1395821841.9787067.1418749952662.JavaMail.zimbra@redhat.com>
In-Reply-To: 008801d01940$9682f2f0$c388d8d0$@cloudspin.me

--===============3052444505356979897==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable



----- Original Message -----
> From: "Donny Davis" <donny(a)cloudspin.me>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>, "Fedele Stabile" <fedele.stabil=
e(a)fis.unical.it>
> Cc: users(a)ovirt.org
> Sent: Tuesday, December 16, 2014 4:57:16 PM
> Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
> =

> Check out my write-up on AAA,
> I tried my best to break it down, and make it simple
> =

> https://cloudspin.me/ovirt-simple-ldap-aaa/

Thanks for helpful documentation!

> Once again, don=E2=80=99t get hung up on the file names, they really only=
 mean something to you. Maybe someone that knows more than me can shed some=
 light on this??

Indeed the file names are not important as long as the extension is .proper=
ties the files will be read.

> Important to note, that if you use an IP Address here you may have TLS pr=
oblems, and once again I am no pro, but I had problems trying to get TLS an=
d IP addresses to play nice

Indeed, the certificate should contain ip address in subject or subject alt=
ernate name in order to ip to be usable in tls, this is not specific to thi=
s implementation.

> nano ca.pem =E2=80=93 This is done on your engine, and you paste the abov=
e output into this file

not sure why you cannot just use ca.pem as-is when using keytool.

Regards,
Alon Bar-Lev.

--===============3052444505356979897==--

From donny at cloudspin.me Tue Dec 16 12:20:00 2014
Content-Type: multipart/mixed; boundary="===============0248149625430054685=="
MIME-Version: 1.0
From: Donny Davis <donny at cloudspin.me>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 10:19:53 -0700
Message-ID: <008f01d01954$8349bf20$89dd3d60$@cloudspin.me>
In-Reply-To: 1395821841.9787067.1418749952662.JavaMail.zimbra@redhat.com

--===============0248149625430054685==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

For the ca.pem, I had to import it from my ldap server, and this was my met=
hod of getting it to the engine. =

I use nano to create the file. there is probably a better way, but this was=
 for my enviroment. =


-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl(a)redhat.com] =

Sent: Tuesday, December 16, 2014 10:13 AM
To: Donny Davis
Cc: Fedele Stabile; users(a)ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5



----- Original Message -----
> From: "Donny Davis" <donny(a)cloudspin.me>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>, "Fedele Stabile" <fedele.stabil=
e(a)fis.unical.it>
> Cc: users(a)ovirt.org
> Sent: Tuesday, December 16, 2014 4:57:16 PM
> Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
> =

> Check out my write-up on AAA,
> I tried my best to break it down, and make it simple
> =

> https://cloudspin.me/ovirt-simple-ldap-aaa/

Thanks for helpful documentation!

> Once again, don=E2=80=99t get hung up on the file names, they really only=
 mean something to you. Maybe someone that knows more than me can shed some=
 light on this??

Indeed the file names are not important as long as the extension is .proper=
ties the files will be read.

> Important to note, that if you use an IP Address here you may have TLS pr=
oblems, and once again I am no pro, but I had problems trying to get TLS an=
d IP addresses to play nice

Indeed, the certificate should contain ip address in subject or subject alt=
ernate name in order to ip to be usable in tls, this is not specific to thi=
s implementation.

> nano ca.pem =E2=80=93 This is done on your engine, and you paste the abov=
e output into this file

not sure why you cannot just use ca.pem as-is when using keytool.

Regards,
Alon Bar-Lev.


--===============0248149625430054685==--

From alonbl at redhat.com Tue Dec 16 13:20:26 2014
Content-Type: multipart/mixed; boundary="===============5570865256867311977=="
MIME-Version: 1.0
From: Alon Bar-Lev <alonbl at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
Date: Tue, 16 Dec 2014 13:20:20 -0500
Message-ID: <2040846072.9813037.1418754020799.JavaMail.zimbra@redhat.com>
In-Reply-To: 008f01d01954$8349bf20$89dd3d60$@cloudspin.me

--===============5570865256867311977==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable



----- Original Message -----
> From: "Donny Davis" <donny(a)cloudspin.me>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: "Fedele Stabile" <fedele.stabile(a)fis.unical.it>, users(a)ovirt.org
> Sent: Tuesday, December 16, 2014 7:19:53 PM
> Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
> =

> For the ca.pem, I had to import it from my ldap server, and this was my
> method of getting it to the engine.
> I use nano to create the file. there is probably a better way, but this w=
as
> for my enviroment.

ok, no problem. usually ssh is better :)

> =

> -----Original Message-----
> From: Alon Bar-Lev [mailto:alonbl(a)redhat.com]
> Sent: Tuesday, December 16, 2014 10:13 AM
> To: Donny Davis
> Cc: Fedele Stabile; users(a)ovirt.org
> Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
> =

> =

> =

> ----- Original Message -----
> > From: "Donny Davis" <donny(a)cloudspin.me>
> > To: "Alon Bar-Lev" <alonbl(a)redhat.com>, "Fedele Stabile"
> > <fedele.stabile(a)fis.unical.it>
> > Cc: users(a)ovirt.org
> > Sent: Tuesday, December 16, 2014 4:57:16 PM
> > Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
> > =

> > Check out my write-up on AAA,
> > I tried my best to break it down, and make it simple
> > =

> > https://cloudspin.me/ovirt-simple-ldap-aaa/
> =

> Thanks for helpful documentation!
> =

> > Once again, don=E2=80=99t get hung up on the file names, they really on=
ly mean
> > something to you. Maybe someone that knows more than me can shed some
> > light on this??
> =

> Indeed the file names are not important as long as the extension is
> .properties the files will be read.
> =

> > Important to note, that if you use an IP Address here you may have TLS
> > problems, and once again I am no pro, but I had problems trying to get =
TLS
> > and IP addresses to play nice
> =

> Indeed, the certificate should contain ip address in subject or subject
> alternate name in order to ip to be usable in tls, this is not specific to
> this implementation.
> =

> > nano ca.pem =E2=80=93 This is done on your engine, and you paste the ab=
ove output
> > into this file
> =

> not sure why you cannot just use ca.pem as-is when using keytool.
> =

> Regards,
> Alon Bar-Lev.
> =

>=20

--===============5570865256867311977==--