Using the virt-engine-extension-aaa-ldap-setup tool it's possible to configure an Active Directory forest with multi-domain trust, or an Active Directory forest with a single domain. However it is currently not possible to configure using a single domain from a multi-domain Active Directory forest because this is advanced configuration which is difficult to perform automatically. This update provides common advanced Active Directory configuration examples that users can copy and adapt to their local environment. Those examples are bundled within the ovirt-engine-extension-aaa-ldap package, and can be found at /usr/share/ovirt-engine-extension-aaa-ldap/examples/README.md. The ovirt-engine-extension-aaa-ldap-setup tool user experience has also been improved with the following changes: - Add more detailed error reporting for various Active Directory forest configuration steps. - Made the login test mandatory to test the provided configuration.
Note: There is a similar request for this in 4.1.z: https://bugzilla.redhat.com/show_bug.cgi?id=1464498
Update to the requirement for this RFE: The location of the examples was added in 4.1 and forward ported to 4.2 as part of bug 1464498. This RFE should now be used to review the 'Attaching an Active Directory' section to determine whether and where changes are required based on 4.2 improvements.
Accepting into Beta 3 program and assigning to Billy for review. Billy, you may not be able to test this one directly, so I'd suggest starting by requesting an SME review of the mentioned section. Martin Perina has been our SME on this topic.
Published updated procedure for 4.2beta: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html-single/administration_guide/#Attaching_an_Active_Directory