0

So I have a server say server_1 and I have 2 users namely x&y each with their own vms which can't be used by other one since the polkit doesn't allow it to do the polkit rule (in short each vm is named as username*vmname and polkit allows the corresponding user to access it).
Now if multiple servers are used (for vm migration) then i won't be able to interact with that vm in the other machine since my user does not exist in that machine so the polkit won't allow the acess of the vm.

So I thought maybe LDAP can be used But I Think it wont work

So,

  1. Is it possible to use LDAP with kvm?
  2. If possible How to do it
  3. If not any possible solutions

Thank you in advance

Community
  • 1
Dravigon
  • 81
  • 9
  • I would guess that if you would implement LDAP in PAM, that Polkit would not even realize that the user information originates from LDAP. It would probably only know about PAM, and so it should work in theory. – tongpu Apr 22 '17 at 18:10
  • so how would the uri for the connection be usually its qemu+tcp://user@server_1_ipaddress/system is that the new uri if i use ldap or should i use qemu+tcp://user@ldap_server_ipaddress/system ? – Dravigon Apr 23 '17 at 12:26
  • You need to have PAM configured to lookup users in LDAP and then you should be able to use `qemu+tcp://user@server_1_ipaddress/system`. – tongpu Apr 24 '17 at 09:03

1 Answers1

0

Your best and easiest bet to set this up would probably be Proxmox:

NotoriousPyro
  • 260
  • 1
  • 5
  • no I am buiding a environment like promox but more versatile – Dravigon Apr 23 '17 at 19:03
  • I have built my own environment too, but I've never used LDAP to do it. I wanted to use Winbind and join an AD domain. I eventually gave up because I had no need since it was only me logging into the VM interface. You may end up having to write some scripts with what you need to do. – NotoriousPyro Apr 24 '17 at 11:25