Description of problem:
I could not find any documentation with remove a domain from ovirt-engine.
Version-Release number of selected component (if applicable):
Delete a domain from ovirt-engine
Steps to Reproduce:
1. Login an Window Domain with ovirt-engine-extension-aaa-ldap-setup
2. Login a FreeIPA domain ovirt-engine-extension-aaa-ldap-setup
3. Log out the Windows Domain
I have no documantation.
I would like read an answer.
Happy new year to you.
Can you update the oVirt site on this?
I haven't understand the issue nor reproducing steps. What do you mean by removing a domain? You want to remove configured aaa-ldap profile so users from this profile are not able to login? What exactly is your use case for LDAP integrations as you have mentioned both AD and IPA servers?
I have a Windows AD in my oVirt cluster.
But I would like to change the MS windows server to FreeIPA on the cluster.
If you want to remove a configured LDAP provider, you need to do following (assuming here the default name 'profile1', please rename according to your setup):
1. Remove provider configuration files
2. Restart ovirt-engine
systemctl restart ovirt-engine
The above will remove provider configuration, so users from this provider will no longer be able to login into engine.
But those users still have permissions defined in engine, so if you want to remove those permissions you need to do following:
1. Login into webadmin and switch to Users tab
2. Remove all users from the provider you have removed above (they should have their Authorization provider set to 'profile1-authz'
For now I'm targeting this to ovirt-future, but I'm going to include fix for that into next aaa-ldap release.
Thank you for your help.
I changed my ldap provider.
Fix is contained in ovirt-engine-extension-aaa-ldap-1.3.1