<div dir="ltr">Thanks again :)<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-22 11:14 GMT-05:00 Ondra Machacek <span dir="ltr">&lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/22/2016 05:21 PM, Julián Tete wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
S-O-L-V-E-D!!!<br>
<br>
You are a Wizard Ondra Machacek!!!<br>
<br>
Thank you very much !!! How Apache says: &quot;It works&quot;<br>
</blockquote>
<br>
Great! You are welcome<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
A have a question for you<br>
<br>
In the command<br>
<br>
su - postgres -c &quot;psql -t engine -c \&quot;insert into permissions values<br>
(&#39;0000001b-001b-001b-001b-00000000029f&#39;,<br>
&#39;00000000-0000-0000-0000-000000000001&#39;,<br>
&#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;,<br>
&#39;aaa00000-0000-0000-0000-123456789aaa&#39;, 1);\&quot;<br>
<br>
What&#39;s the meaning of:<br>
<br>
0000001b-001b-001b-001b-00000000029f<br>
</blockquote>
<br>
This one is id of permission. It&#39;s auto generated.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
00000000-0000-0000-0000-000000000001<br>
</blockquote>
<br>
This one is id of role. This is id of SuperUser as you can see by running:<br>
<br>
 select * from roles;<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
aaa00000-0000-0000-0000-123456789aaa<br>
</blockquote>
<br>
This one is object id, in this case it&#39;s id of system.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
1<br>
</blockquote>
<br>
This one represent object type, it is number that represent some object for example 1 represent<br>
system object, number 2 represent Vm, number 3 Host... etc<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
¿?<br>
<br>
Thanks again<br>
<br>
<br>
2016-06-22 5:22 GMT-05:00 Ondra Machacek &lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
&lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;:<br>
<br>
    On 06/21/2016 09:18 PM, Julián Tete wrote:<br>
<br>
        Roger Ondra!<br>
<br>
        1) su - postgres -c &quot;psql -t engine -c \&quot;delete from users where<br>
        user_id=&#39;7f300f43-9972-4c0e-bfa9-e86df6f1659f&#39;;\&quot;&quot;<br>
<br>
        Output:<br>
<br>
        DELETE 1<br>
<br>
        2) su - postgres -c &quot;psql -t engine -c \&quot;UPDATE users set<br>
        domain=&#39;internal-authz&#39;  where<br>
        user_id=&#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;;\&quot;&quot;<br>
<br>
        Output:<br>
<br>
        ERROR:  duplicate key value violates unique constraint<br>
        &quot;users_domain_external_id_unique&quot;<br>
        DETAIL:  Key (domain, external_id)=(internal-authz,<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.<br>
<br>
<br>
    OK, this is really strange, because this shouldn&#39;t be printed as you<br>
    removed all contraints in step 1).<br>
<br>
    So, can you please first stop ovirt-engine, before running steps<br>
    above? So the steps now<br>
    would be:<br>
<br>
     1) service ovirt-engine stop<br>
<br>
     2) remove admin@internal-authz<br>
    (c9dcda67-9b3e-4255-aa9f-d69043a02b2b) (note id<br>
    changed, from last time) If there is more admin users with domain<br>
    internal-authz, please<br>
    remove them all.<br>
          $ su - postgres -c &quot;psql -t engine -c \&quot;delete from users<br>
    where user_id=&#39;c9dcda67-9b3e-4255-aa9f-d69043a02b2b&#39;;\&quot;&quot;<br>
<br>
     3) rename admin@internal to admin@internal-authz<br>
          $ su - postgres -c &quot;psql -t engine -c \&quot;UPDATE users set<br>
    domain=&#39;internal-authz&#39;  where<br>
    user_id=&#39;fdfc627c-d875-11e0-90f0-83df133b58cc;\&quot;&quot;<br>
<br>
      4) service ovirt-engine start<br>
<br>
<br>
        3) systemctl restart ovirt-engine.service<br>
<br>
        No login yet :(<br>
<br>
        Look at this:<br>
<br>
        ovirt-aaa-jdbc-tool user show admin<br>
<br>
        Output:<br>
        -- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --<br>
        Namespace: *<br>
        Name: admin<br>
        ID: fdfc627c-d875-11e0-90f0-83df133b58cc<br>
        Display Name:<br>
        Email:<br>
        First Name: admin<br>
        Last Name:<br>
        Department:<br>
        Title:<br>
        Description:<br>
        Account Disabled: false<br>
        Account Unlocked At: 1970-01-01 00:00:00Z<br>
        Account Valid From: 2015-10-01 00:00:00Z<br>
        Account Valid To: 2100-01-01 00:00:00Z<br>
        Account Without Password: false<br>
        Last successful Login At: 2016-06-21 19:15:59Z<br>
        Last unsuccessful Login At: 2016-06-20 17:33:24Z<br>
        Password Valid To: 2100-01-01 00:00:00Z<br>
<br>
        su - postgres -c &quot;psql -t engine -c \&quot;select * from users;\&quot;&quot;<br>
<br>
        Output:<br>
<br>
         fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |               |<br>
        internal             | admin    |            |<br>
        |      | t                       |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc<br>
        | 2015-09-19 21:38:44.838161-<br>
        05 | 2016-06-18 20:42:18.883738-05 | *<br>
         16f666bb-b4c8-44c9-8264-30c3aff63a6e |        | Administrator |<br>
