<div dir="ltr">Thanks again :)<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-22 11:14 GMT-05:00 Ondra Machacek <span dir="ltr"><<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/22/2016 05:21 PM, Julián Tete wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
S-O-L-V-E-D!!!<br>
<br>
You are a Wizard Ondra Machacek!!!<br>
<br>
Thank you very much !!! How Apache says: "It works"<br>
</blockquote>
<br>
Great! You are welcome<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
A have a question for you<br>
<br>
In the command<br>
<br>
su - postgres -c "psql -t engine -c \"insert into permissions values<br>
('0000001b-001b-001b-001b-00000000029f',<br>
'00000000-0000-0000-0000-000000000001',<br>
'fdfc627c-d875-11e0-90f0-83df133b58cc',<br>
'aaa00000-0000-0000-0000-123456789aaa', 1);\"<br>
<br>
What's the meaning of:<br>
<br>
0000001b-001b-001b-001b-00000000029f<br>
</blockquote>
<br>
This one is id of permission. It's auto generated.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
00000000-0000-0000-0000-000000000001<br>
</blockquote>
<br>
This one is id of role. This is id of SuperUser as you can see by running:<br>
<br>
select * from roles;<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
aaa00000-0000-0000-0000-123456789aaa<br>
</blockquote>
<br>
This one is object id, in this case it's id of system.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
1<br>
</blockquote>
<br>
This one represent object type, it is number that represent some object for example 1 represent<br>
system object, number 2 represent Vm, number 3 Host... etc<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
¿?<br>
<br>
Thanks again<br>
<br>
<br>
2016-06-22 5:22 GMT-05:00 Ondra Machacek <<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>>:<br>
<br>
On 06/21/2016 09:18 PM, Julián Tete wrote:<br>
<br>
Roger Ondra!<br>
<br>
1) su - postgres -c "psql -t engine -c \"delete from users where<br>
user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""<br>
<br>
Output:<br>
<br>
DELETE 1<br>
<br>
2) su - postgres -c "psql -t engine -c \"UPDATE users set<br>
domain='internal-authz' where<br>
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""<br>
<br>
Output:<br>
<br>
ERROR: duplicate key value violates unique constraint<br>
"users_domain_external_id_unique"<br>
DETAIL: Key (domain, external_id)=(internal-authz,<br>
fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.<br>
<br>
<br>
OK, this is really strange, because this shouldn't be printed as you<br>
removed all contraints in step 1).<br>
<br>
So, can you please first stop ovirt-engine, before running steps<br>
above? So the steps now<br>
would be:<br>
<br>
1) service ovirt-engine stop<br>
<br>
2) remove admin@internal-authz<br>
(c9dcda67-9b3e-4255-aa9f-d69043a02b2b) (note id<br>
changed, from last time) If there is more admin users with domain<br>
internal-authz, please<br>
remove them all.<br>
$ su - postgres -c "psql -t engine -c \"delete from users<br>
where user_id='c9dcda67-9b3e-4255-aa9f-d69043a02b2b';\""<br>
<br>
3) rename admin@internal to admin@internal-authz<br>
$ su - postgres -c "psql -t engine -c \"UPDATE users set<br>
domain='internal-authz' where<br>
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""<br>
<br>
4) service ovirt-engine start<br>
<br>
<br>
3) systemctl restart ovirt-engine.service<br>
<br>
No login yet :(<br>
<br>
Look at this:<br>
<br>
ovirt-aaa-jdbc-tool user show admin<br>
<br>
Output:<br>
-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --<br>
Namespace: *<br>
Name: admin<br>
ID: fdfc627c-d875-11e0-90f0-83df133b58cc<br>
Display Name:<br>
Email:<br>
First Name: admin<br>
Last Name:<br>
Department:<br>
Title:<br>
Description:<br>
Account Disabled: false<br>
Account Unlocked At: 1970-01-01 00:00:00Z<br>
Account Valid From: 2015-10-01 00:00:00Z<br>
