I configured active directory authentication but the problem is I need to
replace u...@corp.mydomain.com with u...@mydomain.com to be able to
authenticate.
ovirt-engine-extension-aaa-misc has been installed and I configured it as shown
below but still it is not working. Do you have any idea what is wrong and how
to fix it?
/etc/ovirt-engine/aaa/corp.mydomain.com.properties:
--------------------------------------------------
include = <ad.properties>
vars.domain = corp.mydomain.com
vars.user = CN=user,DC=xxx,DC=corp,DC=mydomain,DC=com
vars.password = password
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
/etc/ovirt-engine/extensions.d/mapping.properties:
-------------------------------------------------
ovirt.engine.extension.name = mapping
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.misc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.misc.mapping.MappingExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Mapping
config.mapUser.type = regex
config.mapUser.regex.pattern = ^(?<user>[^@]*)$
config.mapUser.regex.replacement = ${user}@mydomain.com
config.mapUser.regex.mustMatch = false
ovirt.engine.aaa.authn.mapping.plugin = mapping
In the engine logs I see mapping loaded:
-------------------
2019-04-16 10:35:40,406+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Loading extension 'mapping'
2019-04-16 10:35:40,420+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Extension 'mapping' loaded
2019-04-16 10:35:40,424+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Initializing extension 'internal-authn'
2019-04-16 10:35:40,475+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Extension 'internal-authn' initialized
2019-04-16 10:35:40,476+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Initializing extension 'mapping'
2019-04-16 10:35:40,476+02 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread
Pool -- 44) [] Extension 'mapping' initialized
But still in the logs I see the {user}@corp.mydomain.com is not replaced with
{user}@mydomain.com:
-------------------------------------------------------------------------------------------------
2019-04-16 10:36:27,988+02 WARN
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-3) []
Authentication exception
2019-04-16 10:36:28,231+02 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default
task-4) [] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User a_u...@corp.mydomain.com
connecting from '192.168.1.11' failed to log in : 'Unable to log in. Verify
your login information or contact the system administrator.'.
2019-04-16 10:36:28,235+02 ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-3) []
Cannot authenticate user 'a_u...@corp.mydomain.com' connecting from
'192.168.1.11': Unable to log in. Verify your login information or contact the
system administrator.
2019-04-16 10:40:48,062+02 INFO
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-28) [e479270] Lock Acquired to
object
'EngineLock:{exclusiveLocks='[fd6141fe-6a69-49c8-807d-39313cae0756=PROVIDER]',
sharedLocks=''}'
2019-04-16 10:40:48,084+02 INFO
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-28) [e479270] Running command:
SyncNetworkProviderCommand internal: true.
2019-04-16 10:40:48,270+02 INFO
[org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-3) [] (house
keeping) deleting failed logins prior to 2019-04-09 08:40:48Z.
2019-04-16 10:40:48,323+02 INFO
[org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-3) [] (house
keeping) deleting failed logins prior to 2019-04-09 08:40:48Z.
Thanks
Jarek
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBC2XTQQ5XTW2OGXO7A5T3LRDPXVFMMW/