        <a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a> &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; | admin<br>
        |            |                         |      | f<br>
        | 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-<br>
        05 | 2016-06-19 12:24:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> &lt;tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>&gt; | *<br>
         c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete          |<br>
        internal-authz       | julian   |            |<br>
        <a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt; |      | f                       |<br>
        1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-<br>
        05 | 2016-06-20 11:23:19.261686-05 | *<br>
         c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin  |               |<br>
        internal-authz       | admin    |            |<br>
        |      | f                       |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc<br>
        | 2016-06-21 13:54:07.765767-<br>
        05 | 2016-06-21 14:15:59.352697-05 | *<br>
<br>
<br>
        su - postgres -c &quot;psql -t engine -c \&quot;select * from permissions;\&quot;&quot;<br>
<br>
        Output:<br>
<br>
         00000004-0004-0004-0004-00000000025e |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000000-0000-0000-0000-000000000000 |              4 |<br>
        1447535033<br>
         0000000f-000f-000f-000f-000000000293 |<br>
        def0000a-0000-0000-0000-def000000010 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        0000000e-000e-000e-000e-0000000002d6 |             27 |<br>
        1447535033<br>
         00000003-0003-0003-0003-00000000009c |<br>
        00000000-0000-0000-0000-000000000001 |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
        aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
        1447535033<br>
         00000006-0006-0006-0006-0000000000e3 |<br>
        00000000-0000-0000-0001-000000000002 |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
        aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
        1447535033<br>
         00000011-0011-0011-0011-0000000002a9 |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000010-0010-0010-0010-0000000001d1 |              4 |<br>
        1447535033<br>
         00000013-0013-0013-0013-00000000031e |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000012-0012-0012-0012-0000000001c6 |              4 |<br>
        1447535033<br>
         00000015-0015-0015-0015-0000000003b8 |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000014-0014-0014-0014-0000000002fd |              4 |<br>
        1447535033<br>
         00000017-0017-0017-0017-000000000388 |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000016-0016-0016-0016-0000000002b0 |              4 |<br>
        1447535033<br>
         00000019-0019-0019-0019-0000000003d5 |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        00000018-0018-0018-0018-000000000314 |              4 |<br>
        1447535033<br>
         00000027-0027-0027-0027-00000000027e |<br>
        def00021-0000-0000-0000-def000000015 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
        1447535037<br>
         7a3917ea-b2df-444f-938c-f768feeaee04 |<br>
        def00009-0000-0000-0000-def000000009 |<br>
        eee00000-0000-0000-0000-123456789eee |<br>
        8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |<br>
        1457665842<br>
         e8abc833-b860-451c-b580-780c7d1049d4 |<br>
        def0000a-0000-0000-0000-def00000000f |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
        8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |<br>
        1457665842<br>
         c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |<br>
        def0000a-0000-0000-0000-def00000000b |<br>
        fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
        9881e686-90d0-4da3-85b4-b8a1b3638396 |             19 |<br>
        1463161875<br>
<br>
<br>
<br>
<br>
        2016-06-21 13:30 GMT-05:00 Ondra Machacek &lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;&gt;:<br>
<br>
<br>
            On 06/21/2016 04:54 PM, Julián Tete wrote:<br>
<br>
                That&#39;s right I remove internal properties :/<br>
<br>
                This is the output of the commands:<br>
<br>
                */usr/share/ovirt-engine/bin/o**virt-engine-role.sh<br>
        --command=add<br>
                --user-name=admin --authz-name=internal-authz<br>
        --role=SuperUser<br>
<br>
                *<br>
                *Output:<br>
                *<br>
<br>
                FATAL: Please specify provider namespace<br>
<br>
<br>
            You don&#39;t have to run it, I&#39;ve just send it for a future<br>
        reference :)<br>
            But if you for example want to add SuperUser permissions to user<br>
            &#39;julian&#39;, you can run:<br>
<br>
              /usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add<br>
            --principal-id=&#39;c01c263a-78c5-4524-a94e-c9aa38141ea9&#39;<br>
            --role=SuperUser --user-name=julian --authz-name=internal-authz<br>
