<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Liberation Serif">Hi,</font></p>
<p><font face="Liberation Serif">Thank you very much.</font><br>
</p>
<div class="moz-signature">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 5.0.3.2 (Linux)">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2016-01-05T17:20:50.677541300">
<meta name="created" content="00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:03:26.251763811">
<meta name="created" content="2015-02-21T00:00:00">
<meta name="changedby" content="Anantha Raghava">
<meta name="changed" content="2015-12-20T09:02:11.666821134">
<style type="text/css">
@page { margin: 2cm }
p { margin-bottom: 0.25cm; color: #000000; line-height: 120% }
address { color: #000000 }
a:link { so-language: zxx }
</style>
<p>-- </p>
<p style="margin-bottom: 0cm; line-height: 100%"><font face="Times
New Roman, serif">Thanks
& Regards,</font></p>
<p style="margin-bottom: 0cm; line-height: 100%"><br>
</p>
<address style="line-height: 100%"><font face="Times New Roman,
serif">Anantha
Raghava</font></address>
<address style="line-height: 100%"><font face="Times New Roman,
serif">eXza
Technology Consulting & Services</font></address>
<br>
<p style="margin-bottom: 0cm; line-height: 100%"><font
color="#66cc00"><font face="Times New Roman, serif">Do
not print this e-mail unless required. Save Paper &
trees.</font></font></p>
</div>
<div class="moz-cite-prefix">On Thursday 29 September 2016 11:43 AM,
Ondra Machacek wrote:<br>
</div>
<blockquote
cite="mid:80cf187f-df7d-8def-6862-60b06ddd1af1@redhat.com"
type="cite">Hi,
<br>
<br>
I would suggest you reading this:
<br>
<br>
<br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#sect-User_Authorization">https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#sect-User_Authorization</a>
<br>
<br>
And if you have doubt with anything you can ask here.
<br>
<br>
Ondra
<br>
<br>
On 09/28/2016 05:40 PM, Anantha Raghava wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I am able to add the user to oVirt and assign role. Just to
test, I
<br>
assigned one user as "super user" and I am able to login to
<br>
Administrator Portal.
<br>
<br>
Need to read a bit more about roles and their predefined rights.
Any
<br>
suggestions in this regard?
<br>
<br>
--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
<br>
Do not print this e-mail unless required. Save Paper &
trees.
<br>
<br>
On Wednesday 28 September 2016 03:46 PM, Anantha Raghava wrote:
<br>
<blockquote type="cite">
<br>
Hello Ondra,
<br>
<br>
It's working now. It browses though the directory and fetching
the
<br>
user / group details.
<br>
<br>
Thanks for your quick support.
<br>
<br>
--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
Do not print this e-mail unless required. Save Paper &
trees.
<br>
<br>
On Wednesday 28 September 2016 02:03 PM, Anantha Raghava
wrote:
<br>
<blockquote type="cite">
<br>
Thanks Ondra. Will check this & revert back.
<br>
<br>
--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
Do not print this e-mail unless required. Save Paper &
trees.
<br>
<br>
On Wednesday 28 September 2016 02:02 PM, Ondra Machacek
wrote:
<br>
<blockquote type="cite">Yes, you can. You can use different
profile name and those setups can exist together, or you
can you same name and the aaa-setup-tool will ask you if
you want to override the existing one.
<br>
<br>
----- Anantha Raghava
<a class="moz-txt-link-rfc2396E" href="mailto:raghav@exzatechconsulting.com"><raghav@exzatechconsulting.com></a> wrote:
<br>
<blockquote type="cite">Thanks for quick response Ondra.
<br>
<br>
Before I make another attempt to properly configure, can
I re-execute
<br>
the ovirt aaa ldap setup again without disturbing the
current setup?
<br>
Will that help me to correct the problem?
<br>
<br>
--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
Do not print this e-mail unless required. Save Paper
& trees.
<br>
<br>
On Wednesday 28 September 2016 01:23 PM, Ondra Machacek
wrote:
<br>
<blockquote type="cite">----- Anantha Raghava
<a class="moz-txt-link-rfc2396E" href="mailto:raghav@exzatechconsulting.com"><raghav@exzatechconsulting.com></a> wrote:
<br>
<blockquote type="cite">Hello Ondra
<br>
<br>
Please find the attached file. I have also attached
the setup log file.
<br>
I find the errors & warnings there too. But I am
unable to figure out
<br>
what really went wrong.
<br>
<br>
One more thing, while setting aaa-ldap extension,
since it threw error
<br>
on user DN, did not properly recognise, I used
"anonymous", also did not
<br>
perform the Login Test. Are these the root cause?
<br>
</blockquote>
Yes, it is root cause. Active directory usually has
anonymous bind disabled. You can enter UPN instead of
DN, if you want. In your case it will be something
like <a class="moz-txt-link-abbreviated" href="mailto:vdiadmin@rvce.in">vdiadmin@rvce.in</a>. Please note that AD usually use
CN attribute in DN, not uid attribute, that may be the
problem in your DN.
<br>
<blockquote type="cite">--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
<br>
Do not print this e-mail unless required. Save Paper
& trees.
<br>
<br>
On Wednesday 28 September 2016 12:18 PM, Ondra
Machacek wrote:
<br>
<blockquote type="cite">On 09/28/2016 05:25 AM,
Anantha Raghava wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I am trying to integrate the oVirt Engine with
Active Directory to
<br>
enable user logins. I installed the ovirt ldap
extension and executed
<br>
the setup. The process completed successfully
and the profile is visible
<br>
in engine log in page.
<br>
</blockquote>
Most probably it wasn't successful, because as you
can see in
<br>
screenshot there is no 'namespace', you should see
there something, if
<br>
configuration is correct.
<br>
<br>
Can you please send output of the following
command?
<br>
<br>
$ ovirt-engine-extensions-tool
--log-level=FINEST
<br>
--log-file=/tmp/aaa.log aaa search
--extension-name=domain-authz
<br>
<br>
There should be some ERROR or WARN.
<br>
<br>
Thanks.
<br>
<br>
<blockquote type="cite">Now, when I try to add the
user and assign the roles, it is not allowing
<br>
me to browse through the profile & the user
list. Infact the "GO" button
<br>
gets deactivated as shown in the screenshot.
<br>
<br>
How do I set this right and get the user list?
<br>
<br>
--
<br>
<br>
Thanks & Regards,
<br>
<br>
<br>
Anantha Raghava
<br>
<br>
eXza Technology Consulting & Services
<br>
<br>
<br>
Do not print this e-mail unless required. Save
Paper & trees.
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>