教程:https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
Ovirt版本:4.2
使用的openldap为:我邮箱的ldap服务器
1、安装openldap认证插件:
yum install ovirt-engine-extension-aaa-ldap-setup
2、执行安装
执行命令:ovirt-engine-extension-aaa-ldap-setup
然后根据提示输入内容:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 |
我这里没有使用域名,使用的是ldap服务器的ip地址
|
1 2 3 4 5 6 7 8 |
Use DNS (Yes, No) [Yes]: no Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: 10.10.100.6 |
认证加密:我这边因为内部使用的,ldap没有加密,所以选择plain,然后输入认证查找域
|
1 2 3 4 5 6 7 8 |
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain [ INFO ] Connecting to LDAP using 'ldap://10.10.100.6:389' [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): cn=XXXX,dc=sinocache,dc=net Enter search user password: [ INFO ] Attempting to bind using 'cn=XXXX,dc=sinocache,dc=net' Please enter base DN (dc=sinocache,dc=net) [dc=sinocache,dc=net]: virtualDomain=ngaa.com.cn,o=extmailAccount,dc=sinocache,dc=net Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: |
输入测试的用户密码:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [10.10.100.6]: ngaa.com.cn [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: ldaptest Enter user password: [ INFO ] Executing login sequence... Login output: 2018-08-08 19:48:04,598+08 INFO ======================================================================== ……………………………………此处省略N行 2018-08-08 19:48:05,241+08 INFO AAA_AUTHZ_PRINCIPAL_NAME: ldaptest 2018-08-08 19:48:05,242+08 INFO --- End PrincipalRecord --- [ INFO ] Login sequence executed successfully Please make sure that user details are correct and group membership meets expectations (search for PrincipalRecord and GroupRecord titles). Abort if output is incorrect. Select test sequence to execute (Done, Abort, Login, Search) [Done]: [ INFO ] Stage: Transaction setup [ INFO ] Stage: Misc configuration [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up |
3、然后重启Ovrit即可:
systemctl restart ovirt-engine.service