6:16 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Sunday, September 21, 2014 6:00:48 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
Following Alon's advice, I added authz-company.properties file to the
configuration directory.
Then OpenLDAP users can searched from oVirt Web admin. and I could add it's
users
to the portal successfully.
But I have another problem.
These OpenLDAP users that I added can not login to ovirt web user portal.
User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
"First
Name")
Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
Domain: rxc05271.com (I selected instead of "internal")
?
1. What error do you get at ui?
2. Please look at engine.log while attempting to login, if you see something helpful.
3. Please make sure that the following is a success:
$ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
uid=<LOGIN_NAME>
4. If working please modify
/usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
---
<file-handler name="ENGINE" autoflush="true">
- <level name="INFO"/>
- <level name="FINEST"/>
<snip>
+ <logger category="org.ovirt.engineextensions.aaa.ldap">
+ <level name="FINEST"/>
+ </logger>
<logger category="org.ovirt.engine.core.bll">
---
Restart engine, attempt login, send me the output.
Please advice me, it's so thanksfull.
Fumihide Tani
(2014/09/21 17:13), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Sunday, September 21, 2014 11:11:11 AM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi, Alon
>>
>> Very thanks for your help.
>> My problem was solved and the AAA is working now.
>> I could add LDAP user. :)
> Great.
> Can you please send me a patch or modified README to make it better?
>
> Alon
>
>> Fumihide Tani
>>
>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Hi,
>>>>
>>>> You need to create authz extension as well (authz-company).
>>>> The configuration you provided is establishing authentication only
>>>> (authn)
>>>> which refer to authz-company but you did not add it.
>>>>
>>>> The terms are:
>>>> 1. authn - who the user is.
>>>> 2. authz - what user is permitted.
>>>> 3. profile - combination of the two.
>>>>
>>>> -----------------------------
>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>> ovirt.engine.extension.name = authz-company
>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>> org.ovirt.engine-extensions.aaa.ldap
>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>> Sorry:
>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>> ovirt.engine.extension.provides =
>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>>>> --------------------------------------------------
>>>>
>>>> Regards,
>>>> Alon
>>
>>
>