Re: [ovirt-users] Can not configure with simple LDAP.

----- Original Message ----- > From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; > To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > Cc: users(a)ovirt.org > Sent: Sunday, September 21, 2014 11:11:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, Alon > > Very thanks for your help. > My problem was solved and the AAA is working now. > I could add LDAP user. :) Great. Can you please send me a patch or modified README to make it better? Alon > Fumihide Tani > > (2014/09/21 16:19), Alon Bar-Lev wrote: >> ----- Original Message ----- >>> From: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>> To: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>> Cc: users(a)ovirt.org >>> Sent: Sunday, September 21, 2014 10:19:11 AM >>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>> >>> Hi, >>> >>> You need to create authz extension as well (authz-company). >>> The configuration you provided is establishing authentication only (authn) >>> which refer to authz-company but you did not add it. >>> >>> The terms are: >>> 1. authn - who the user is. >>> 2. authz - what user is permitted. >>> 3. profile - combination of the two. >>> >>> ----------------------------- >>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties >>> ovirt.engine.extension.name = authz-company >>> ovirt.engine.extension.bindings.method = jbossmodule >>> ovirt.engine.extension.binding.jbossmodule.module = >>> org.ovirt.engine-extensions.aaa.ldap >>> ovirt.engine.extension.binding.jbossmodule.class = >>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension >> Sorry: >> org.ovirt.engineextensions.aaa.ldap.AuthzExtension >>> ovirt.engine.extension.provides = >>> org.ovirt.engine.api.extensions.aaa.Authz >>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties >>> -------------------------------------------------- >>> >>> Regards, >>> Alon > >