Account Valid To: 2100-01-01 00:00:00Z<br>
Account Without Password: false<br>
Last successful Login At: 2016-06-21 19:15:59Z<br>
Last unsuccessful Login At: 2016-06-20 17:33:24Z<br>
Password Valid To: 2100-01-01 00:00:00Z<br>
<br>
su - postgres -c "psql -t engine -c \"select * from users;\""<br>
<br>
Output:<br>
<br>
fdfc627c-d875-11e0-90f0-83df133b58cc | admin | |<br>
internal | admin | |<br>
| | t |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc<br>
| 2015-09-19 21:38:44.838161-<br>
05 | 2016-06-18 20:42:18.883738-05 | *<br>
16f666bb-b4c8-44c9-8264-30c3aff63a6e | | Administrator |<br>
<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a> <<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> | admin<br>
| | | | f<br>
| 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-<br>
05 | 2016-06-19 12:24:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> <tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>> | *<br>
c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete |<br>
internal-authz | julian | |<br>
<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> <mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>> | | f |<br>
1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-<br>
05 | 2016-06-20 11:23:19.261686-05 | *<br>
c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin | |<br>
internal-authz | admin | |<br>
| | f |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc<br>
| 2016-06-21 13:54:07.765767-<br>
05 | 2016-06-21 14:15:59.352697-05 | *<br>
<br>
<br>
su - postgres -c "psql -t engine -c \"select * from permissions;\""<br>
<br>
Output:<br>
<br>
00000004-0004-0004-0004-00000000025e |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000000-0000-0000-0000-000000000000 | 4 |<br>
1447535033<br>
0000000f-000f-000f-000f-000000000293 |<br>
def0000a-0000-0000-0000-def000000010 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
0000000e-000e-000e-000e-0000000002d6 | 27 |<br>
1447535033<br>
00000003-0003-0003-0003-00000000009c |<br>
00000000-0000-0000-0000-000000000001 |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535033<br>
00000006-0006-0006-0006-0000000000e3 |<br>
00000000-0000-0000-0001-000000000002 |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535033<br>
00000011-0011-0011-0011-0000000002a9 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000010-0010-0010-0010-0000000001d1 | 4 |<br>
1447535033<br>
00000013-0013-0013-0013-00000000031e |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000012-0012-0012-0012-0000000001c6 | 4 |<br>
1447535033<br>
00000015-0015-0015-0015-0000000003b8 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000014-0014-0014-0014-0000000002fd | 4 |<br>
1447535033<br>
00000017-0017-0017-0017-000000000388 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000016-0016-0016-0016-0000000002b0 | 4 |<br>
1447535033<br>
00000019-0019-0019-0019-0000000003d5 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000018-0018-0018-0018-000000000314 | 4 |<br>
1447535033<br>
00000027-0027-0027-0027-00000000027e |<br>
def00021-0000-0000-0000-def000000015 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535037<br>
7a3917ea-b2df-444f-938c-f768feeaee04 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
8fa947f7-c698-4661-aea4-a093bbd0ba0b | 4 |<br>
1457665842<br>
e8abc833-b860-451c-b580-780c7d1049d4 |<br>
def0000a-0000-0000-0000-def00000000f |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
8fa947f7-c698-4661-aea4-a093bbd0ba0b | 4 |<br>
1457665842<br>
c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |<br>
def0000a-0000-0000-0000-def00000000b |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
9881e686-90d0-4da3-85b4-b8a1b3638396 | 19 |<br>
1463161875<br>
<br>
<br>
<br>
<br>
2016-06-21 13:30 GMT-05:00 Ondra Machacek <<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>>>:<br>
