Hey Alan;
I think the missing piece might be a directory server of some kind (Active Directory, IPA, RHDS, and I think TivoliDS are the ones that work). You have to link oVirt engine up with your directory server, and add users to the directory server first before you can search and add them in oVirt.
Yep, that's what I'm missing. Thanks!
You link your oVirt engine to a directory server with the engine-manage-domains tool from the command line on your engine server.
Is there a GUI in the works for this? Not a big deal if not, and now that I know what to look for, it is clearly covered in the Administration Guide. It would be good to mention the directory service in 12.1.8.1. Adding Users. I searched for add user and was apparently too burnt out to step back far enough to see the answer way off in another part of that chapter. Could some one point me to the appropriate place to put in that suggestion?
The command you'll use is something like:
engine-manage-domains -action=add -domain=example.com -user=admin -provider=IPA -interactive
That adds a domain called example.com, using user admin with ldap server type IPA and prompts you for a password.
Hope that helps.
That's a huge help! Thanks! Our global IT has been talking about setting up a single sign-on system, but not much progress has been made yet. Any thoughts on which of these options would be easiest to setup in the short term? Even better, what would be the best/easiest way to authenticate off of Google Apps? I'll do some searching on that, but if some one knows that they support one of the protocols directly, or some way to wrap GA with one of the supported protocols, that would be greatly appreciated.
We have an LDAP server that syncs to Google Apps, but it does not store password data.