From nicola.gentile.to at gmail.com Wed Oct 26 06:01:37 2016
Content-Type: multipart/mixed; boundary="===============4359097896559637073=="
MIME-Version: 1.0
From: nicola.gentile.to <nicola.gentile.to at gmail.com>
To: users at ovirt.org
Subject: [ovirt-users] Ovirt and active directory integration
Date: Wed, 26 Oct 2016 12:01:33 +0200
Message-ID: <e82c267a-f42f-b164-29cc-3227df22fee6@gmail.com>

--===============4359097896559637073==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.
--------------FF431EB5B60D11CD4462F1DF
Content-Type: text/plain; charset=3Diso-8859-15; format=3Dflowed
Content-Transfer-Encoding: 7bit

Hi,
I would like to submit a problem with active directory authentication.
Let me make an introduction.
Actually my infrastructure consists in 1 manager and 2 nodes (version =

4.0.4).
The active directory forest consists in many subdomains.
In the active directory forest there are 2 type of accounts:
-1- normal users, this account is similar to name.surname(a)domain.it
-2- particular users, this account is similar to s123456(a)subdomain.domain=
.it

Important note: the subdomain of the account type 2 is an alias domain =

for example:

         s123456(a)subdomain.domain.it is an alias of s123456(a)domain.it

When I do login from user portal:

- with normal users I login correctly and I can start the vm without problem
- with particular users I login correctly but I can not start the vm =

although I have permissions. To solve this problem I must insert the =

account in the db of ovirt from administration portal in the users tab

I noticed that, with a particular users (s123456(a)subdomain.domain.it), =

the ovirt infrastructure does not automatically insert this account in =

the own db.

Also the subdomain.domain.it is not in the list of the subdomains of the =

forest, perhaps it is for this reason that does not work properly.

I deduced that is an active directory problem (that in not resolvable =

for the complexity of the AD infrastructure), I ask you if exist a =

script for insert of many accounts at one time. Something like:

     script.sh < list-users.txt

where the file lists-users.txt consists of a sequential list of accounts =

like this:

     s000001(a)subdomain.polito.it
     s000002(a)subdomain.polito.it
     s000003(a)subdomain.polito.it
     s000004(a)subdomain.polito.it

Thank you very much for your help

Nicola


--------------FF431EB5B60D11CD4462F1DF
Content-Type: text/html; charset=3Diso-8859-15
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Diso-8=
859-15">
  </head>
  <body bgcolor=3D"#FFFFFF" text=3D"#000000">
    <p><font size=3D"-1">Hi,<br>
        I would like to submit a problem with active directory
        authentication.<br>
        Let me make an introduction.<br>
        Actually my infrastructure consists in 1 manager and 2 nodes
        (version 4.0.4).<br>
        The active directory forest consists in many subdomains.<br>
        In the active directory forest there are 2 type of accounts:<br>
        -1- normal users, this account is similar to
        <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:name.surname(a=
)domain.it">name.surname(a)domain.it</a><br>
        -2- particular users, this account is similar to
        <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:s123456(a)subd=
omain.domain.it">s123456(a)subdomain.domain.it</a><br>
        <br>
        Important note: the subdomain of the account type 2 is an alias
        domain for example:<br>
        <br>
        =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 <a class=3D"moz-txt-link-abbr=
eviated" href=3D"mailto:s123456(a)subdomain.domain.it">s123456(a)subdomain.=
domain.it</a> is an alias of
        <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:s123456(a)doma=
in.it">s123456(a)domain.it</a><br>
        <br>
        When I do login from user portal:<br>
        <br>
        - with normal users I login correctly and I can start the vm
        without problem<br>
        - with particular users I login correctly but I can not start
        the vm although I have permissions. To solve this problem I must
        insert the account in the db of ovirt from administration portal
        in the users tab<br>
        <br>
        I noticed that, with a particular users
        (<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:s123456(a)sub=
domain.domain.it">s123456(a)subdomain.domain.it</a>), the ovirt infrastruct=
ure does not
        automatically insert this account in the own db.<br>
        <br>
        Also the subdomain.domain.it is not in the list of the
        subdomains of the forest, perhaps it is for this reason that
        does not work properly.<br>
        <br>
        I deduced that is an active directory problem (that in not
        resolvable for the complexity of the AD infrastructure), I ask
        you if exist a script for insert of many accounts at one time.
        Something like:<br>
        <br>
        =C2=A0=C2=A0=C2=A0 script.sh &lt; list-users.txt<br>
        <br>
        where the file lists-users.txt consists of a sequential list of
        accounts like this:<br>
        <br>
      </font><font size=3D"-1">=C2=A0=C2=A0=C2=A0 <a class=3D"moz-txt-link-=
abbreviated" href=3D"mailto:s000001(a)subdomain.polito.it">s000001(a)subdom=
ain.polito.it</a></font><br>
      <font size=3D"-1">=C2=A0=C2=A0=C2=A0 <a class=3D"moz-txt-link-abbrevi=
ated" href=3D"mailto:s000002(a)subdomain.polito.it">s000002(a)subdomain.pol=
ito.it</a></font><br>
      <font size=3D"-1">=C2=A0=C2=A0=C2=A0 <a class=3D"moz-txt-link-abbrevi=
ated" href=3D"mailto:s000003(a)subdomain.polito.it">s000003(a)subdomain.pol=
ito.it</a></font><br>
      <font size=3D"-1">=C2=A0=C2=A0=C2=A0 <a class=3D"moz-txt-link-abbrevi=
ated" href=3D"mailto:s000004(a)subdomain.polito.it">s000004(a)subdomain.pol=
ito.it</a></font><br>
      <font size=3D"-1"><br>
        Thank you very much for your help <br>
        <br>
        Nicola</font><br>
    </p>
  </body>
</html>