            --principal-namespace=*<br>
<br>
            And you don&#39;t need admin@internal-authz user.<br>
<br>
<br>
                *su - postgres -c &quot;psql -t engine -c \&quot;select * from<br>
        users;\&quot;&quot;<br>
<br>
                *<br>
                *Output:*<br>
<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |<br>
             |<br>
                internal             | admin    |            |<br>
                |      | t                       |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc<br>
                | 2015-09-19 21:38:44.838161-<br>
                05 | 2016-06-18 20:42:18.883738-05 | *<br>
                 16f666bb-b4c8-44c9-8264-30c3aff63a6e |        |<br>
        Administrator |<br>
                <a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a> &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; | admin<br>
                |            |                         |      | f<br>
                | 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19<br>
        11:53:39.249812-<br>
                05 | 2016-06-19 12:24:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> &lt;tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>&gt;<br>
        &lt;tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> &lt;tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>&gt;&gt; | *<br>
                 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete<br>
              |<br>
                internal-authz       | julian   |            |<br>
                <a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;&gt; |      | f<br>
           |<br>
                1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20<br>
        11:22:56.483292-<br>
                05 | 2016-06-20 11:23:19.261686-05 | *<br>
                 7f300f43-9972-4c0e-bfa9-e86df6f1659f | admin  |<br>
               |<br>
                internal-authz       | admin    |            |<br>
                |      | f                       |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc<br>
                | 2016-06-19 11:43:51.644981-<br>
                05 | 2016-06-20 16:06:49.138862-05 | *<br>
                *<br>
                su - postgres -c &quot;psql -t engine -c \&quot;select * from<br>
        permissions;\&quot;&quot;<br>
<br>
<br>
            Ok, according to current status I would suggest you to:<br>
<br>
             1) remove admin@internal-authz<br>
        (7f300f43-9972-4c0e-bfa9-e86df6f1659f)<br>
                  $ su - postgres -c &quot;psql -t engine -c \&quot;delete from users<br>
            where user_id=&#39;7f300f43-9972-4c0e-bfa9-e86df6f1659f&#39;;\&quot;&quot;<br>
<br>
              2) rename admin@internal to admin@internal-authz<br>
                  $ su - postgres -c &quot;psql -t engine -c \&quot;UPDATE users set<br>
            domain=&#39;internal-authz&#39;  where<br>
            user_id=&#39;fdfc627c-d875-11e0-90f0-83df133b58cc;\&quot;&quot;<br>
<br>
            Then restart ovirt-engine and try to login.<br>
<br>
            The problem here is that it tries to login with admin user which<br>
            don&#39;t have any permissions, and<br>
            you have two admin users, because you have removed<br>
            internal-*properties files, so it added<br>
            another one.<br>
<br>
<br>
                *<br>
                *Otput:<br>
                *<br>
<br>
<br>
                 00000004-0004-0004-0004-00000000025e |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000000-0000-0000-0000-000000000000 |              4 |<br>
                1447535033<br>
                 0000000f-000f-000f-000f-000000000293 |<br>
                def0000a-0000-0000-0000-def000000010 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                0000000e-000e-000e-000e-0000000002d6 |             27 |<br>
                1447535033<br>
                 00000003-0003-0003-0003-00000000009c |<br>
                00000000-0000-0000-0000-000000000001 |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
                aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
                1447535033<br>
                 00000006-0006-0006-0006-0000000000e3 |<br>
                00000000-0000-0000-0001-000000000002 |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
                aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
                1447535033<br>
                 00000011-0011-0011-0011-0000000002a9 |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000010-0010-0010-0010-0000000001d1 |              4 |<br>
                1447535033<br>
                 00000013-0013-0013-0013-00000000031e |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000012-0012-0012-0012-0000000001c6 |              4 |<br>
                1447535033<br>
                 00000015-0015-0015-0015-0000000003b8 |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000014-0014-0014-0014-0000000002fd |              4 |<br>
                1447535033<br>
                 00000017-0017-0017-0017-000000000388 |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000016-0016-0016-0016-0000000002b0 |              4 |<br>
