On Wed, Dec 10, 2014 at 5:43 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:

I suggest to install the new provider which does not require kerberos and much easier to customize / problem determination.

http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD

From what I read in your link it seems far from intuitive from an oVirt admin point of view who probably doesn't know ldap/IPA so in depth... authn and authz concepts overlap with related files and I have not understood how many files I have to add and if @AUTHZ_NAME@ and @AUTHN_NAME@ are the same string for a fixed IPA server or not...

also reading

http://www.ovirt.org/Features/AAA

doesn't clarify at least based my knowledge of ladap in general and IPA in particular (that is not so much...)

Previsously I "only" had to run

engine-manage-domains add --domain=localdomain.local --provider=ipa --user=admin

and my configured IPA 3.0 worked without any problem...

Can you detail what would be the structure of files under /etc/ovirt-engine/extensions.d/ ?

Or anyone already configured with IPA and has a working example of files?

Gianluca