Description of problem: ovirt-engine-extension-aaa-ldap is working most of the time, however lot of customers have special setups (multiple A records for each domain controller, domain/forest trusts, domain controllers behind firewall so they can not use srvrecord serverset for example) Would it be possible to document all the possible directives because all i have found is: https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README.profile https://github.com/oVirt/ovirt-engine-extension-aaa-ldap And that is not all off it. It would be nice if customers could find it on redhat customer portal with all directives described. Thank you very much in advance.
(In reply to Marian Jankular from comment #0) > Description of problem: > ovirt-engine-extension-aaa-ldap is working most of the time, however lot of > customers have special setups (multiple A records for each domain > controller, domain/forest trusts, domain controllers behind firewall so they > can not use srvrecord serverset for example) > Would it be possible to document all the possible directives because all i > have found is: > > https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README. > profile > https://github.com/oVirt/ovirt-engine-extension-aaa-ldap > > And that is not all off it. It would be nice if customers could find it on > redhat customer portal with all directives described. > > Thank you very much in advance. Other details can be found at [1] and we also have oVirt AAA FAQ [2], which we are extending when someone report problem which can be interesting also for others. We can add some additional documentation, but aaa-ldap is so extensible, that pretty much anything can be achieved by changing property files. Anyway providing more detailed description of all properties and all possible customizations is a huge task ... [1] https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README [2] http://www.ovirt.org/develop/release-management/features/infra/aaa_faq/
As a part of BZ1462294 (RHV 4.2) and BZ1472254 (RHV 4.1.5) we will provide examples for most common AD configurations which cannot be configured using ovirt-engine-extension-aaa-ldap-setup tool. Examples with corresponding README.md files will be part of ovirt-engine-extension-aaa-ldap package, so you can link or even fully document those examples in Administration Guide
Thanks, Martin! That's great. We've decided that we'll mention these examples in the Admin Guide, and tell users where to find them. That way, you can update the examples in the package at any time, and we won't need to update the Admin Guide to match.
Additional examples around using GSSAPI has been added to ovirt-engine-extension-aaa-ldap-1.3.5, which will be part of 4.1.8 (BZ1489402)
Verified and merged.
Updated document: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/administration_guide/#Attaching_an_Active_Directory