[ovirt-users] oVirt Active Directory Integration

Anantha Raghava raghav at exzatechconsulting.com
Thu Sep 29 06:14:38 UTC 2016


Hi,

Thank you very much.

-- 

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Thursday 29 September 2016 11:43 AM, Ondra Machacek wrote:
> Hi,
>
> I would suggest you reading this:
>
>
> https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#sect-User_Authorization 
>
>
> And if you have doubt with anything you can ask here.
>
> Ondra
>
> On 09/28/2016 05:40 PM, Anantha Raghava wrote:
>> Hi,
>>
>> I am able to add the user to oVirt and assign role. Just to test, I
>> assigned one user as "super user" and I am able to login to
>> Administrator Portal.
>>
>> Need to read a bit more about roles and their predefined rights. Any
>> suggestions in this regard?
>>
>> -- 
>>
>> Thanks & Regards,
>>
>>
>> Anantha Raghava
>>
>> eXza Technology Consulting & Services
>>
>>
>>
>> Do not print this e-mail unless required. Save Paper & trees.
>>
>> On Wednesday 28 September 2016 03:46 PM, Anantha Raghava wrote:
>>>
>>> Hello Ondra,
>>>
>>> It's working now. It browses though the directory and fetching the
>>> user / group details.
>>>
>>> Thanks for your quick support.
>>>
>>> -- 
>>>
>>> Thanks & Regards,
>>>
>>>
>>> Anantha Raghava
>>>
>>> eXza Technology Consulting & Services
>>>
>>>
>>> Do not print this e-mail unless required. Save Paper & trees.
>>>
>>> On Wednesday 28 September 2016 02:03 PM, Anantha Raghava wrote:
>>>>
>>>> Thanks Ondra. Will check this & revert back.
>>>>
>>>> -- 
>>>>
>>>> Thanks & Regards,
>>>>
>>>>
>>>> Anantha Raghava
>>>>
>>>> eXza Technology Consulting & Services
>>>>
>>>>
>>>> Do not print this e-mail unless required. Save Paper & trees.
>>>>
>>>> On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:
>>>>> Yes, you can. You can use different profile name and those setups 
>>>>> can exist together, or you can you same name and the 
>>>>> aaa-setup-tool will ask you if you want to override the existing one.
>>>>>
>>>>> ----- Anantha Raghava <raghav at exzatechconsulting.com> wrote:
>>>>>> Thanks for quick response Ondra.
>>>>>>
>>>>>> Before I make another attempt to properly configure, can I 
>>>>>> re-execute
>>>>>> the ovirt aaa ldap setup again without disturbing the current setup?
>>>>>> Will that help me to correct the problem?
>>>>>>
>>>>>> -- 
>>>>>>
>>>>>> Thanks & Regards,
>>>>>>
>>>>>>
>>>>>> Anantha Raghava
>>>>>>
>>>>>> eXza Technology Consulting & Services
>>>>>>
>>>>>>
>>>>>> Do not print this e-mail unless required. Save Paper & trees.
>>>>>>
>>>>>> On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:
>>>>>>> ----- Anantha Raghava <raghav at exzatechconsulting.com> wrote:
>>>>>>>> Hello Ondra
>>>>>>>>
>>>>>>>> Please find the attached file. I have also attached the setup 
>>>>>>>> log file.
>>>>>>>> I find the errors & warnings there too. But I am unable to 
>>>>>>>> figure out
>>>>>>>> what really went wrong.
>>>>>>>>
>>>>>>>> One more thing, while setting aaa-ldap extension, since it 
>>>>>>>> threw error
>>>>>>>> on user DN, did not properly recognise, I used "anonymous", 
>>>>>>>> also did not
>>>>>>>> perform the Login Test. Are these the root cause?
>>>>>>> Yes, it is root cause. Active directory usually has anonymous 
>>>>>>> bind disabled. You can enter UPN instead of DN, if you want. In 
>>>>>>> your case it will be something like vdiadmin at rvce.in. Please 
>>>>>>> note that AD usually use CN attribute in DN, not uid attribute, 
>>>>>>> that may be the problem in your DN.
>>>>>>>> -- 
>>>>>>>>
>>>>>>>> Thanks & Regards,
>>>>>>>>
>>>>>>>>
>>>>>>>> Anantha Raghava
>>>>>>>>
>>>>>>>> eXza Technology Consulting & Services
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Do not print this e-mail unless required. Save Paper & trees.
>>>>>>>>
>>>>>>>> On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:
>>>>>>>>> On 09/28/2016 05:25 AM, Anantha Raghava wrote:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I am trying to integrate the oVirt Engine with Active 
>>>>>>>>>> Directory to
>>>>>>>>>> enable user logins. I installed the ovirt ldap extension and 
>>>>>>>>>> executed
>>>>>>>>>> the setup. The process completed successfully and the profile 
>>>>>>>>>> is visible
>>>>>>>>>> in engine log in page.
>>>>>>>>> Most probably it wasn't successful, because as you can see in
>>>>>>>>> screenshot there is no 'namespace', you should see there 
>>>>>>>>> something, if
>>>>>>>>> configuration is correct.
>>>>>>>>>
>>>>>>>>> Can you please send output of the following command?
>>>>>>>>>
>>>>>>>>>   $ ovirt-engine-extensions-tool --log-level=FINEST
>>>>>>>>> --log-file=/tmp/aaa.log aaa search --extension-name=domain-authz
>>>>>>>>>
>>>>>>>>> There should be some ERROR or WARN.
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>>> Now, when I try to add the user and assign the roles, it is 
>>>>>>>>>> not allowing
>>>>>>>>>> me to browse through the profile & the user list. Infact the 
>>>>>>>>>> "GO" button
>>>>>>>>>> gets deactivated as shown in the screenshot.
>>>>>>>>>>
>>>>>>>>>> How do I set this right and get the user list?
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>>
>>>>>>>>>> Thanks & Regards,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Anantha Raghava
>>>>>>>>>>
>>>>>>>>>> eXza Technology Consulting & Services
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Do not print this e-mail unless required. Save Paper & trees.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at ovirt.org
>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>>
>>>>
>>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160929/1a97bbc0/attachment-0001.html>


More information about the Users mailing list