[ovirt-users] Can not configure with simple LDAP.

Alon Bar-Lev alonbl at redhat.com
Sun Sep 21 07:19:11 UTC 2014


Hi,

You need to create authz extension as well (authz-company).
The configuration you provided is establishing authentication only (authn) which refer to authz-company but you did not add it.

The terms are:
1. authn - who the user is.
2. authz - what user is permitted.
3. profile - combination of the two.

-----------------------------
# vi /etc/ovirt-engine/extensions.d/authz-company.properties
ovirt.engine.extension.name = authz-company
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
--------------------------------------------------

Regards,
Alon



More information about the Users mailing list