----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "users" <users@ovirt.org> Sent: Wednesday, December 10, 2014 7:29:58 PM Subject: Re: [ovirt-users] Info on changing IPA server hostname in oVirt
On Wed, Dec 10, 2014 at 5:43 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
I suggest to install the new provider which does not require kerberos and much easier to customize / problem determination.
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
From what I read in your link it seems far from intuitive from an oVirt admin point of view who probably doesn't know ldap/IPA so in depth... authn and authz concepts overlap with related files and I have not understood how many files I have to add and if @AUTHZ_NAME@ and @AUTHN_NAME@ are the same string for a fixed IPA server or not... also reading http://www.ovirt.org/Features/AAA doesn't clarify at least based my knowledge of ladap in general and IPA in particular (that is not so much...)
We may provide a wrapper tool in future, for now we focused about making it work as there were too many issues within the existing implementation. Configuration is one time while problems are within the runtime.
Previsously I "only" had to run engine-manage-domains add --domain=localdomain.local --provider=ipa --user=admin
and my configured IPA 3.0 worked without any problem...
Can you detail what would be the structure of files under /etc/ovirt-engine/extensions.d/ ? Or anyone already configured with IPA and has a working example of files?
it should be even simpler... :) 1. copy recursive /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple to /etc/ovirt-engine 2. edit /etc/ovirt-engine/aaa/ldap1.properties, set vars.server, vars.user, vars.password to meet your setup, uncomment ipa on top and comment out the openldap. 3. until 3.5.1 you should also edit /etc/ovirt-engine/extensions.d/*.properties and replace ../aaa with /etc/ovirt-engine/aaa Alon