----- Original Message -----
From: "Donny Davis" <donny(a)cloudspin.me>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: "Fedele Stabile" <fedele.stabile(a)fis.unical.it>, users(a)ovirt.org
Sent: Tuesday, December 16, 2014 7:19:53 PM
Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
For the ca.pem, I had to import it from my ldap server, and this was my
method of getting it to the engine.
I use nano to create the file. there is probably a better way, but this was
for my enviroment.
ok, no problem. usually ssh is better :)
-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl@redhat.com]
Sent: Tuesday, December 16, 2014 10:13 AM
To: Donny Davis
Cc: Fedele Stabile; users(a)ovirt.org
Subject: Re: [ovirt-users] Creating new users on oVirt 3.5
----- Original Message -----
> From: "Donny Davis" <donny(a)cloudspin.me>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>, "Fedele Stabile"
> <fedele.stabile(a)fis.unical.it>
> Cc: users(a)ovirt.org
> Sent: Tuesday, December 16, 2014 4:57:16 PM
> Subject: RE: [ovirt-users] Creating new users on oVirt 3.5
>
> Check out my write-up on AAA,
> I tried my best to break it down, and make it simple
>
>
https://cloudspin.me/ovirt-simple-ldap-aaa/
Thanks for helpful documentation!
> Once again, don’t get hung up on the file names, they really only mean
> something to you. Maybe someone that knows more than me can shed some
> light on this??
Indeed the file names are not important as long as the extension is
.properties the files will be read.
> Important to note, that if you use an IP Address here you may have TLS
> problems, and once again I am no pro, but I had problems trying to get TLS
> and IP addresses to play nice
Indeed, the certificate should contain ip address in subject or subject
alternate name in order to ip to be usable in tls, this is not specific to
this implementation.
> nano ca.pem – This is done on your engine, and you paste the above output
> into this file
not sure why you cannot just use ca.pem as-is when using keytool.
Regards,
Alon Bar-Lev.