Directory Users
Directory Services Support in oVirt
During installation oVirt creates its own internal administration user, admin
. This account is intended for use when initially configuring the environment, and for troubleshooting. To add other users to oVirt you must attach a directory server to oVirt using the Domain Management Tool,engine-manage-domains
.
Once at least one directory server has been attached to oVirt, you can add users that exist in the directory server and assign roles to them using the Administration Portal. Users can be identified by their User Principal Name (UPN) of the form user@domain
. Attachment of more than one directory server to oVirt is also supported.
The directory servers supported for use with oVirt 3.4 are:
- Active Directory
- Identity Management (IdM)
- Red Hat Directory Server 9 (RHDS 9)
- OpenLDAP
You must ensure that the correct DNS records exist for your directory server. In particular you must ensure that the DNS records for the directory server include:
- A valid pointer record (PTR) for the directory server's reverse look-up address.
- A valid service record (SRV) for LDAP over TCP port
389
. - A valid service record (SRV) for Kerberos over TCP port
88
. - A valid service record (SRV) for Kerberos over UDP port