Le samedi 06 avril 2024 à 11:34 +0000, luc.lalonde@polymtl.ca<mailto:luc.lalonde@polymtl.ca> a écrit : People must not be using Keycloak (Redhat SSO). Anyone have experience integrating LDAP users in Ovirt? sure, please install the ovirt-engine-extension-aaa-ldap-setup-1.4.6-1.el9.noarch and execute ovirt-engine-extension-aaa-ldap-setup. If you already used to authenticate with aaa on el8 engine, you can simply rsync these directories to the new el9 engine: rsync -av /etc/ovirt-engine/extensions.d/<profile>-auth* new_engine_fqdn:/etc/ovirt-engine/extensions.d/ rsync -av /etc/ovirt-engine/aaa/<profile>.properties new_engine_fqdn:/etc/ovirt-engine/aaa/ The documentation on the Ovirt site is very scant on the subject. For the moment I'm only able to use admin@ovirt<mailto:admin@ovirt>. _______________________________________________ Users mailing list -- users@ovirt.org<mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org<mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RBS664Q6VQB... -- Nathanaël Blanchet Administrateur Systèmes et Réseaux Service Informatique et REseau (SIRE) Département des systèmes d'information 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet(a)abes.fr

While I haven't configured it myself (someone else in my Team did the integration and we are using another Keycloak instance, not LDAP) and therefore don't know all details, I think you should be able to configure another IdP in the Keycloak administration interface (https://<OVIRT_ENGINE>/ovirt-engine-auth/admin). LDAP should be available under "User Federation". On 06.04.24 14:23, luc.lalonde(a)polymtl.ca wrote: > Unfortunately, I chose the 'Keycloak' option during the setup instead. So using using ovirt-engine-extension-aaa-ldap-setup is not an option. > > In the documentation, they say that 'ovirt-engine-extension-aaa-ldap-setup' is being deprecated... I regret not using it anyway. Documentation is missing on how to configure Keycloak (RedHat SSO). > > Thank You. > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5XU43ZJ3Y2F...

Unfortunately, Keycloak is not fully integrated into oVirt, other than the main authentication will not work. Scripts from the ovirt-sdk4, virt-v2v commands, API access, and others still rely on the AAA authentication mechanism. Marcos -----Original Message----- From: luc.lalonde(a)polymtl.ca <luc.lalonde(a)polymtl.ca&gt; Sent: Saturday, April 6, 2024 9:23 AM To: users(a)ovirt.org Subject: [External] : [ovirt-users] Re: Keycloak SSO integration Unfortunately, I chose the 'Keycloak' option during the setup instead. So using using ovirt-engine-extension-aaa-ldap-setup is not an option. In the documentation, they say that 'ovirt-engine-extension-aaa-ldap-setup' is being deprecated... I regret not using it anyway. Documentation is missing on how to configure Keycloak (RedHat SSO). Thank You. _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://urldefense.com/v3/__https://www.ovirt.org/privacy-policy.html__;!... oVirt Code of Conduct: https://urldefense.com/v3/__https://www.ovirt.org/community/about/communi... List Archives: https://urldefense.com/v3/__https://lists.ovirt.org/archives/list/users@o...