Hi Stack,

if I understand correctly your custom SSL certificates are working correctly and you are able to login to webadmin using admin@internal, right?

If the problem is, that your aaa-ldap profile is not visible in the login dialog, then there is some issue with aaa-ldap configuration. You have mentioned that you used ovirt-engine-extension-aaa-ldap-setup tool to create you aaa-ldap profile, have you executed login and search operation at the end of setup tool? If so, were they successful?

Anyway right you can use following command to debug your aaa extensions setup:

# ovirt-engine-extensions-tool info list-extensions

Using above command, could you see authn and authz instance of your aaa-ldap profile?

If so, please try below tests:

1. Checking is user search is working:

# ovirt-engine-extensions-tool aaa search --extension-name=<YOUR PROFILE AUTHZ NAME> --entity-name=<VALID LDAP USERNAME>

2. Checking if login is working

# ovirt-engine-extensions-tool aaa login-user --profile=<YOUR PROFILE NAME> --user-name=<VALID LDAP USERNAME>

You can find more informations in:

https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html

https://www.ovirt.org/develop/release-management/features/infra/extension-tester-tool.html

Regards,

Martin

On Fri, May 29, 2020 at 9:32 AM Strahil Nikolov via Users <users@ovirt.org> wrote:

You mentioned that your certificates were different. Did you try converting them to the type used in the example ?

Best Regards,
Strahil Nikolov

На 29 май 2020 г. 1:29:51 GMT+03:00, Stack Korora <stackkorora@disroot.org> написа:
>On 2020-05-28 16:07, Strahil Nikolov wrote:
>> Can you check
>https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html
> just in case you missed a step ?
>>
>> Best Regards,
>> Strahil Nikolov
>
>Greetings,
>
>Thanks for replying.
>
>I was going to argue a bit since the way my certs come are in different
>formats so my commands are a bit different then the directions. But I
>went through step by step. Got to the end, and the internal
>authentication was working with the right SSL cert! My LDAP
>authentication was missing though...it looks correct.
>
>So I redid all the steps for adding LDAP. At the end of the
>ovirt-engine-extension-aaa-ldap-setup script, I can test accounts and
>search so I know that is correct. My cert is in the right .jks file.
>Still nothing I do shows anything but internal.
>
>So I scrapped the changes and started over. Round three on a fresh
>reboot (just in case I missed a service) with the SSL certs and
>configuring LDAP. SSL works, internal works, ldap doesn't show up as a
>drop-down option for the profile.
>
>Grr...Reboot just in case I missed a service again...nope. SSL and
>internal work, ldap still not shown in the profile. Tried a different
>browser, same thing. Double Grr...
>
>Any suggestions on where I might be going wrong?
>
>Thanks!
>
>
>
>_______________________________________________
>Users mailing list -- users@ovirt.org
>To unsubscribe send an email to users-leave@ovirt.org
>Privacy Statement: https://www.ovirt.org/privacy-policy.html
>oVirt Code of Conduct:
>https://www.ovirt.org/community/about/community-guidelines/
>List Archives:
>https://lists.ovirt.org/archives/list/users@ovirt.org/message/A4BKWITWPNPYYVLDVRN4XOSDTN4LPNB3/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5ANRX472AJLRXMZBEDPF2QH5UG23GWQP/

Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.