Bug 1489402

Summary:	Provide an example for kerberos authentication between aaa-ldap and LDAP server
Product:	[oVirt] ovirt-engine-extension-aaa-ldap	Reporter:	Martin Perina <mperina>
Component:	Documentation	Assignee:	Ondra Machacek <omachace>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Gonza <grafuls>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	master	CC:	bugs
Target Milestone:	ovirt-4.1.8	Flags:	rule-engine: ovirt-4.1+
Target Release:	1.3.5
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ovirt-engine-extension-aaa-ldap-1.3.5	Doc Type:	Enhancement
Doc Text:	Feature: Following examples has been added: * Using GSSAPI to authenticate against IPA * Using GSSAPI with ticket cache to authenticate against IPA More details about those examples can be found at README.md [1] which is also included inside the package [1] https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/examples/README.md Reason: Result:	Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-12-11 16:32:05 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Infra	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1464498

Description Martin Perina 2017-09-07 11:38:49 UTC

Description of problem:

Please add complete example how to setup aaa-ldap to use kerberos to authenticate against LDAP server instead of standard username/password authentication to the examples included in the ovirt-engine-extension-aaa-ldap package


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Martin Perina 2017-10-27 08:54:00 UTC

Fix is included in ovirt-engine-extension-aaa-ldap-1.3.5

Comment 2 Gonza 2017-11-20 16:33:44 UTC

Verified with:
ovirt-engine-extension-aaa-ldap-1.3.6-0.0.master.git91cfb7f.el7.centos.noarch

# rpm -ql ovirt-engine-extension-aaa-ldap | egrep "ipa-gssapi|ipa-ticketcache"
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/aaa
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/aaa/krb5.conf
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/aaa/profile1.properties
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/extensions.d
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/extensions.d/profile1-authn.properties
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-gssapi/extensions.d/profile1-authz.properties
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/aaa
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/aaa/99-jaas.conf
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/aaa/krb5.conf
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/aaa/profile1.properties
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/extensions.d
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/extensions.d/profile1-authn.properties
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ipa-ticketcache-gssapi/extensions.d/profile1-authz.properties