I configured active directory authentication but the problem is I need to replace u...@corp.mydomain.com with u...@mydomain.com to be able to authenticate. ovirt-engine-extension-aaa-misc has been installed and I configured it as shown below but still it is not working. Do you have any idea what is wrong and how to fix it?
/etc/ovirt-engine/aaa/corp.mydomain.com.properties: -------------------------------------------------- include = <ad.properties> vars.domain = corp.mydomain.com vars.user = CN=user,DC=xxx,DC=corp,DC=mydomain,DC=com vars.password = password pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} /etc/ovirt-engine/extensions.d/mapping.properties: ------------------------------------------------- ovirt.engine.extension.name = mapping ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.misc ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.misc.mapping.MappingExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Mapping config.mapUser.type = regex config.mapUser.regex.pattern = ^(?<user>[^@]*)$ config.mapUser.regex.replacement = ${user}@mydomain.com config.mapUser.regex.mustMatch = false ovirt.engine.aaa.authn.mapping.plugin = mapping In the engine logs I see mapping loaded: ------------------- 2019-04-16 10:35:40,406+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Loading extension 'mapping' 2019-04-16 10:35:40,420+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Extension 'mapping' loaded 2019-04-16 10:35:40,424+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Initializing extension 'internal-authn' 2019-04-16 10:35:40,475+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Extension 'internal-authn' initialized 2019-04-16 10:35:40,476+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Initializing extension 'mapping' 2019-04-16 10:35:40,476+02 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 44) [] Extension 'mapping' initialized But still in the logs I see the {user}@corp.mydomain.com is not replaced with {user}@mydomain.com: ------------------------------------------------------------------------------------------------- 2019-04-16 10:36:27,988+02 WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-3) [] Authentication exception 2019-04-16 10:36:28,231+02 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-4) [] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User a_u...@corp.mydomain.com connecting from '192.168.1.11' failed to log in : 'Unable to log in. Verify your login information or contact the system administrator.'. 2019-04-16 10:36:28,235+02 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-3) [] Cannot authenticate user 'a_u...@corp.mydomain.com' connecting from '192.168.1.11': Unable to log in. Verify your login information or contact the system administrator. 2019-04-16 10:40:48,062+02 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-28) [e479270] Lock Acquired to object 'EngineLock:{exclusiveLocks='[fd6141fe-6a69-49c8-807d-39313cae0756=PROVIDER]', sharedLocks=''}' 2019-04-16 10:40:48,084+02 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-28) [e479270] Running command: SyncNetworkProviderCommand internal: true. 2019-04-16 10:40:48,270+02 INFO [org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-3) [] (house keeping) deleting failed logins prior to 2019-04-09 08:40:48Z. 2019-04-16 10:40:48,323+02 INFO [org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-3) [] (house keeping) deleting failed logins prior to 2019-04-09 08:40:48Z. Thanks Jarek _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBC2XTQQ5XTW2OGXO7A5T3LRDPXVFMMW/