--------------FF431EB5B60D11CD4462F1DF--

--===============4359097896559637073==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KLS0tLS0tLS0tLS0t
LS1GRjQzMUVCNUI2MEQxMUNENDQ2MkYxREYKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy
c2V0PWlzby04ODU5LTE1OyBmb3JtYXQ9Zmxvd2VkCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6
IDdiaXQKCkhpLApJIHdvdWxkIGxpa2UgdG8gc3VibWl0IGEgcHJvYmxlbSB3aXRoIGFjdGl2ZSBk
aXJlY3RvcnkgYXV0aGVudGljYXRpb24uCkxldCBtZSBtYWtlIGFuIGludHJvZHVjdGlvbi4KQWN0
dWFsbHkgbXkgaW5mcmFzdHJ1Y3R1cmUgY29uc2lzdHMgaW4gMSBtYW5hZ2VyIGFuZCAyIG5vZGVz
ICh2ZXJzaW9uIAo0LjAuNCkuClRoZSBhY3RpdmUgZGlyZWN0b3J5IGZvcmVzdCBjb25zaXN0cyBp
biBtYW55IHN1YmRvbWFpbnMuCkluIHRoZSBhY3RpdmUgZGlyZWN0b3J5IGZvcmVzdCB0aGVyZSBh
cmUgMiB0eXBlIG9mIGFjY291bnRzOgotMS0gbm9ybWFsIHVzZXJzLCB0aGlzIGFjY291bnQgaXMg
c2ltaWxhciB0byBuYW1lLnN1cm5hbWVAZG9tYWluLml0Ci0yLSBwYXJ0aWN1bGFyIHVzZXJzLCB0
aGlzIGFjY291bnQgaXMgc2ltaWxhciB0byBzMTIzNDU2QHN1YmRvbWFpbi5kb21haW4uaXQKCklt
cG9ydGFudCBub3RlOiB0aGUgc3ViZG9tYWluIG9mIHRoZSBhY2NvdW50IHR5cGUgMiBpcyBhbiBh
bGlhcyBkb21haW4gCmZvciBleGFtcGxlOgoKICAgICAgICAgczEyMzQ1NkBzdWJkb21haW4uZG9t
YWluLml0IGlzIGFuIGFsaWFzIG9mIHMxMjM0NTZAZG9tYWluLml0CgpXaGVuIEkgZG8gbG9naW4g
ZnJvbSB1c2VyIHBvcnRhbDoKCi0gd2l0aCBub3JtYWwgdXNlcnMgSSBsb2dpbiBjb3JyZWN0bHkg
YW5kIEkgY2FuIHN0YXJ0IHRoZSB2bSB3aXRob3V0IHByb2JsZW0KLSB3aXRoIHBhcnRpY3VsYXIg
dXNlcnMgSSBsb2dpbiBjb3JyZWN0bHkgYnV0IEkgY2FuIG5vdCBzdGFydCB0aGUgdm0gCmFsdGhv
dWdoIEkgaGF2ZSBwZXJtaXNzaW9ucy4gVG8gc29sdmUgdGhpcyBwcm9ibGVtIEkgbXVzdCBpbnNl
cnQgdGhlIAphY2NvdW50IGluIHRoZSBkYiBvZiBvdmlydCBmcm9tIGFkbWluaXN0cmF0aW9uIHBv
cnRhbCBpbiB0aGUgdXNlcnMgdGFiCgpJIG5vdGljZWQgdGhhdCwgd2l0aCBhIHBhcnRpY3VsYXIg
dXNlcnMgKHMxMjM0NTZAc3ViZG9tYWluLmRvbWFpbi5pdCksIAp0aGUgb3ZpcnQgaW5mcmFzdHJ1
Y3R1cmUgZG9lcyBub3QgYXV0b21hdGljYWxseSBpbnNlcnQgdGhpcyBhY2NvdW50IGluIAp0aGUg
b3duIGRiLgoKQWxzbyB0aGUgc3ViZG9tYWluLmRvbWFpbi5pdCBpcyBub3QgaW4gdGhlIGxpc3Qg
