[ovirt-users] LDAP Authentication

Alon Bar-Lev alonbl at redhat.com
Tue Sep 22 14:50:39 UTC 2015


looks ok, now restart engine and see if you have any error at /var/log/ovirt-engine/engine.log

----- Original Message -----
> From: "Budur Nagaraju" <nbudoor at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Tuesday, September 22, 2015 5:45:42 PM
> Subject: Re: [ovirt-users] LDAP Authentication
> 
> below are the three files which I have modified.
> 
> 
> [root at cstlb2 extensions.d]# cat profile1-authn.properties
> ovirt.engine.extension.name = cloudspin-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name = cloudspin
> ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth
> config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties
> 
> 
> [root at cstlb2 extensions.d]# ls
> profile1-authn.properties  profile1-authz.properties
> [root at cstlb2 extensions.d]# cat profile1-authz.properties
> ovirt.engine.extension.name = cloudspin-authz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties
> [root at cstlb2 extensions.d]#
> 
> 
> 
> [root at cstlb2 aaa]# pwd
> /etc/ovirt-engine/aaa
> [root at cstlb2 aaa]# ls
> ldap1.properties
> [root at cstlb2 aaa]# cat ldap1.properties
> #
> # Select one
> #
> include = <openldap.properties>
> #include = <389ds.properties>
> #include = <rhds.properties>
> #include = <ipa.properties>
> #include = <iplanet.properties>
> #include = <rfc2307.properties>
> #include = <rfc2307-openldap.properties>
> 
> #
> # Server
> #
> vars.server = my.abc.net
> 
> #
> # Search user and its password.
> #
> vars.user =
> uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net
> vars.password = company
> 
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
> 
> # Create keystore, import certificate chain and uncomment
> # if using ssl/tls.
> #pool.default.ssl.startTLS = true
> #pool.default.ssl.truststore.file =
> ${local:_basedir}/${global:vars.server}.jks
> #pool.default.ssl.truststore.password = changeit
> [root at cstlb2 aaa]#
> 
> 
> 
> 
> 
> 
> On Tue, Sep 22, 2015 at 8:07 PM, Alon Bar-Lev <alonbl at redhat.com> wrote:
> 
> >
> >
> > ----- Original Message -----
> > > From: "Budur Nagaraju" <nbudoor at gmail.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: users at ovirt.org
> > > Sent: Tuesday, September 22, 2015 5:35:16 PM
> > > Subject: Re: [ovirt-users] LDAP Authentication
> > >
> > > its too complicated ,you have any script or video ?
> >
> > in 3.6 we have a setup script.
> > for now:
> >
> > cp -r /usr/share/ovirt-engine/examples/simple/. /etc/ovirt-engine/
> >
> > this is written in the README.
> >
> > then customize files at /etc/ovirt-engine/extnesions.d/*
> > /etc/ovirt-engine/aaa/* to match your setup
> >
> > >
> > >
> > > On Tue, Sep 22, 2015 at 8:00 PM, Alon Bar-Lev <alonbl at redhat.com> wrote:
> > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Budur Nagaraju" <nbudoor at gmail.com>
> > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > Cc: users at ovirt.org
> > > > > Sent: Tuesday, September 22, 2015 5:24:36 PM
> > > > > Subject: Re: [ovirt-users] LDAP Authentication
> > > > >
> > > > > HI Alon,
> > > > >
> > > > > Below is the configuration which I have done ,but unable to search
> > the
> > > > > users in UI
> > > > > can you pls help me ?
> > > >
> > > > you need three files, see the
> > > > /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple
> > > >
> > > > >
> > > > >
> > > > > [root at cstlb2 aaa]# cat ldap1.properties
> > > > > #
> > > > > # Select one
> > > > > #
> > > > > include = <openldap.properties>
> > > > > #include = <389ds.properties>
> > > > > #include = <rhds.properties>
> > > > > #include = <ipa.properties>
> > > > > #include = <iplanet.properties>
> > > > > #include = <rfc2307.properties>
> > > > > #include = <rfc2307-openldap.properties>
> > > > >
> > > > > #
> > > > > # Server
> > > > > #
> > > > > vars.server = my.abc.net
> > > > >
> > > > > #
> > > > > # Search user and its password.
> > > > > #
> > > > > vars.user =
> > > > >
> > > >
> > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net
> > > > > vars.password = company1
> > > > >
> > > > > pool.default.serverset.single.server = ${global:vars.server}
> > > > > pool.default.auth.simple.bindDN = ${global:vars.user}
> > > > > pool.default.auth.simple.password = ${global:vars.password}
> > > > >
> > > > > # Create keystore, import certificate chain and uncomment
> > > > > # if using ssl/tls.
> > > > > #pool.default.ssl.startTLS = true
> > > > > #pool.default.ssl.truststore.file =
> > > > > ${local:_basedir}/${global:vars.server}.jks
> > > > > #pool.default.ssl.truststore.password = changeit
> > > > > [root at cstlb2 aaa]#
> > > > >
> > > > >
> > > > >
> > > > > On Tue, Sep 22, 2015 at 7:25 PM, Alon Bar-Lev <alonbl at redhat.com>
> > wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > > From: "Budur Nagaraju" <nbudoor at gmail.com>
> > > > > > > To: users at ovirt.org
> > > > > > > Sent: Tuesday, September 22, 2015 4:34:46 PM
> > > > > > > Subject: [ovirt-users] LDAP Authentication
> > > > > > >
> > > > > > > HI All,
> > > > > > >
> > > > > > > Can someone help me in configuring LDAP authentication for Ovirt
> > ?
> > > > > >
> > > > > > Please review:
> > > > > > http://www.ovirt.org/Features/AAA
> > > > > >
> > > > > >
> > > >
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0
> > > > > >
> > > > >
> > > >
> > >
> >
> 



More information about the Users mailing list