1 May
2017
1 May
'17
3:50 p.m.
Hi, Martin, you wrote:
there is no reason to have different authz providers for both authn providers, because authz part is the same for both kerberos and LDAP. Just edit for example kerberos authn configuration file in /etc/ovirt-engine/extension.d/ and change 'ovirt.engine.aaa.authn.authz.plugin' option to the name of your LDAP authz provider. When done please restart ovirt-engine to apply changes.
Thank you for the above succinct and clear explanation. I changed the configuration accordingly and can confirm that it resolved the issue. When I log in via a Kerberos Ticket Granting Ticket and interactively via the LDAP-backed oVirt login web form, I am mapped to a single authentication domain. Best wishes, Lloyd