b2YgdGhlIHN1YmRvbWFpbnMgb2YgdGhlIApmb3Jlc3QsIHBlcmhhcHMgaXQgaXMgZm9yIHRoaXMg
cmVhc29uIHRoYXQgZG9lcyBub3Qgd29yayBwcm9wZXJseS4KCkkgZGVkdWNlZCB0aGF0IGlzIGFu
IGFjdGl2ZSBkaXJlY3RvcnkgcHJvYmxlbSAodGhhdCBpbiBub3QgcmVzb2x2YWJsZSAKZm9yIHRo
ZSBjb21wbGV4aXR5IG9mIHRoZSBBRCBpbmZyYXN0cnVjdHVyZSksIEkgYXNrIHlvdSBpZiBleGlz
dCBhIApzY3JpcHQgZm9yIGluc2VydCBvZiBtYW55IGFjY291bnRzIGF0IG9uZSB0aW1lLiBTb21l
dGhpbmcgbGlrZToKCiAgICAgc2NyaXB0LnNoIDwgbGlzdC11c2Vycy50eHQKCndoZXJlIHRoZSBm
aWxlIGxpc3RzLXVzZXJzLnR4dCBjb25zaXN0cyBvZiBhIHNlcXVlbnRpYWwgbGlzdCBvZiBhY2Nv
dW50cyAKbGlrZSB0aGlzOgoKICAgICBzMDAwMDAxQHN1YmRvbWFpbi5wb2xpdG8uaXQKICAgICBz
MDAwMDAyQHN1YmRvbWFpbi5wb2xpdG8uaXQKICAgICBzMDAwMDAzQHN1YmRvbWFpbi5wb2xpdG8u
aXQKICAgICBzMDAwMDA0QHN1YmRvbWFpbi5wb2xpdG8uaXQKClRoYW5rIHlvdSB2ZXJ5IG11Y2gg
Zm9yIHlvdXIgaGVscAoKTmljb2xhCgoKLS0tLS0tLS0tLS0tLS1GRjQzMUVCNUI2MEQxMUNENDQ2
MkYxREYKQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMTUKQ29udGVu
dC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdAoKPGh0bWw+CiAgPGhlYWQ+CgogICAgPG1ldGEgaHR0
cC1lcXVpdj0iY29udGVudC10eXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4
NTktMTUiPgogIDwvaGVhZD4KICA8Ym9keSBiZ2NvbG9yPSIjRkZGRkZGIiB0ZXh0PSIjMDAwMDAw
Ij4KICAgIDxwPjxmb250IHNpemU9Ii0xIj5IaSw8YnI+CiAgICAgICAgSSB3b3VsZCBsaWtlIHRv
IHN1Ym1pdCBhIHByb2JsZW0gd2l0aCBhY3RpdmUgZGlyZWN0b3J5CiAgICAgICAgYXV0aGVudGlj
YXRpb24uPGJyPgogICAgICAgIExldCBtZSBtYWtlIGFuIGludHJvZHVjdGlvbi48YnI+CiAgICAg
ICAgQWN0dWFsbHkgbXkgaW5mcmFzdHJ1Y3R1cmUgY29uc2lzdHMgaW4gMSBtYW5hZ2VyIGFuZCAy
IG5vZGVzCiAgICAgICAgKHZlcnNpb24gNC4wLjQpLjxicj4KICAgICAgICBUaGUgYWN0aXZlIGRp
cmVjdG9yeSBmb3Jlc3QgY29uc2lzdHMgaW4gbWFueSBzdWJkb21haW5zLjxicj4KICAgICAgICBJ
biB0aGUgYWN0aXZlIGRpcmVjdG9yeSBmb3Jlc3QgdGhlcmUgYXJlIDIgdHlwZSBvZiBhY2NvdW50
czo8YnI+CiAgICAgICAgLTEtIG5vcm1hbCB1c2VycywgdGhpcyBhY2NvdW50IGlzIHNpbWlsYXIg