                1447535033<br>
                 00000019-0019-0019-0019-0000000003d5 |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                00000018-0018-0018-0018-000000000314 |              4 |<br>
                1447535033<br>
                 00000027-0027-0027-0027-00000000027e |<br>
                def00021-0000-0000-0000-def000000015 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                aaa00000-0000-0000-0000-123456789aaa |              1 |<br>
                1447535037<br>
                 7a3917ea-b2df-444f-938c-f768feeaee04 |<br>
                def00009-0000-0000-0000-def000000009 |<br>
                eee00000-0000-0000-0000-123456789eee |<br>
                8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |<br>
                1457665842<br>
                 e8abc833-b860-451c-b580-780c7d1049d4 |<br>
                def0000a-0000-0000-0000-def00000000f |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
                8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |<br>
                1457665842<br>
                 c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |<br>
                def0000a-0000-0000-0000-def00000000b |<br>
                fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
                9881e686-90d0-4da3-85b4-b8a1b3638396 |             19 |<br>
                1463161875<br>
<br>
<br>
                2016-06-21 9:18 GMT-05:00 Ondra Machacek<br>
        &lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;<br>
                &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;<br>
                &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;&gt;&gt;:<br>
<br>
<br>
                    On 06/20/2016 08:33 PM, Julián Tete wrote:<br>
<br>
                        Thanks Ondra :)<br>
<br>
                        With the command:<br>
<br>
                        su - postgres -c &quot;psql -t engine -c \&quot;insert into<br>
                permissions values<br>
                        (&#39;0000001b-001b-001b-001b-00000000029f&#39;,<br>
                        &#39;00000000-0000-0000-0000-000000000001&#39;,<br>
                        &#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;,<br>
                        &#39;aaa00000-0000-0000-0000-123456789aaa&#39;, 1);\&quot;&quot;<br>
<br>
<br>
                    I&#39;ve just remembered, that there is bash script for it:<br>
<br>
                     /usr/share/ovirt-engine/bin/ovirt-engine-role.sh<br>
<br>
                    You can use it as follows:<br>
<br>
                     /usr/share/ovirt-engine/bin/ovirt-engine-role.sh<br>
        --command=add<br>
                    --user-name=admin --authz-name=internal-authz<br>
        --role=SuperUser<br>
<br>
                    But, as per your output above, obviously your<br>
        problem is not<br>
                missing<br>
                    permissions.<br>
                    I think the problem is that you removed<br>
        internal*.properties<br>
                files<br>
                    and then re-add it.<br>
                    Can you please send output of users table and<br>
        permissions<br>
                table. Thanks.<br>
<br>
                     su - postgres -c &quot;psql -t engine -c \&quot;select * from<br>
        users;\&quot;&quot;<br>
                     su - postgres -c &quot;psql -t engine -c \&quot;select * from<br>
                permissions;\&quot;&quot;<br>
<br>
                        I get:<br>
<br>
                        ERROR:  duplicate key value violates unique<br>
        constraint<br>
                        &quot;idx_combined_ad_role_object&quot;<br>
                        DETAIL:  Key (ad_element_id, role_id,<br>
                        object_id)=(fdfc627c-d875-11e0-90f0-83df133b58cc,<br>
                        00000000-0000-0000-0000-000000000001,<br>
                        aaa00000-0000-0000-0000-123456789aaa) already<br>
        exists.<br>
<br>
                        History<br>
<br>
                          261  yum install ovirt-engine-extension-aaa-ldap<br>
                          262  cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
                        /etc/ovirt-engine/<br>
                          263  cd /etc/ovirt-engine/<br>
                          264  ll<br>
                          265  vim profile1.properties<br>
                          266  ll<br>
                          267  cd cp<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
                        /etc/ovirt-engine/extensions.d/<br>
                          268  cd cp<br>
                /usr/share/ovirt-engine-extension-aaa-ldap/examples/<br>
                          269  cd<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
                          270  ll<br>
                          271  cp<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
                        /etc/ovirt-engine/extensions.d/<br>
                          272  cd /etc/ovirt-engine/extensions.d/<br>
                          273  ll<br>
                          274  find / -type f -iname profile1.properties<br>