<br>
<br>
On 06/21/2016 04:54 PM, Julián Tete wrote:<br>
<br>
That's right I remove internal properties :/<br>
<br>
This is the output of the commands:<br>
<br>
*/usr/share/ovirt-engine/bin/o**virt-engine-role.sh<br>
--command=add<br>
--user-name=admin --authz-name=internal-authz<br>
--role=SuperUser<br>
<br>
*<br>
*Output:<br>
*<br>
<br>
FATAL: Please specify provider namespace<br>
<br>
<br>
You don't have to run it, I've just send it for a future<br>
reference :)<br>
But if you for example want to add SuperUser permissions to user<br>
'julian', you can run:<br>
<br>
/usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add<br>
--principal-id='c01c263a-78c5-4524-a94e-c9aa38141ea9'<br>
--role=SuperUser --user-name=julian --authz-name=internal-authz<br>
--principal-namespace=*<br>
<br>
And you don't need admin@internal-authz user.<br>
<br>
<br>
*su - postgres -c "psql -t engine -c \"select * from<br>
users;\""<br>
<br>
*<br>
*Output:*<br>
<br>
fdfc627c-d875-11e0-90f0-83df133b58cc | admin |<br>
|<br>
internal | admin | |<br>
| | t |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc<br>
| 2015-09-19 21:38:44.838161-<br>
05 | 2016-06-18 20:42:18.883738-05 | *<br>
16f666bb-b4c8-44c9-8264-30c3aff63a6e | |<br>
Administrator |<br>
<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a> <<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> | admin<br>
| | | | f<br>
| 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19<br>
11:53:39.249812-<br>
05 | 2016-06-19 12:24:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> <tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>><br>
<tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a> <tel:<a href="tel:41.590162-05" value="+14159016205" target="_blank">41.590162-05</a>>> | *<br>
c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete<br>
|<br>
internal-authz | julian | |<br>
<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> <mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> <mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>>> | | f<br>
|<br>
1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20<br>
11:22:56.483292-<br>
05 | 2016-06-20 11:23:19.261686-05 | *<br>
7f300f43-9972-4c0e-bfa9-e86df6f1659f | admin |<br>
|<br>
internal-authz | admin | |<br>
| | f |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc<br>
| 2016-06-19 11:43:51.644981-<br>
05 | 2016-06-20 16:06:49.138862-05 | *<br>
*<br>
su - postgres -c "psql -t engine -c \"select * from<br>
permissions;\""<br>
<br>
<br>
Ok, according to current status I would suggest you to:<br>
<br>
1) remove admin@internal-authz<br>
(7f300f43-9972-4c0e-bfa9-e86df6f1659f)<br>
$ su - postgres -c "psql -t engine -c \"delete from users<br>
where user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""<br>
<br>
2) rename admin@internal to admin@internal-authz<br>
$ su - postgres -c "psql -t engine -c \"UPDATE users set<br>
domain='internal-authz' where<br>
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""<br>
<br>
Then restart ovirt-engine and try to login.<br>
<br>
The problem here is that it tries to login with admin user which<br>
don't have any permissions, and<br>
you have two admin users, because you have removed<br>
internal-*properties files, so it added<br>
another one.<br>
<br>
<br>
*<br>
*Otput:<br>
*<br>
<br>
<br>
00000004-0004-0004-0004-00000000025e |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000000-0000-0000-0000-000000000000 | 4 |<br>
1447535033<br>
0000000f-000f-000f-000f-000000000293 |<br>
def0000a-0000-0000-0000-def000000010 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
0000000e-000e-000e-000e-0000000002d6 | 27 |<br>
1447535033<br>
00000003-0003-0003-0003-00000000009c |<br>
00000000-0000-0000-0000-000000000001 |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535033<br>