dG8KICAgICAgICA8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWls
dG86bmFtZS5zdXJuYW1lQGRvbWFpbi5pdCI+bmFtZS5zdXJuYW1lQGRvbWFpbi5pdDwvYT48YnI+
CiAgICAgICAgLTItIHBhcnRpY3VsYXIgdXNlcnMsIHRoaXMgYWNjb3VudCBpcyBzaW1pbGFyIHRv
CiAgICAgICAgPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRv
OnMxMjM0NTZAc3ViZG9tYWluLmRvbWFpbi5pdCI+czEyMzQ1NkBzdWJkb21haW4uZG9tYWluLml0
PC9hPjxicj4KICAgICAgICA8YnI+CiAgICAgICAgSW1wb3J0YW50IG5vdGU6IHRoZSBzdWJkb21h
aW4gb2YgdGhlIGFjY291bnQgdHlwZSAyIGlzIGFuIGFsaWFzCiAgICAgICAgZG9tYWluIGZvciBl
eGFtcGxlOjxicj4KICAgICAgICA8YnI+CiAgICAgICAgoKCgIKCgoCA8YSBjbGFzcz0ibW96LXR4
dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWlsdG86czEyMzQ1NkBzdWJkb21haW4uZG9tYWlu
Lml0Ij5zMTIzNDU2QHN1YmRvbWFpbi5kb21haW4uaXQ8L2E+IGlzIGFuIGFsaWFzIG9mCiAgICAg
ICAgPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRvOnMxMjM0
NTZAZG9tYWluLml0Ij5zMTIzNDU2QGRvbWFpbi5pdDwvYT48YnI+CiAgICAgICAgPGJyPgogICAg
ICAgIFdoZW4gSSBkbyBsb2dpbiBmcm9tIHVzZXIgcG9ydGFsOjxicj4KICAgICAgICA8YnI+CiAg
ICAgICAgLSB3aXRoIG5vcm1hbCB1c2VycyBJIGxvZ2luIGNvcnJlY3RseSBhbmQgSSBjYW4gc3Rh
cnQgdGhlIHZtCiAgICAgICAgd2l0aG91dCBwcm9ibGVtPGJyPgogICAgICAgIC0gd2l0aCBwYXJ0
aWN1bGFyIHVzZXJzIEkgbG9naW4gY29ycmVjdGx5IGJ1dCBJIGNhbiBub3Qgc3RhcnQKICAgICAg
ICB0aGUgdm0gYWx0aG91Z2ggSSBoYXZlIHBlcm1pc3Npb25zLiBUbyBzb2x2ZSB0aGlzIHByb2Js
ZW0gSSBtdXN0CiAgICAgICAgaW5zZXJ0IHRoZSBhY2NvdW50IGluIHRoZSBkYiBvZiBvdmlydCBm
cm9tIGFkbWluaXN0cmF0aW9uIHBvcnRhbAogICAgICAgIGluIHRoZSB1c2VycyB0YWI8YnI+CiAg
ICAgICAgPGJyPgogICAgICAgIEkgbm90aWNlZCB0aGF0LCB3aXRoIGEgcGFydGljdWxhciB1c2Vy
cwogICAgICAgICg8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWls
dG86czEyMzQ1NkBzdWJkb21haW4uZG9tYWluLml0Ij5zMTIzNDU2QHN1YmRvbWFpbi5kb21haW4u
aXQ8L2E+KSwgdGhlIG92aXJ0IGluZnJhc3RydWN0dXJlIGRvZXMgbm90CiAgICAgICAgYXV0b21h
dGljYWxseSBpbnNlcnQgdGhpcyBhY2NvdW50IGluIHRoZSBvd24gZGIuPGJyPgogICAgICAgIDxi
cj4KICAgICAgICBBbHNvIHRoZSBzdWJkb21haW4uZG9tYWluLml0IGlzIG5vdCBpbiB0aGUgbGlz