                          275  cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
                        /etc/ovirt-engine/aaa/<br>
                          276  find / -type f -iname profile1.properties<br>
                          277  vim /etc/ovirt-engine/aaa/profile1.properties<br>
                          278  chown ovirt:ovirt<br>
                /etc/ovirt-engine/aaa/profile1.properties<br>
                          279  chmod 600<br>
        /etc/ovirt-engine/aaa/profile1.properties<br>
                          280  systemctl restart ovirt-engine<br>
                          281  vim<br>
                /etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
                          282  cd /usr/share/<br>
                          283  ls<br>
                          284  cd ovirt-engine-aaa-ldap<br>
                          285  ls<br>
                          286  cd ovirt-engine-extension-aaa-ldap/<br>
                          287  ls<br>
                          288  cd examples/<br>
                          289  ls<br>
                          290  cd ad<br>
                          291  ls<br>
                          292  cd extensions.d/<br>
                          293  ls<br>
                          294  vim profile1-authn.properties<br>
                          295  pwd<br>
                          296  cd ..<br>
                          297  pwd<br>
                          298  cd ..<br>
                          299  ls<br>
                          300  cd simple<br>
                          301  ls<br>
                          302  cd aaa/<br>
                          303  ls<br>
                          304  vim profile1.properties<br>
                          305  pwd<br>
                          306  rm -rf<br>
        /etc/ovirt-engine/aaa/profile1.properties<br>
                          307  cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/profile1.properties<br>
                        /etc/ovirt-engine/aaa/<br>
                          308  vim /etc/ovirt-engine/aaa/profile1.properties<br>
                          309  history<br>
                          310  chown ovirt:ovirt<br>
                /etc/ovirt-engine/aaa/profile1.properties<br>
                          311  chmod 600<br>
        /etc/ovirt-engine/aaa/profile1.properties<br>
                          312  systemctl restart ovirt-engine<br>
                          313  updatedb<br>
                          314  locate domain1-authn.properties<br>
                          315  history<br>
                          316  cd<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/<br>
                          317  ll<br>
                          318  cd<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/<br>
                          319  ls<br>
                          320  cd extensions.d/<br>
                          321  ls<br>
                          322  pwd<br>
                          323  cd /etc/ovirt-engine/extensions.d/<br>
                          324  ls<br>
                          325  cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
                        /etc/ovirt-engine/extensions.d/<br>
                          326   cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
                        /etc/ovirt-engine/extensions.d/<br>
                          327  rm -rf<br>
<br>
        /etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
                          328  rm -rf<br>
<br>
        /etc/ovirt-engine/extensions.d/profile1-authz.properties<br>
                          329   cp -r<br>
<br>
<br>
        /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
                        /etc/ovirt-engine/extensions.d/<br>
                          330  ll<br>
                          331  history<br>
                          332  chown ovirt:ovirt<br>
        /etc/ovirt-engine/extensions.d/*<br>
                          333  chmod 600 /etc/ovirt-engine/extensions.d/*<br>
                          334  ll<br>
                          335  cd extensions.d/<br>
                          336  ll<br>
                          337  cd<br>
                          338  engine-config -s SASL_QOP=auth<br>
                          339  systemctl restart ovirt-engine<br>
                          340  engine-manage-domains add<br>
                --domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; --provider=ipa<br>
        --user=admin<br>
                        --ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                          341  systemctl restart ovirt-engine<br>
                          342  engine-manage-domains list<br>
                          343  history<br>
                          344  cd /etc/ovirt-engine/extensions.d/<br>
                          345  ll<br>
                          346  rm -rf internal-authn.properties<br>
                          347  rm -rf internal-authz.properties<br>
                          348  rm -rf profile1-authn.properties<br>
                          349  rm -rf profile1-authz.properties<br>
                          350  history<br>
                          351  cd /etc/ovirt-engine/aaa/<br>
