[ovirt-users] Info on changing IPA server hostname in oVirt
Alon Bar-Lev
alonbl at redhat.com
Wed Dec 10 17:36:25 UTC 2014
----- Original Message -----
> From: "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "Ondra Machacek" <omachace at redhat.com>, "users" <users at ovirt.org>
> Sent: Wednesday, December 10, 2014 7:29:58 PM
> Subject: Re: [ovirt-users] Info on changing IPA server hostname in oVirt
>
> On Wed, Dec 10, 2014 at 5:43 PM, Alon Bar-Lev <alonbl at redhat.com> wrote:
>
> >
> > I suggest to install the new provider which does not require kerberos and
> > much easier to customize / problem determination.
> >
> >
> > http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
> >
> >
> >
> From what I read in your link it seems far from intuitive from an oVirt
> admin point of view who probably doesn't know ldap/IPA so in depth... authn
> and authz concepts overlap with related files and I have not understood how
> many files I have to add and if @AUTHZ_NAME@ and @AUTHN_NAME@ are the same
> string for a fixed IPA server or not...
> also reading
> http://www.ovirt.org/Features/AAA
> doesn't clarify at least based my knowledge of ladap in general and IPA in
> particular (that is not so much...)
We may provide a wrapper tool in future, for now we focused about making it work as there were too many issues within the existing implementation. Configuration is one time while problems are within the runtime.
>
> Previsously I "only" had to run
> engine-manage-domains add --domain=localdomain.local --provider=ipa
> --user=admin
>
> and my configured IPA 3.0 worked without any problem...
>
> Can you detail what would be the structure of files
> under /etc/ovirt-engine/extensions.d/ ?
> Or anyone already configured with IPA and has a working example of files?
it should be even simpler... :)
1. copy recursive /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple to /etc/ovirt-engine
2. edit /etc/ovirt-engine/aaa/ldap1.properties, set vars.server, vars.user, vars.password to meet your setup, uncomment ipa on top and comment out the openldap.
3. until 3.5.1 you should also edit /etc/ovirt-engine/extensions.d/*.properties and replace ../aaa with /etc/ovirt-engine/aaa
Alon
More information about the Users
mailing list