00000006-0006-0006-0006-0000000000e3 |<br>
00000000-0000-0000-0001-000000000002 |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535033<br>
00000011-0011-0011-0011-0000000002a9 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000010-0010-0010-0010-0000000001d1 | 4 |<br>
1447535033<br>
00000013-0013-0013-0013-00000000031e |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000012-0012-0012-0012-0000000001c6 | 4 |<br>
1447535033<br>
00000015-0015-0015-0015-0000000003b8 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000014-0014-0014-0014-0000000002fd | 4 |<br>
1447535033<br>
00000017-0017-0017-0017-000000000388 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000016-0016-0016-0016-0000000002b0 | 4 |<br>
1447535033<br>
00000019-0019-0019-0019-0000000003d5 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
00000018-0018-0018-0018-000000000314 | 4 |<br>
1447535033<br>
00000027-0027-0027-0027-00000000027e |<br>
def00021-0000-0000-0000-def000000015 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
aaa00000-0000-0000-0000-123456789aaa | 1 |<br>
1447535037<br>
7a3917ea-b2df-444f-938c-f768feeaee04 |<br>
def00009-0000-0000-0000-def000000009 |<br>
eee00000-0000-0000-0000-123456789eee |<br>
8fa947f7-c698-4661-aea4-a093bbd0ba0b | 4 |<br>
1457665842<br>
e8abc833-b860-451c-b580-780c7d1049d4 |<br>
def0000a-0000-0000-0000-def00000000f |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
8fa947f7-c698-4661-aea4-a093bbd0ba0b | 4 |<br>
1457665842<br>
c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |<br>
def0000a-0000-0000-0000-def00000000b |<br>
fdfc627c-d875-11e0-90f0-83df133b58cc |<br>
9881e686-90d0-4da3-85b4-b8a1b3638396 | 19 |<br>
1463161875<br>
<br>
<br>
2016-06-21 9:18 GMT-05:00 Ondra Machacek<br>
<<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>>>>:<br>
<br>
<br>
On 06/20/2016 08:33 PM, Julián Tete wrote:<br>
<br>
Thanks Ondra :)<br>
<br>
With the command:<br>
<br>
su - postgres -c "psql -t engine -c \"insert into<br>
permissions values<br>
('0000001b-001b-001b-001b-00000000029f',<br>
'00000000-0000-0000-0000-000000000001',<br>
'fdfc627c-d875-11e0-90f0-83df133b58cc',<br>
'aaa00000-0000-0000-0000-123456789aaa', 1);\""<br>
<br>
<br>
I've just remembered, that there is bash script for it:<br>
<br>
/usr/share/ovirt-engine/bin/ovirt-engine-role.sh<br>
<br>
You can use it as follows:<br>
<br>
/usr/share/ovirt-engine/bin/ovirt-engine-role.sh<br>
--command=add<br>
--user-name=admin --authz-name=internal-authz<br>
--role=SuperUser<br>
<br>
But, as per your output above, obviously your<br>
problem is not<br>
missing<br>
permissions.<br>
I think the problem is that you removed<br>
internal*.properties<br>
files<br>
and then re-add it.<br>
Can you please send output of users table and<br>
permissions<br>
table. Thanks.<br>
<br>
su - postgres -c "psql -t engine -c \"select * from<br>
users;\""<br>
su - postgres -c "psql -t engine -c \"select * from<br>
permissions;\""<br>
<br>
I get:<br>
<br>
ERROR: duplicate key value violates unique<br>
constraint<br>
"idx_combined_ad_role_object"<br>
DETAIL: Key (ad_element_id, role_id,<br>
object_id)=(fdfc627c-d875-11e0-90f0-83df133b58cc,<br>
00000000-0000-0000-0000-000000000001,<br>
aaa00000-0000-0000-0000-123456789aaa) already<br>
exists.<br>
<br>
History<br>
<br>
261 yum install ovirt-engine-extension-aaa-ldap<br>
262 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
/etc/ovirt-engine/<br>
263 cd /etc/ovirt-engine/<br>
264 ll<br>
265 vim profile1.properties<br>
266 ll<br>
267 cd cp<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
268 cd cp<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/<br>
269 cd<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
270 ll<br>
271 cp<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
272 cd /etc/ovirt-engine/extensions.d/<br>
273 ll<br>