                          352  ll<br>
                          353  rm -rf profile1.properties<br>
                          354  vim internal.properties<br>
                          355  systemctl restart ovirt-engine<br>
                          356  ovirt-aaa-jdbc-tool user edit admin<br>
                        --account-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          357  ovirt-aaa-jdbc-tool user password-reset admin<br>
                        --password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          358  engine-config -s AdminPassword=interactive<br>
                          359  ovirt-aaa-jdbc-tool user password-reset admin<br>
                        --password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          360  systemctl restart ovirt-engine<br>
                          361  exit<br>
                          362  cd /etc/ovirt-engine/aaa/<br>
                          363  ll<br>
                          364  vim internal.properties<br>
                          365  /etc/ovirt-engine/extensions.d/<br>
                          366  cd /etc/ovirt-engine/extensions.d/<br>
                          367  ll<br>
                          368  cd extensions.d/<br>
                          369  ll<br>
                          370  pwd<br>
                          371  ll<br>
                          372  cd ..<br>
                          373  ll<br>
                          374  cd ..<br>
                          375  ll<br>
                          376  cd /etc/ovirt-engine/extensions.d/<br>
                          377  ll<br>
                          378  cd extensions.d/<br>
                          379  ll<br>
                          380  pwd<br>
                          381  ll<br>
                          382  cd ..<br>
                          383  ll<br>
                          384  systemctl restart ovirt-engine.service<br>
                          385  ovirt-aaa-jdbc-tool user edit admin<br>
                        --account-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          386  ovirt-aaa-jdbc-tool user password-reset admin<br>
                        --password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          387  systemctl restart ovirt-engine.service<br>
                          388  ovirt-aaa-jdbc-tool user password-reset<br>
                admin@internal<br>
                        --password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          389  yum install -y<br>
        ovirt-engine-extension-aaa-jdbc<br>
                          390  engine-setup<br>
                          391  ovirt-aaa-jdbc-tool user show admin<br>
                          392  ovirt-aaa-jdbc-tool settings show<br>
                          393  cd /var/log<br>
                          394  ll<br>
                          395  cd ovirt-engine<br>
                          396  ll<br>
                          397  tail -f n 100 ui.log<br>
                          398  ll<br>
                          399  tail -f -n engine.log<br>
                          400  tail -f -n 1000 engine.log<br>
                          401  tail -n 5000 engine.log | grep admin@internal<br>
                          402  ovirt-aaa-jdbc-tool user show admin<br>
                          403  ovirt-aaa-jdbc-tool user show admin@internal<br>
                          404  ovirt-aaa-jdbc-tool query --what=user<br>
                          405  engine-config -s AdminPassword=interactive<br>
                          406  vim<br>
                /etc/ovirt-engine/extension.d/internal-authn.properties<br>
                          407  vim<br>
                /etc/ovirt-engine/extensions.d/internal-authn.properties<br>
                          408  cd /etc/ovirt-engine/extensions.d/<br>
                          409  ll<br>
                          410  vim /etc/ovirt-engine/aaa/internal.properties<br>
                          411  cd /etc/ovirt-engine/aaa/<br>
                          412  ll<br>
                          413  vim internal.properties<br>
                          414  pwd<br>
                          415  ovirt-aaa-jdbc-tool user add julian<br>
                        --attribute=firstName=Julian<br>
         --attribute=lastName=Tete<br>
                        --attribute=email=<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;<br>
                        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;&gt;<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt; &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;<br>
                        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<br>
                &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
        &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;&gt;&gt;&gt;<br>
                          416  ovirt-aaa-jdbc-tool user password-reset<br>
        julian<br>
                        --password-valid-to=&quot;2025-08-15 10:30:00Z&quot;<br>
                          417  history<br>
                          418  tail -n 5000 engine.log | grep admin@internal<br>
