[ovirt-users] Can not configure with simple LDAP.

Alon Bar-Lev alonbl at redhat.com
Sun Sep 21 15:16:50 UTC 2014



----- Original Message -----
> From: "Fumihide Tani" <RXC05271 at nifty.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Sunday, September 21, 2014 6:00:48 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> 
> Hi, Alon,
> 
> Following Alon's advice, I added authz-company.properties file to the
> configuration directory.
> Then OpenLDAP users can searched from oVirt Web admin. and I could add it's
> users
> to the portal successfully.
> 
> But I have another problem.
> These OpenLDAP users that I added can not login to ovirt web user portal.
> 
> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as "First
> Name")
> Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
> Domain: rxc05271.com (I selected instead of "internal")
> 
> ?

1. What error do you get at ui?

2. Please look at engine.log while attempting to login, if you see something helpful.

3. Please make sure that the following is a success:
$ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN> uid=<LOGIN_NAME>

4. If working please modify /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
---
       <file-handler name="ENGINE" autoflush="true">
-        <level name="INFO"/>
-        <level name="FINEST"/>
<snip>
+       <logger category="org.ovirt.engineextensions.aaa.ldap">
+        <level name="FINEST"/>
+       </logger>
        <logger category="org.ovirt.engine.core.bll">
---
Restart engine, attempt login, send me the output.

> 
> Please advice me, it's so thanksfull.
> 
> Fumihide Tani
> 
> 
> (2014/09/21 17:13), Alon Bar-Lev wrote:
> >
> > ----- Original Message -----
> >> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Sunday, September 21, 2014 11:11:11 AM
> >> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>
> >> Hi, Alon
> >>
> >> Very thanks for your help.
> >> My problem was solved and the AAA is working now.
> >> I could add LDAP user. :)
> > Great.
> > Can you please send me a patch or modified README to make it better?
> >
> > Alon
> >
> >> Fumihide Tani
> >>
> >> (2014/09/21 16:19), Alon Bar-Lev wrote:
> >>> ----- Original Message -----
> >>>> From: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>> To: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>> Cc: users at ovirt.org
> >>>> Sent: Sunday, September 21, 2014 10:19:11 AM
> >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>
> >>>> Hi,
> >>>>
> >>>> You need to create authz extension as well (authz-company).
> >>>> The configuration you provided is establishing authentication only
> >>>> (authn)
> >>>> which refer to authz-company but you did not add it.
> >>>>
> >>>> The terms are:
> >>>> 1. authn - who the user is.
> >>>> 2. authz - what user is permitted.
> >>>> 3. profile - combination of the two.
> >>>>
> >>>> -----------------------------
> >>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
> >>>> ovirt.engine.extension.name = authz-company
> >>>> ovirt.engine.extension.bindings.method = jbossmodule
> >>>> ovirt.engine.extension.binding.jbossmodule.module =
> >>>> org.ovirt.engine-extensions.aaa.ldap
> >>>> ovirt.engine.extension.binding.jbossmodule.class =
> >>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> >>> Sorry:
> >>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> >>>> ovirt.engine.extension.provides =
> >>>> org.ovirt.engine.api.extensions.aaa.Authz
> >>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
> >>>> --------------------------------------------------
> >>>>
> >>>> Regards,
> >>>> Alon
> >>
> >>
> >
> 
> 
> 



More information about the Users mailing list