Hi, could you please restart ovirt-engine service and share server.log and engine.log from /var/log/ovirt-engine ? Thanks, Martin On Fri, May 29, 2020 at 4:36 PM Stack Korora <stackkorora@disroot.org> wrote:
On 2020-05-29 08:08, Martin Perina wrote:
Hi Stack,
if I understand correctly your custom SSL certificates are working correctly and you are able to login to webadmin using admin@internal, right?
Correct.
If the problem is, that your aaa-ldap profile is not visible in the login dialog, then there is some issue with aaa-ldap configuration. You have mentioned that you used ovirt-engine-extension-aaa-ldap-setup tool to create you aaa-ldap profile, have you executed login and search operation at the end of setup tool? If so, were they successful?
I did and yes they were.
Anyway right you can use following command to debug your aaa extensions setup:
# ovirt-engine-extensions-tool info list-extensions
Using above command, could you see authn and authz instance of your aaa-ldap profile?
I do see both authz and authn.
If so, please try below tests:
1. Checking is user search is working:
# ovirt-engine-extensions-tool aaa search --extension-name=<YOUR PROFILE AUTHZ NAME> --entity-name=<VALID LDAP USERNAME>
It does work and it returns valid information.
2. Checking if login is working
# ovirt-engine-extensions-tool aaa login-user --profile=<YOUR PROFILE NAME> --user-name=<VALID LDAP USERNAME>
A result=SUCCESS on that too! However, I still don't see a second profile option on the web login.
Thanks for responding and giving me some help!
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.