274 find / -type f -iname profile1.properties<br>
275 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
/etc/ovirt-engine/aaa/<br>
276 find / -type f -iname profile1.properties<br>
277 vim /etc/ovirt-engine/aaa/profile1.properties<br>
278 chown ovirt:ovirt<br>
/etc/ovirt-engine/aaa/profile1.properties<br>
279 chmod 600<br>
/etc/ovirt-engine/aaa/profile1.properties<br>
280 systemctl restart ovirt-engine<br>
281 vim<br>
/etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
282 cd /usr/share/<br>
283 ls<br>
284 cd ovirt-engine-aaa-ldap<br>
285 ls<br>
286 cd ovirt-engine-extension-aaa-ldap/<br>
287 ls<br>
288 cd examples/<br>
289 ls<br>
290 cd ad<br>
291 ls<br>
292 cd extensions.d/<br>
293 ls<br>
294 vim profile1-authn.properties<br>
295 pwd<br>
296 cd ..<br>
297 pwd<br>
298 cd ..<br>
299 ls<br>
300 cd simple<br>
301 ls<br>
302 cd aaa/<br>
303 ls<br>
304 vim profile1.properties<br>
305 pwd<br>
306 rm -rf<br>
/etc/ovirt-engine/aaa/profile1.properties<br>
307 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/profile1.properties<br>
/etc/ovirt-engine/aaa/<br>
308 vim /etc/ovirt-engine/aaa/profile1.properties<br>
309 history<br>
310 chown ovirt:ovirt<br>
/etc/ovirt-engine/aaa/profile1.properties<br>
311 chmod 600<br>
/etc/ovirt-engine/aaa/profile1.properties<br>
312 systemctl restart ovirt-engine<br>
313 updatedb<br>
314 locate domain1-authn.properties<br>
315 history<br>
316 cd<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/<br>
317 ll<br>
318 cd<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/<br>
319 ls<br>
320 cd extensions.d/<br>
321 ls<br>
322 pwd<br>
323 cd /etc/ovirt-engine/extensions.d/<br>
324 ls<br>
325 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
/etc/ovirt-engine/extensions.d/<br>
326 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
327 rm -rf<br>
<br>
/etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
328 rm -rf<br>
<br>
/etc/ovirt-engine/extensions.d/profile1-authz.properties<br>
329 cp -r<br>
<br>
<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
330 ll<br>
331 history<br>
332 chown ovirt:ovirt<br>
/etc/ovirt-engine/extensions.d/*<br>
333 chmod 600 /etc/ovirt-engine/extensions.d/*<br>
334 ll<br>
335 cd extensions.d/<br>
336 ll<br>
337 cd<br>
338 engine-config -s SASL_QOP=auth<br>
339 systemctl restart ovirt-engine<br>
340 engine-manage-domains add<br>
--domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> <<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> --provider=ipa<br>
--user=admin<br>
--ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
341 systemctl restart ovirt-engine<br>
342 engine-manage-domains list<br>
343 history<br>
344 cd /etc/ovirt-engine/extensions.d/<br>
345 ll<br>
346 rm -rf internal-authn.properties<br>
347 rm -rf internal-authz.properties<br>
348 rm -rf profile1-authn.properties<br>
349 rm -rf profile1-authz.properties<br>
350 history<br>
351 cd /etc/ovirt-engine/aaa/<br>
352 ll<br>
353 rm -rf profile1.properties<br>
354 vim internal.properties<br>
355 systemctl restart ovirt-engine<br>
356 ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-to="2100-01-01 00:00:00Z"<br>
357 ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to="2100-01-01 00:00:00Z"<br>
358 engine-config -s AdminPassword=interactive<br>
359 ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to="2100-01-01 00:00:00Z"<br>
360 systemctl restart ovirt-engine<br>
361 exit<br>
362 cd /etc/ovirt-engine/aaa/<br>
363 ll<br>
364 vim internal.properties<br>
365 /etc/ovirt-engine/extensions.d/<br>
366 cd /etc/ovirt-engine/extensions.d/<br>
367 ll<br>
368 cd extensions.d/<br>
369 ll<br>
370 pwd<br>
371 ll<br>
372 cd ..<br>
373 ll<br>
374 cd ..<br>
375 ll<br>
376 cd /etc/ovirt-engine/extensions.d/<br>
377 ll<br>
378 cd extensions.d/<br>
379 ll<br>
380 pwd<br>
381 ll<br>
382 cd ..<br>
383 ll<br>