                          419  tail -n 5000<br>
        /var/log/ovirt-engine/engine.log | grep<br>
                        admin@internal<br>
                          420  ovirt-aaa-jdbc-tool user edit admin<br>
                        --account-valid-from=&quot;2015-10-01 00:00:00Z&quot;<br>
                          421  ovirt-aaa-jdbc-tool user password-reset<br>
        admin --force<br>
                        --password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
                          422  systemctl restart ovirt-engine.service<br>
                          423  history<br>
                          424  ovirt-aaa-jdbc-tool query --what=user<br>
                          425  updatedb<br>
                          426  locate internal<br>
                          427  yum install -y ovirt-engine-cli<br>
                          428  cd /opt<br>
                          429  cd /opt/<br>
<br>
<br>
<br>
                        2016-06-20 13:24 GMT-05:00 Ondra Machacek<br>
                &lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;<br>
                        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt; &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;&gt;<br>
                        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt; &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;<br>
                &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> &lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;&gt;&gt;&gt;:<br>
<br>
<br>
<br>
                            On 06/20/2016 06:36 PM, Julián Tete wrote:<br>
<br>
                                oVirt: 3.6.2<br>
<br>
                                Trying to use:<br>
<br>
<br>
<br>
<br>
        <a href="https://github.com/machacekondra/ovirt-engine-kerbldap-migration" rel="noreferrer" target="_blank">https://github.com/machacekondra/ovirt-engine-kerbldap-migration</a><br>
<br>
                                First use:<br>
<br>
                                engine-manage-domains add<br>
                --domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                                &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
                                &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; --provider=ipa<br>
                --user=admin<br>
<br>
        --ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                                &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
                                &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
<br>
<br>
                                The domain was added, but a I can&#39;t<br>
        access to the<br>
                        webadmin portal :/<br>
<br>
                                I get the message:<br>
<br>
                                &quot;User is not authorized to perform this<br>
        action.&quot;<br>
<br>
                                In ovirt-cli<br>
<br>
                                [401] - Unauthorized<br>
<br>
                                tail -n 5000<br>
        /var/log/ovirt-engine/engine.log | grep<br>
                        admin@internal<br>
<br>
                                2016-06-20 10:52:22,835 ERROR<br>
<br>
<br>
<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
                                (default task-32) [] Correlation ID:<br>
        null, Call<br>
                Stack:<br>
                        null, Custom<br>
                                Event ID: -1, Message: User admin@internal<br>
                failed to log in.<br>
                                2016-06-20 10:52:22,836 WARN<br>
<br>
                [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]<br>
                        (default<br>
                                task-32)<br>
                                [] CanDoAction of action<br>
        &#39;LoginAdminUser&#39; failed<br>
                for user<br>
                                admin@internal. Reasons:<br>
                        USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
                                2016-06-20 11:00:37,679 ERROR<br>
<br>
<br>
<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
                                (default task-3) [] Correlation ID:<br>
        null, Call<br>
                Stack: null,<br>
                                Custom Event<br>
                                ID: -1, Message: User admin@internal<br>
        failed to<br>
                log in.<br>
                                2016-06-20 11:00:37,679 WARN<br>
<br>
        [org.ovirt.engine.core.bll.aaa.LoginUserCommand]<br>
                        (default task-3) []<br>
                                CanDoAction of action &#39;LoginUser&#39; failed<br>
        for user<br>
                        admin@internal.<br>
                                Reasons:<br>
        USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
                                2016-06-20 11:01:04,016 ERROR<br>
<br>
<br>
<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
                                (default task-4) [] Correlation ID:<br>
        null, Call<br>
                Stack: null,<br>
