On Wed, Dec 10, 2014 at 5:43 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
I suggest to install the new provider which does not require kerberos and much easier to customize / problem determination.
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
From what I read in your link it seems far from intuitive from an oVirt
admin point of view who probably doesn't know ldap/IPA so in depth... authn and authz concepts overlap with related files and I have not understood how many files I have to add and if @AUTHZ_NAME@ and @AUTHN_NAME@ are the same string for a fixed IPA server or not... also reading http://www.ovirt.org/Features/AAA doesn't clarify at least based my knowledge of ladap in general and IPA in particular (that is not so much...) Previsously I "only" had to run engine-manage-domains add --domain=localdomain.local --provider=ipa --user=admin and my configured IPA 3.0 worked without any problem... Can you detail what would be the structure of files under /etc/ovirt-engine/extensions.d/ ? Or anyone already configured with IPA and has a working example of files? Gianluca