Re: [ovirt-users] Info on changing IPA server hostname in oVirt

From: "Gianluca Cecchi" <gianluca.cecchi(a)gmail.com&gt; To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; Cc: "Ondra Machacek" <omachace(a)redhat.com&gt;, "users" <users(a)ovirt.org&gt; Sent: Wednesday, December 10, 2014 7:29:58 PM Subject: Re: [ovirt-users] Info on changing IPA server hostname in oVirt On Wed, Dec 10, 2014 at 5:43 PM, Alon Bar-Lev <alonbl(a)redhat.com&gt; wrote: > > I suggest to install the new provider which does not require kerberos and > much easier to customize / problem determination. > > > http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=bl... > > > From what I read in your link it seems far from intuitive from an oVirt admin point of view who probably doesn't know ldap/IPA so in depth... authn and authz concepts overlap with related files and I have not understood how many files I have to add and if @AUTHZ_NAME@ and @AUTHN_NAME@ are the same string for a fixed IPA server or not... also reading http://www.ovirt.org/Features/AAA doesn't clarify at least based my knowledge of ladap in general and IPA in particular (that is not so much...)

Previsously I "only" had to run engine-manage-domains add --domain=localdomain.local --provider=ipa --user=admin and my configured IPA 3.0 worked without any problem... Can you detail what would be the structure of files under /etc/ovirt-engine/extensions.d/ ? Or anyone already configured with IPA and has a working example of files?