Hi, Martin, you wrote:
> there is no reason to have different authz providers for both authn
> providers, because authz part is the same for both kerberos and LDAP.
> Just edit for example kerberos authn configuration file in
> /etc/ovirt-engine/extension.d/ and change
> 'ovirt.engine.aaa.authn.authz.plugin' option to the name of your LDAP
> authz provider.
> When done please restart ovirt-engine to apply changes.
Thank you for the above succinct and clear explanation.
I changed the configuration accordingly and can confirm that
it resolved the issue. When I log in via a Kerberos Ticket
Granting Ticket and interactively via the LDAP-backed oVirt login
web form, I am mapped to a single authentication domain.
Best wishes,
Lloyd