dCBvZiB0aGUKICAgICAgICBzdWJkb21haW5zIG9mIHRoZSBmb3Jlc3QsIHBlcmhhcHMgaXQgaXMg
Zm9yIHRoaXMgcmVhc29uIHRoYXQKICAgICAgICBkb2VzIG5vdCB3b3JrIHByb3Blcmx5Ljxicj4K
ICAgICAgICA8YnI+CiAgICAgICAgSSBkZWR1Y2VkIHRoYXQgaXMgYW4gYWN0aXZlIGRpcmVjdG9y
eSBwcm9ibGVtICh0aGF0IGluIG5vdAogICAgICAgIHJlc29sdmFibGUgZm9yIHRoZSBjb21wbGV4
aXR5IG9mIHRoZSBBRCBpbmZyYXN0cnVjdHVyZSksIEkgYXNrCiAgICAgICAgeW91IGlmIGV4aXN0
IGEgc2NyaXB0IGZvciBpbnNlcnQgb2YgbWFueSBhY2NvdW50cyBhdCBvbmUgdGltZS4KICAgICAg
ICBTb21ldGhpbmcgbGlrZTo8YnI+CiAgICAgICAgPGJyPgogICAgICAgIKCgoCBzY3JpcHQuc2gg
Jmx0OyBsaXN0LXVzZXJzLnR4dDxicj4KICAgICAgICA8YnI+CiAgICAgICAgd2hlcmUgdGhlIGZp
bGUgbGlzdHMtdXNlcnMudHh0IGNvbnNpc3RzIG9mIGEgc2VxdWVudGlhbCBsaXN0IG9mCiAgICAg
ICAgYWNjb3VudHMgbGlrZSB0aGlzOjxicj4KICAgICAgICA8YnI+CiAgICAgIDwvZm9udD48Zm9u
dCBzaXplPSItMSI+oKCgIDxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9
Im1haWx0bzpzMDAwMDAxQHN1YmRvbWFpbi5wb2xpdG8uaXQiPnMwMDAwMDFAc3ViZG9tYWluLnBv
bGl0by5pdDwvYT48L2ZvbnQ+PGJyPgogICAgICA8Zm9udCBzaXplPSItMSI+oKCgIDxhIGNsYXNz
PSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Im1haWx0bzpzMDAwMDAyQHN1YmRvbWFp
bi5wb2xpdG8uaXQiPnMwMDAwMDJAc3ViZG9tYWluLnBvbGl0by5pdDwvYT48L2ZvbnQ+PGJyPgog
ICAgICA8Zm9udCBzaXplPSItMSI+oKCgIDxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0
ZWQiIGhyZWY9Im1haWx0bzpzMDAwMDAzQHN1YmRvbWFpbi5wb2xpdG8uaXQiPnMwMDAwMDNAc3Vi
ZG9tYWluLnBvbGl0by5pdDwvYT48L2ZvbnQ+PGJyPgogICAgICA8Zm9udCBzaXplPSItMSI+oKCg
IDxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Im1haWx0bzpzMDAwMDA0
QHN1YmRvbWFpbi5wb2xpdG8uaXQiPnMwMDAwMDRAc3ViZG9tYWluLnBvbGl0by5pdDwvYT48L2Zv
bnQ+PGJyPgogICAgICA8Zm9udCBzaXplPSItMSI+PGJyPgogICAgICAgIFRoYW5rIHlvdSB2ZXJ5
IG11Y2ggZm9yIHlvdXIgaGVscCA8YnI+CiAgICAgICAgPGJyPgogICAgICAgIE5pY29sYTwvZm9u
dD48YnI+CiAgICA8L3A+CiAgPC9ib2R5Pgo8L2h0bWw+CgotLS0tLS0tLS0tLS0tLUZGNDMxRUI1
QjYwRDExQ0Q0NDYyRjFERi0tCg==

