If you followed an older guide, what you've probably done is setup the deprecated aaa plugin. New installations use keycloak by default, which has it's own setup method for integrating an LDAP authentication source. It is possible to use the older plugin system, but it won't be supported moving forward and is liable to be removed entirely. I can't recommend it's use. There is a link to a guide on configuring keycloak integration on the mailing list: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UMG3BB5I4T5AGP... That being said, it's probably possible to enable the deprecated interface on a new installation, but I'm not sure how to do it. You might get an idea or two from the link above however. (The external keycloak guide.) As for the other interfaces, there was a comment a while ago about how email addresses can wind up looking weird with keycloak integration. Specifically, if a user's email address is used ( bob@example.com ) it can require having the auth source appended ( bob@example.com@example- authz ) during login for it to work. You might want to give that a try first. -Patrick Hibbs On Fri, 2022-08-19 at 05:34 +0000, Dave Lennox wrote:
trying to validate the login against the Internal profile so I assume it isn't able to try multiple authentication sources?