                                Custom Event<br>
                                ID: -1, Message: User admin@internal<br>
        failed to<br>
                log in.<br>
                                2016-06-20 11:01:04,016 WARN<br>
<br>
        [org.ovirt.engine.core.bll.aaa.LoginUserCommand]<br>
                        (default task-4) []<br>
                                CanDoAction of action &#39;LoginUser&#39; failed<br>
        for user<br>
                        admin@internal.<br>
                                Reasons:<br>
        USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
<br>
<br>
                            I am little bit lost, what was your steps,<br>
        to get<br>
                into this<br>
                        state,<br>
                            but it looks that your admin@internal user was<br>
                removed SuperUser<br>
                            permissions, I am really not sure how could<br>
        you achieve<br>
                        that, but to<br>
                            fix it please run following command:<br>
<br>
                             $ su - postgres -c &quot;psql -t engine -c<br>
        \&quot;insert into<br>
                permissions<br>
                            values (&#39;0000001b-001b-001b-001b-00000000029f&#39;,<br>
                            &#39;00000000-0000-0000-0000-000000000001&#39;,<br>
                            &#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;,<br>
                            &#39;aaa00000-0000-0000-0000-123456789aaa&#39;, 1);\&quot;&quot;<br>
<br>
                            This command will add your admin@internal<br>
        SuperUser<br>
                        permissions on<br>
                            system.<br>
<br>
                            Can you please describe what have you done a bit<br>
                more, so we can<br>
                            understand the problem?<br>
<br>
                            Thanks.<br>
<br>
<br>
                                Properties of Internal domain:<br>
<br>
                                cat<br>
        /etc/ovirt-engine/aaa/internal.properties<br>
<br>
                                <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                                &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt; =<br>
                                internal-authn<br>
                                ovirt.engine.extension.bindings.method =<br>
        jbossmodule<br>
<br>
        ovirt.engine.extension.binding.jbossmodule.module =<br>
                                org.ovirt.engine.extension.aaa.jdbc<br>
<br>
        ovirt.engine.extension.binding.jbossmodule.class =<br>
<br>
<br>
<br>
        org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
                                ovirt.engine.extension.provides =<br>
                                org.ovirt.engine.api.extensions.aaa.Authn<br>
                                <a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                                &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
<br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt; =<br>
                internal<br>
                                ovirt.engine.aaa.authn.authz.plugin =<br>
        internal-authz<br>
                                config.datasource.file =<br>
                        /etc/ovirt-engine/aaa/internal.properties<br>
<br>
                                cat<br>
                /etc/ovirt-engine/extensions.d/internal-authn.properties<br>
<br>
                                <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                                &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt; =<br>
                                internal-authn<br>
                                ovirt.engine.extension.bindings.method =<br>
        jbossmodule<br>
<br>
        ovirt.engine.extension.binding.jbossmodule.module =<br>
                                org.ovirt.engine.extension.aaa.jdbc<br>
<br>
        ovirt.engine.extension.binding.jbossmodule.class =<br>
<br>
<br>
<br>
        org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
                                ovirt.engine.extension.provides =<br>
                                org.ovirt.engine.api.extensions.aaa.Authn<br>
                                <a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
                                &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
<br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt; =<br>
                internal<br>
                                ovirt.engine.aaa.authn.authz.plugin =<br>
        internal-authz<br>
                                config.datasource.file =<br>
                        /etc/ovirt-engine/aaa/internal.properties<br>
<br>
                                cat<br>
                /etc/ovirt-engine/extensions.d/internal-authz.properties<br>
<br>
                                <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
                &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;</blockquote>
</blockquote></div><br></div>