384 systemctl restart ovirt-engine.service<br>
385 ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-to="2100-01-01 00:00:00Z"<br>
386 ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to="2100-01-01 00:00:00Z"<br>
387 systemctl restart ovirt-engine.service<br>
388 ovirt-aaa-jdbc-tool user password-reset<br>
admin@internal<br>
--password-valid-to="2100-01-01 00:00:00Z"<br>
389 yum install -y<br>
ovirt-engine-extension-aaa-jdbc<br>
390 engine-setup<br>
391 ovirt-aaa-jdbc-tool user show admin<br>
392 ovirt-aaa-jdbc-tool settings show<br>
393 cd /var/log<br>
394 ll<br>
395 cd ovirt-engine<br>
396 ll<br>
397 tail -f n 100 ui.log<br>
398 ll<br>
399 tail -f -n engine.log<br>
400 tail -f -n 1000 engine.log<br>
401 tail -n 5000 engine.log | grep admin@internal<br>
402 ovirt-aaa-jdbc-tool user show admin<br>
403 ovirt-aaa-jdbc-tool user show admin@internal<br>
404 ovirt-aaa-jdbc-tool query --what=user<br>
405 engine-config -s AdminPassword=interactive<br>
406 vim<br>
/etc/ovirt-engine/extension.d/internal-authn.properties<br>
407 vim<br>
/etc/ovirt-engine/extensions.d/internal-authn.properties<br>
408 cd /etc/ovirt-engine/extensions.d/<br>
409 ll<br>
410 vim /etc/ovirt-engine/aaa/internal.properties<br>
411 cd /etc/ovirt-engine/aaa/<br>
412 ll<br>
413 vim internal.properties<br>
414 pwd<br>
415 ovirt-aaa-jdbc-tool user add julian<br>
--attribute=firstName=Julian<br>
--attribute=lastName=Tete<br>
--attribute=email=<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>> <mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a><br>
<mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>>>>><br>
416 ovirt-aaa-jdbc-tool user password-reset<br>
julian<br>
--password-valid-to="2025-08-15 10:30:00Z"<br>
417 history<br>
418 tail -n 5000 engine.log | grep admin@internal<br>
419 tail -n 5000<br>
/var/log/ovirt-engine/engine.log | grep<br>
admin@internal<br>
420 ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-from="2015-10-01 00:00:00Z"<br>
421 ovirt-aaa-jdbc-tool user password-reset<br>
admin --force<br>
--password-valid-to="2100-01-01 00:00:00Z"<br>
422 systemctl restart ovirt-engine.service<br>
423 history<br>
424 ovirt-aaa-jdbc-tool query --what=user<br>
425 updatedb<br>
426 locate internal<br>
427 yum install -y ovirt-engine-cli<br>
428 cd /opt<br>
429 cd /opt/<br>
<br>
<br>
<br>
2016-06-20 13:24 GMT-05:00 Ondra Machacek<br>
<<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>><br>
<mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>>>>>>:<br>
<br>
<br>
<br>
On 06/20/2016 06:36 PM, Julián Tete wrote:<br>
<br>
oVirt: 3.6.2<br>
<br>
Trying to use:<br>
<br>
<br>
<br>
<br>
<a href="https://github.com/machacekondra/ovirt-engine-kerbldap-migration" rel="noreferrer" target="_blank">https://github.com/machacekondra/ovirt-engine-kerbldap-migration</a><br>
<br>
First use:<br>
<br>
engine-manage-domains add<br>
--domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> <<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>><br>
<<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>> --provider=ipa<br>
--user=admin<br>
<br>
--ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>><br>
<br>
<br>
The domain was added, but a I can't<br>
access to the<br>
webadmin portal :/<br>
<br>
I get the message:<br>
<br>
"User is not authorized to perform this<br>
action."<br>
<br>
In ovirt-cli<br>
<br>
[401] - Unauthorized<br>
<br>
tail -n 5000<br>
/var/log/ovirt-engine/engine.log | grep<br>
admin@internal<br>
<br>
2016-06-20 10:52:22,835 ERROR<br>
<br>
<br>
<br>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
(default task-32) [] Correlation ID:<br>
null, Call<br>
Stack:<br>
null, Custom<br>
Event ID: -1, Message: User admin@internal<br>
failed to log in.<br>
2016-06-20 10:52:22,836 WARN<br>
<br>
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]<br>
