<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>I am able to add the user to oVirt and assign role. Just to test,
I assigned one user as "super user" and I am able to login to
Administrator Portal. <br>
</p>
<p>Need to read a bit more about roles and their predefined rights.
Any suggestions in this regard?<br>
</p>
<div class="moz-signature">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 5.0.3.2 (Linux)">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2016-01-05T17:20:50.677541300">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:03:26.251763811">
<meta name="created" content="2015-02-21T00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:02:11.666821134">
<style type="text/css">
                @page { margin: 2cm }
                p { margin-bottom: 0.25cm; color: #000000; line-height: 120% }
                address { color: #000000 }
                a:link { so-language: zxx }
        </style>
<p>-- </p>
<p style="margin-bottom: 0cm; line-height: 100%"><font face="Times
New Roman, serif">Thanks
& Regards,</font></p>
<p style="margin-bottom: 0cm; line-height: 100%"><br>
</p>
<address style="line-height: 100%"><font face="Times New Roman,
serif">Anantha
Raghava</font></address>
<address style="line-height: 100%"><font face="Times New Roman,
serif">eXza
Technology Consulting & Services</font></address>
<br>
<p style="margin-bottom: 0cm; line-height: 100%"><br>
</p>
<p style="margin-bottom: 0cm; line-height: 100%"><font
color="#66cc00"><font face="Times New Roman, serif">Do
not print this e-mail unless required. Save Paper &
trees.</font></font></p>
</div>
<div class="moz-cite-prefix">On Wednesday 28 September 2016 03:46
PM, Anantha Raghava wrote:<br>
</div>
<blockquote
cite="mid:8b86ecc4-92bb-80be-31cf-721bc89e15fe@exzatechconsulting.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<p><font face="Liberation Serif">Hello Ondra,</font></p>
<p><font face="Liberation Serif">It's working now. It browses
though the directory and fetching the user / group details.</font><br>
</p>
<div class="moz-signature">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 5.0.3.2 (Linux)">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2016-01-05T17:20:50.677541300">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:03:26.251763811">
<meta name="created" content="2015-02-21T00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:02:11.666821134">
<style type="text/css">
                @page { margin: 2cm }
                p { margin-bottom: 0.25cm; color: #000000; line-height: 120% }
                address { color: #000000 }
                a:link { so-language: zxx }
        </style>
<p style="margin-bottom: 0cm">Thanks for your quick support.<br>
</p>
<p>-- </p>
<p style="margin-bottom: 0cm; line-height: 100%"><font
face="Times New Roman, serif">Thanks & Regards,</font></p>
<p style="margin-bottom: 0cm; line-height: 100%"><br>
</p>
<address style="line-height: 100%"><font face="Times New Roman,
serif">Anantha Raghava</font></address>
<address style="line-height: 100%"><font face="Times New Roman,
serif">eXza Technology Consulting & Services</font></address>
<br>
<p style="margin-bottom: 0cm; line-height: 100%"><font
color="#66cc00"><font face="Times New Roman, serif">Do not
print this e-mail unless required. Save Paper & trees.</font></font></p>
</div>
<div class="moz-cite-prefix">On Wednesday 28 September 2016 02:03
PM, Anantha Raghava wrote:<br>
</div>
<blockquote
cite="mid:5d36b2ce-36be-8b7a-e2c8-87da4edc3aa7@exzatechconsulting.com"
type="cite">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type">
<p><font face="Liberation Serif">Thanks Ondra. Will check this
& revert back.</font><br>
</p>
<div class="moz-signature">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 5.0.3.2 (Linux)">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2016-01-05T17:20:50.677541300">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:03:26.251763811">
<meta name="created" content="2015-02-21T00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:02:11.666821134">
<style type="text/css">
                @page { margin: 2cm }
                p { margin-bottom: 0.25cm; color: #000000; line-height: 120% }
                address { color: #000000 }
                a:link { so-language: zxx }
        </style>
<p>-- </p>
<p style="margin-bottom: 0cm; line-height: 100%"><font
face="Times New Roman, serif">Thanks & Regards,</font></p>
<p style="margin-bottom: 0cm; line-height: 100%"><br>
</p>
<address style="line-height: 100%"><font face="Times New
Roman, serif">Anantha Raghava</font></address>
<address style="line-height: 100%"><font face="Times New
Roman, serif">eXza Technology Consulting & Services</font></address>
<br>
<p style="margin-bottom: 0cm; line-height: 100%"><font
color="#66cc00"><font face="Times New Roman, serif">Do not
print this e-mail unless required. Save Paper &
trees.</font></font></p>
</div>
<div class="moz-cite-prefix">On Wednesday 28 September 2016
02:02 PM, Ondra Machacek wrote:<br>
</div>
<blockquote
cite="mid:1653295031.104015.1475051532897.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">Yes, you can. You can use different profile name and those setups can exist together, or you can you same name and the aaa-setup-tool will ask you if you want to override the existing one.
----- Anantha Raghava <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:raghav@exzatechconsulting.com"><raghav@exzatechconsulting.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Thanks for quick response Ondra.
Before I make another attempt to properly configure, can I re-execute
the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?
--
Thanks & Regards,
Anantha Raghava
eXza Technology Consulting & Services
Do not print this e-mail unless required. Save Paper & trees.
On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:
</pre>
<blockquote type="cite">
<pre wrap="">----- Anantha Raghava <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:raghav@exzatechconsulting.com"><raghav@exzatechconsulting.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello Ondra
Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.
One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?
</pre>
</blockquote>
<pre wrap="">Yes, it is root cause. Active directory usually has anonymous bind disabled. You can enter UPN instead of DN, if you want. In your case it will be something like <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:vdiadmin@rvce.in">vdiadmin@rvce.in</a>. Please note that AD usually use CN attribute in DN, not uid attribute, that may be the problem in your DN.
</pre>
<blockquote type="cite">
<pre wrap="">--
Thanks & Regards,
Anantha Raghava
eXza Technology Consulting & Services
Do not print this e-mail unless required. Save Paper & trees.
On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 09/28/2016 05:25 AM, Anantha Raghava wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.
</pre>
</blockquote>
<pre wrap="">Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.
Can you please send output of the following command?
$ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz
There should be some ERROR or WARN.
Thanks.
</pre>
<blockquote type="cite">
<pre wrap="">Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.
How do I set this right and get the user list?
--
Thanks & Regards,
Anantha Raghava
eXza Technology Consulting & Services
Do not print this e-mail unless required. Save Paper & trees.
_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>