Re: [ovirt-users] Can not configure with simple LDAP.

----- Original Message ----- > From: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > To: "Fumihide Tani" <RXC05271(a)nifty.com&gt; > Cc: users(a)ovirt.org > Sent: Sunday, September 21, 2014 10:19:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, > > You need to create authz extension as well (authz-company). > The configuration you provided is establishing authentication only (authn) > which refer to authz-company but you did not add it. > > The terms are: > 1. authn - who the user is. > 2. authz - what user is permitted. > 3. profile - combination of the two. > > ----------------------------- > # vi /etc/ovirt-engine/extensions.d/authz-company.properties > ovirt.engine.extension.name = authz-company > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension Sorry: org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties > -------------------------------------------------- > > Regards, > Alon