(default<br>
task-32)<br>
[] CanDoAction of action<br>
'LoginAdminUser' failed<br>
for user<br>
admin@internal. Reasons:<br>
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
2016-06-20 11:00:37,679 ERROR<br>
<br>
<br>
<br>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
(default task-3) [] Correlation ID:<br>
null, Call<br>
Stack: null,<br>
Custom Event<br>
ID: -1, Message: User admin@internal<br>
failed to<br>
log in.<br>
2016-06-20 11:00:37,679 WARN<br>
<br>
[org.ovirt.engine.core.bll.aaa.LoginUserCommand]<br>
(default task-3) []<br>
CanDoAction of action 'LoginUser' failed<br>
for user<br>
admin@internal.<br>
Reasons:<br>
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
2016-06-20 11:01:04,016 ERROR<br>
<br>
<br>
<br>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
(default task-4) [] Correlation ID:<br>
null, Call<br>
Stack: null,<br>
Custom Event<br>
ID: -1, Message: User admin@internal<br>
failed to<br>
log in.<br>
2016-06-20 11:01:04,016 WARN<br>
<br>
[org.ovirt.engine.core.bll.aaa.LoginUserCommand]<br>
(default task-4) []<br>
CanDoAction of action 'LoginUser' failed<br>
for user<br>
admin@internal.<br>
Reasons:<br>
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
<br>
<br>
I am little bit lost, what was your steps,<br>
to get<br>
into this<br>
state,<br>
but it looks that your admin@internal user was<br>
removed SuperUser<br>
permissions, I am really not sure how could<br>
you achieve<br>
that, but to<br>
fix it please run following command:<br>
<br>
$ su - postgres -c "psql -t engine -c<br>
\"insert into<br>
permissions<br>
values ('0000001b-001b-001b-001b-00000000029f',<br>
'00000000-0000-0000-0000-000000000001',<br>
'fdfc627c-d875-11e0-90f0-83df133b58cc',<br>
'aaa00000-0000-0000-0000-123456789aaa', 1);\""<br>
<br>
This command will add your admin@internal<br>
SuperUser<br>
permissions on<br>
system.<br>
<br>
Can you please describe what have you done a bit<br>
more, so we can<br>
understand the problem?<br>
<br>
Thanks.<br>
<br>
<br>
Properties of Internal domain:<br>
<br>
cat<br>
/etc/ovirt-engine/aaa/internal.properties<br>
<br>
<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>> =<br>
internal-authn<br>
ovirt.engine.extension.bindings.method =<br>
jbossmodule<br>
<br>
ovirt.engine.extension.binding.jbossmodule.module =<br>
org.ovirt.engine.extension.aaa.jdbc<br>
<br>
ovirt.engine.extension.binding.jbossmodule.class =<br>
<br>
<br>
<br>
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
ovirt.engine.extension.provides =<br>
org.ovirt.engine.api.extensions.aaa.Authn<br>
<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>> =<br>
internal<br>
ovirt.engine.aaa.authn.authz.plugin =<br>
internal-authz<br>
config.datasource.file =<br>
/etc/ovirt-engine/aaa/internal.properties<br>
<br>
cat<br>
/etc/ovirt-engine/extensions.d/internal-authn.properties<br>
<br>
<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>> =<br>
internal-authn<br>
ovirt.engine.extension.bindings.method =<br>
jbossmodule<br>
<br>
ovirt.engine.extension.binding.jbossmodule.module =<br>
org.ovirt.engine.extension.aaa.jdbc<br>
<br>
ovirt.engine.extension.binding.jbossmodule.class =<br>
<br>
<br>
<br>
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
ovirt.engine.extension.provides =<br>
org.ovirt.engine.api.extensions.aaa.Authn<br>
<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
<br>
<<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>> =<br>
internal<br>
ovirt.engine.aaa.authn.authz.plugin =<br>
internal-authz<br>
config.datasource.file =<br>
/etc/ovirt-engine/aaa/internal.properties<br>
<br>
cat<br>
/etc/ovirt-engine/extensions.d/internal-authz.properties<br>
<br>
<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>><br>
<<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>></blockquote>
</blockquote></div><br></div>