<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 5, 2017 at 10:13 PM, Michael Watters <span dir="ltr"><<a href="mailto:wattersm@watters.ws" target="_blank">wattersm@watters.ws</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I actually reran the ovirt-engine-extension-aaa-<wbr>ldap-setup tool and was<br>
able to login and complete a search successfully but doing the same<br>
thing in the engine UI fails. <br>
<br>
Here's the configuration from the .properties file.<br>
<br>
include = <ad.properties><br>
<br>
vars.domain = <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
vars.user = <a href="mailto:ldapuser@example.com">ldapuser@example.com</a><br>
vars.password = password<br>
<br>
pool.default.auth.simple.<wbr>bindDN = ${global:vars.user}<br>
pool.default.auth.simple.<wbr>password = ${global:vars.password}<br>
pool.default.serverset.type = srvrecord<br>
pool.default.serverset.<wbr>srvrecord.domain = ${global:vars.domain}<br>
pool.default.ssl.startTLS = true<br>
<br>
engine logs show this error. Is this a bug? I don't remember entering<br>
a trailing space anywhere during setup.<br></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Hmm, could you please try execute following commands with the same username as you have used to login to webui?<br><br><span class="gmail-il"> ovirt</span>-<span class="gmail-il">engine</span>-<span class="gmail-il">extensions</span>-<span class="gmail-il">tool</span> <span class="gmail-il">aaa</span> login-user --log-level=FINEST --profile=<YOUR PROFILE> --user-name=<USERNAME><br><br><span><span><span class="gmail-il"> ovirt</span>-<span class="gmail-il">engine</span>-<span class="gmail-il">extensions</span>-<span class="gmail-il">tool</span> <span class="gmail-il">aaa</span> <span class="gmail-il">search</span> --log-level=FINEST --extension-name=<YOUR AUTHZ NAME> --entity-name=<USERNAME></span></span><br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Thanks<br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default"></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
2017-10-05 14:17:38,156-04 ERROR<br>
[org.ovirt.engine.core.sso.<wbr>utils.SsoUtils] (default task-354) []<br>
OAuthException server_error: java.text.ParseException: Invalid character<br>
' ' encountered.<br>
2017-10-05 14:20:03,229-04 ERROR<br>
[org.ovirt.engine.core.sso.<wbr>utils.SsoUtils] (default task-38) []<br>
OAuthException server_error: java.text.ParseException: Invalid character<br>
' ' encountered.<br>
2017-10-05 14:22:24,691-04 ERROR<br>
[org.ovirt.engine.core.aaa.<wbr>servlet.SsoPostLoginServlet] (default<br>
task-185) [] The user username@example.com@<a href="http://example.com" rel="noreferrer" target="_blank">example.<wbr>com</a> is not authorized<br>
to perform login<br>
<br>
<br>
<br>
On 10/05/2017 03:29 PM, Martin Perina wrote:<br>
> Hi,<br>
><br>
> it seems that you have an error in your aaa-ldap configuration. Could you<br>
> please share your engine.log and your aaa-ldap configuration?<br>
><br>
> Thanks<br>
><br>
> Martin Perina<br>
><br>
><br>
> On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters <<a href="mailto:wattersm@watters.ws">wattersm@watters.ws</a>> wrote:<br>
><br>
>> I'm having some issues granting permissions to AD users in ovirt-engine<br>
>> 4.1. Users can log in but receive an error as below.<br>
>> The user user@example.com@<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> is not authorized to perform login<br>
>><br>
>> I am also not able to grant this user any permissions through the admin<br>
>> console. Entering a user name in the search field for the System<br>
>> Permissions section results in a blank list. Attached is a screenshot for<br>
>> reference.<br>
>><br>
>> Does anybody have an idea on what would cause this? The log files aren't<br>
>> very useful and don't show any errors.<br>
>><br>
>> ______________________________<wbr>_________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
>> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
>><br>
>><br>
<br>
</blockquote></div><br></div></div>