OVIRT 加入AD域

OVIRT 加入AD域

1、

yum install ovirt-engine-extension-aaa-ldap-setup

2、

ovirt-engine-extension-aaa-ldap-setup

3、

[root@vmhost2 ~]# ovirt-engine-extension-aaa-ldap-setup[ INFO  ] Stage: Initializing[ INFO  ] Stage: Environment setup          Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']          Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20180620170724-tufxxa.log          Version: otopi-1.7.7 (otopi-1.7.7-1.el7.centos)[ INFO  ] Stage: Environment packages setup[ INFO  ] Stage: Programs detection[ INFO  ] Stage: Environment customization          Welcome to LDAP extension configuration program          Available LDAP implementations:           1 - 389ds           2 - 389ds RFC-2307 Schema           3 - Active Directory           4 - IBM Security Directory Server           5 - IBM Security Directory Server RFC-2307 Schema           6 - IPA           7 - Novell eDirectory RFC-2307 Schema           8 - OpenLDAP RFC-2307 Schema           9 - OpenLDAP Standard Schema          10 - Oracle Unified Directory RFC-2307 Schema          11 - RFC-2307 Schema (Generic)          12 - RHDS          13 - RHDS RFC-2307 Schema          14 - iPlanet          Please select: 3          Please enter Active Directory Forest name: utek.com[ INFO  ] Resolving Global Catalog SRV record for utek.com                     NOTE:          It is highly recommended to use secure protocol to access the LDAP server.          Protocol startTLS is the standard recommended method to do so.          Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.          Use plain for test environments only.                     Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain[ INFO  ] Resolving SRV record '域名'[ INFO  ] Connecting to LDAP using 'ldap://r730-srv-01.utek.com:389'[ INFO  ] Connection succeeded          Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous):管理员账号@域名          Enter search user password: [ INFO  ] Attempting to bind using '管理员账号@域名'          Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]:                      NOTE:          Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work.                     Please specify profile name that will be visible to users [utek.com]: [ INFO  ] Stage: Setup validation          The following files are about to be overwritten:              /etc/ovirt-engine/extensions.d/xxx-authn.properties              /etc/ovirt-engine/extensions.d/xxx.properties              /etc/ovirt-engine/aaa/xxx.properties          Continue and overwrite? (Yes, No) [No]: yes                     NOTE:          It is highly recommended to test drive the configuration before applying it into engine.          Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence.                     Please provide credentials to test login flow:          Enter user name: 账号@域名          Enter user password: [ INFO  ] Executing login sequence...          Login output:          2018-06-20 17:08:29,331+08 INFO    ========================================================================          2018-06-20 17:08:29,343+08 INFO    ============================ Initialization ============================          2018-06-20 17:08:29,343+08 INFO    ========================================================================          2018-06-20 17:08:29,371+08 INFO    Loading extension 'xxx-authn'          2018-06-20 17:08:29,427+08 INFO    Extension '域名-authn' loaded          2018-06-20 17:08:29,431+08 INFO    Loading extension 'utek.com'          2018-06-20 17:08:29,440+08 INFO    Extension '域名' loaded          2018-06-20 17:08:29,440+08 INFO    Initializing extension 'utek.com-authn'          2018-06-20 17:08:29,441+08 INFO  .............................................................................          2018-06-20 17:09:34,873+08 INFO      --- End   GroupRecord ---          2018-06-20 17:09:34,873+08 INFO    --- End   PrincipalRecord ---[ INFO  ] Login sequence executed successfully          Please make sure that user details are correct and group membership meets expectations (search for PrincipalRecord and GroupRecord titles).          Abort if output is incorrect.          Select test sequence to execute (Done, Abort, Login, Search) [Done]: [ INFO  ] Stage: Transaction setup[ INFO  ] Stage: Misc configuration[ INFO  ] Stage: Package installation[ INFO  ] Stage: Misc configuration[ INFO  ] Stage: Transaction commit[ INFO  ] Stage: Closing up          CONFIGURATION SUMMARY          Profile name is: utek.com          The following files were created:              /etc/ovirt-engine/aaa/xxx.properties[ INFO  ] Stage: Clean up          Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20180620170724-tufxxa.log:[ INFO  ] Stage: Pre-termination[ INFO  ] Stage: Termination

加入域后重启服务

service ovirt-engine restart

注：管理员账号格式  id@域名

参考资料 https://ovirt.org/documentation/admin-guide/chap-Users_and_Roles/

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。