--===============4359097896559637073==--

From omachace at redhat.com Wed Oct 26 13:43:10 2016
Content-Type: multipart/mixed; boundary="===============0837782923808233169=="
MIME-Version: 1.0
From: Ondra Machacek <omachace at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] Ovirt and active directory integration
Date: Wed, 26 Oct 2016 19:43:07 +0200
Message-ID: <eff3bbcd-b9b3-2433-32bd-d135a8ee2cd6@redhat.com>
In-Reply-To: e82c267a-f42f-b164-29cc-3227df22fee6@gmail.com

--===============0837782923808233169==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 10/26/2016 12:01 PM, nicola.gentile.to wrote:
> Hi,
> I would like to submit a problem with active directory authentication.
> Let me make an introduction.
> Actually my infrastructure consists in 1 manager and 2 nodes (version
> 4.0.4).
> The active directory forest consists in many subdomains.
> In the active directory forest there are 2 type of accounts:
> -1- normal users, this account is similar to name.surname(a)domain.it
> -2- particular users, this account is similar to s123456(a)subdomain.doma=
in.it
>
> Important note: the subdomain of the account type 2 is an alias domain
> for example:
>
>         s123456(a)subdomain.domain.it is an alias of s123456(a)domain.it
>
> When I do login from user portal:
>
> - with normal users I login correctly and I can start the vm without prob=
lem
> - with particular users I login correctly but I can not start the vm
> although I have permissions. To solve this problem I must insert the
> account in the db of ovirt from administration portal in the users tab
>
> I noticed that, with a particular users (s123456(a)subdomain.domain.it),
> the ovirt infrastructure does not automatically insert this account in
> the own db.

We do not insert those users in database only in case they are member
of group which is added in system. But once you log in with this user
it should inherit all permissions of the group which is member of.

So can you please double check the group which those users are members
has appropriate permissions to start the VM?

You can also see what groups are resolved by oVirt engine to specific =

user by running following command:

  $ ovirt-engine-extensions-tool aaa login-user =

--user-name=3Ds123456(a)subdomain.domain.it --profile=3Ddomain.it

You could also hit this bug:

  https://bugzilla.redhat.com/show_bug.cgi?id=3D1336707

What's the groups scopes?

>
> Also the subdomain.domain.it is not in the list of the subdomains of the
> forest, perhaps it is for this reason that does not work properly.
>
> I deduced that is an active directory problem (that in not resolvable
> for the complexity of the AD infrastructure), I ask you if exist a
> script for insert of many accounts at one time. Something like:
>
>     script.sh < list-users.txt

Something like this[1] should work for you. I didn't test it. Note it =

uses oVirt Python SDK version4. Which can be downloaded from pip as follows:

  pip install ovirt-engine-sdk-python


But I wouldn't do it and would rather find the root cause as I think =

this is issue on oVirt side.

[1] https://paste.fedoraproject.org/461499/

>
> where the file lists-users.txt consists of a sequential list of accounts
> like this:
>
>     s000001(a)subdomain.polito.it
>     s000002(a)subdomain.polito.it
>     s000003(a)subdomain.polito.it
>     s000004(a)subdomain.polito.it
>
> Thank you very much for your help
>
> Nicola
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

--===============0837782923808233169==--