<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <span dir="ltr"><<a href="mailto:baptiste.agasse@lyra-network.com" target="_blank">baptiste.agasse@lyra-network.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Ondra,<br>
<br>
----- Le 24 Oct 16, à 10:36, Ondra Machacek <a href="mailto:omachace@redhat.com">omachace@redhat.com</a> a écrit :<br>
<br>
> On 10/21/2016 12:00 PM, Baptiste Agasse wrote:<br>
>> Hi all,<br>
>><br>
>> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was<br>
>> configured via the 'ovirt-engine-extension-aaa-<wbr>ldap-setup' command. The<br>
>> authentication works fine, but in the webui, when you go on the 'Active User<br>
>> Sessions', all users uuid is showed as '00000000-0000-0000-0000-<wbr>000000000000'.<br>
>> Other problem, maybe related, when a user create a VM, by default a permission<br>
>> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see<br>
>> a line with no value for User, Authorization provider, Namespace. The only<br>
>> value set on this line is the role (UserVmManager in that case). When we try to<br>
>> remove this line, an exception occurs in the webui that prevent deletion of<br>
>> this line.<br>
><br>
> I've never see such issue with FreeIPA. Can you please share what's<br>
> your IPA version?<br>
><br>
> Can you also please share the log of error which occurs, when you try<br>
> to remove the permission?<br>
<br>
We have multiple ovirt envs, all ovirt version are the same as described, but FreeIPA servers are in different versions on these envs. We have one env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.<wbr>centos.x86_64) and the other on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.<wbr>centos.6.1.x86_64). The both envs have the same problem. On our envs, the role mapping in oVirt is done on user groups and not on individual users.<br>
<br>
For the permission problem, the problem only occurs when the VM is created via the user webui. Creating VM with API or admin webui is OK. When we try to remove the permission, an UI exception occurs and no logs on the engine.log side. I've attached screenshots and ui.log.<br></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Unfortunately by default UI code is obfuscated, so we cannot find exact issue. Could you please perform following steps and send us new ui.log?<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">1. Install UI debug packages<br> yum install ovirt-engine-webadmin-portal-debuginfo ovirt-engine-userportal-debuginfo</div> <br><br><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">2. Restart ovirt-engine<br></div><div style="font-family:arial,helvetica,sans-serif" class="gmail_default"> systemctl restart ovirt-engine<br><br></div><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">3. Reproduce the error and share up-to-date ui.log with use<br><br></div><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">If needed more info about UI logs can be found at <a href="http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/">http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/</a><br><br></div><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">Thanks<br><br></div><div style="font-family:arial,helvetica,sans-serif" class="gmail_default">Martin Perina<br></div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
><br>
>><br>
>> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)<br>
>><br>
>> Someone hit the same problem ?<br>
>><br>
>> Have a nice day.<br>
>><br>
>> Regards.<br>
<br>
Regards.<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
--<br>
Baptiste AGASSE<br>
</font></span><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>