Description of problem: I could not find any documentation with remove a domain from ovirt-engine. Version-Release number of selected component (if applicable): 4.X How reproducible: Delete a domain from ovirt-engine Steps to Reproduce: 1. Login an Window Domain with ovirt-engine-extension-aaa-ldap-setup 2. Login a FreeIPA domain ovirt-engine-extension-aaa-ldap-setup 3. Log out the Windows Domain Actual results: I have no documantation. Expected results: I would like read an answer. Additional info: Happy new year to you. Thank you.
Can you update the oVirt site on this?
I haven't understand the issue nor reproducing steps. What do you mean by removing a domain? You want to remove configured aaa-ldap profile so users from this profile are not able to login? What exactly is your use case for LDAP integrations as you have mentioned both AD and IPA servers?
Dear Martin, I have a Windows AD in my oVirt cluster. But I would like to change the MS windows server to FreeIPA on the cluster. Best Regards, Sandor
If you want to remove a configured LDAP provider, you need to do following (assuming here the default name 'profile1', please rename according to your setup): 1. Remove provider configuration files rm /etc/ovirt-engine/extensions.d/profile1-authn.properties rm /etc/ovirt-engine/extensions.d/profile1-authz.properties rm /etc/ovirt-engine/aaa/profile1.properties 2. Restart ovirt-engine systemctl restart ovirt-engine The above will remove provider configuration, so users from this provider will no longer be able to login into engine. But those users still have permissions defined in engine, so if you want to remove those permissions you need to do following: 1. Login into webadmin and switch to Users tab 2. Remove all users from the provider you have removed above (they should have their Authorization provider set to 'profile1-authz' For now I'm targeting this to ovirt-future, but I'm going to include fix for that into next aaa-ldap release.
Thank you for your help. I changed my ldap provider. Thank you.
Fix is contained in ovirt-engine-extension-aaa-ldap-1.3.1
Verified with: ovirt-engine-extension-aaa-ldap-1.3.1-1.el7ev.noarch